| |
| |||||||
Log-Analyse und Auswertung: Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlosWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.11.2011, 23:25
| #1 |
| |  Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Nach fast 10Jahren ohne virenscanner oder firewall im netz bei fast 1000+ Seiten täglich hab ich mir doch zum ersten mal was eingefangen, und dann auch noch was fieses. die freeware version von Emi Anti Malware Bedankt sich für die nutztung mit einem Bluescreen (zumindest wenn man nach rootkits sucht), die Windows Firewall lässt sich nicht mehr aktivieren, Die meisten meiner Programme + desktop + startmenü waren komplett deaktiviert oder unsichtbar, eine Scareware wollte Geld für das entfernen haben (ja klar aber sicher ....) und google öffnet ab und an andere links als die auf die ich klicke... Ich hab nun fast alles von Hand wiederhergestellt.Die Scareware is runter, die Dateien wieder sichtbar, etc... Übrig ist die kaputte Windows Firewall und das Problem mit Google. Sobald das problem loslegt wird Google merklich langsamer und javscript funktioniert nicht mehr auf der Seite (ich kann z.b. nicht mehr auf "Safesearch" klicken (kein effekt), dann öffnen sich über eine Weiterleitung verscheidenen Seiten auf die ich definitiv nicht geklickt habe (aber immer nur eine pro klick) Das tritt sehr unregelmäßig auf, aber oft genug um zu stören. hier mein log Code:
ATTFilter OTL logfile created on: 29.11.2011 22:49:03 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = E:\LiedvonEisundFeuer 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,30% Memory free 15,96 Gb Paging File | 14,35 Gb Available in Paging File | 89,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,69 Gb Total Space | 10,01 Gb Free Space | 8,96% Space Free | Partition Type: NTFS Drive D: | 931,51 Gb Total Space | 274,30 Gb Free Space | 29,45% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 434,23 Gb Free Space | 46,62% Space Free | Partition Type: NTFS Computer Name: DEEPTHOUGHT | User Name: Clash | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.29 22:45:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\LiedvonEisundFeuer\OTL.exe PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2011.11.29 00:10:36 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll MOD - [2011.11.29 00:10:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll MOD - [2011.11.28 20:37:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll MOD - [2011.11.28 20:36:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.11.28 20:36:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.11.28 20:36:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.11.28 20:36:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.11.28 20:36:40 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.11.28 20:36:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.11.28 20:36:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.01.19 02:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll MOD - [2010.11.21 07:21:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.11.29 21:13:37 | 002,996,784 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.10.17 10:40:10 | 000,131,912 | ---- | M] (Desura Pty Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service) SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient) SRV - [2011.08.22 14:17:02 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2011.08.15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2011.08.03 18:42:24 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011.06.07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.10.15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011.08.22 14:17:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas) DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.05.16 17:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp) DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9F2.tmp -- (MEMSWEEP2) DRV:64bit: - [2011.05.10 16:02:53 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305) DRV:64bit: - [2011.05.10 15:59:41 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp) DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2011.01.27 19:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser) DRV:64bit: - [2011.01.27 19:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm) DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger) DRV:64bit: - [2010.01.27 16:25:42 | 001,584,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.11.11 16:41:04 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=avbr [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 55 C1 65 24 0F CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = my.daemon-search.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.rememberthemilk.com/home/clash666/#section.tasks|hxxp://vrr.de/de/fahrplanauskunft/index.html|hxxp://www.google.com/webhp|hxxp://www.wahlrecht.de/umfragen/index.htm|hxxp://news.google.com/news?pz=1&cf=all&ned=de&ict=ln|https://www.rememberthemilk.com/home/clash666/#section.tasks" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.17 01:47:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.17 01:47:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 02:43:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.08 21:56:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M] [2011.05.10 17:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions [2011.05.04 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.28 22:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions [2011.09.09 15:20:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2011.10.04 10:50:16 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.11.19 12:03:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.08.25 20:52:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\foxmarks@kei.com [2011.10.16 03:42:30 | 000,002,407 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml [2011.04.28 23:43:05 | 000,002,101 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\googlede.xml [2011.11.08 02:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.29 21:00:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{5355BE22-20F5-11DC-8314-0800200C9A66}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{B2509CD4-17CD-45ED-8146-A82AF038F493}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\OPENWITH@DARKTROJAN.NET.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI () (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI [2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.11.28 18:59:19 | 000,441,530 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info O1 - Hosts: 15180 more lines... O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [ASRockXTU] File not found O4 - HKCU..\Run: [zASRockInstantBoot] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E3FA767-F4EF-4953-9AFE-56CC3C15E348}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96634769-7F6E-46D0-B872-EDEE345DECA0}: DhcpNameServer = 80.67.0.2 91.213.246.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ASRSetup.exe O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\start.exe O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^Clash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe () MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe () MsConfig:64bit - StartUpReg: Desura - hkey= - key= - C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: FileZilla Server Interface - hkey= - key= - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project) MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin) MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Clash\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) MsConfig:64bit - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: Nuance PDF Reader-reminder - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: StartNowToolbarHelper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: XFastUsb - hkey= - key= - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.) MsConfig:64bit - StartUpReg: yEfRqQhDUGAmlI.exe - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.11.29 21:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.29 21:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.11.29 21:44:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2011.11.29 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.11.29 21:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Anti-Malware [2011.11.29 20:35:12 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Gaslamp Games [2011.11.29 19:41:46 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe [2011.11.29 19:41:46 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe [2011.11.29 19:41:46 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe [2011.11.29 19:41:46 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe [2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe [2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe [2011.11.29 19:41:46 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe [2011.11.29 19:41:46 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe [2011.11.29 19:41:46 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe [2011.11.29 19:41:46 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe [2011.11.29 19:41:46 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe [2011.11.29 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\Clash\Neuer Ordner [2011.11.29 18:29:10 | 000,000,000 | ---D | C] -- C:\mingw [2011.11.29 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\codeblocks [2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks [2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks [2011.11.29 17:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks [2011.11.29 04:46:23 | 000,000,000 | ---D | C] -- C:\Wascana [2011.11.29 03:39:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wascana [2011.11.29 03:07:56 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys [2011.11.29 03:07:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\WIN7 [2011.11.28 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Malwarebytes [2011.11.28 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.28 22:00:34 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.11.28 21:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2011.11.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Clash\Pavark [2011.11.28 21:29:42 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Wolframs von Eschenbach - Parzival CD1 [2011.11.28 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.3 [2011.11.28 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim [2011.11.28 17:07:39 | 000,000,000 | ---D | C] -- C:\msys [2011.11.28 17:06:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW [2011.11.28 16:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW [2011.11.28 15:47:53 | 000,000,000 | ---D | C] -- C:\cPlusPlus [2011.11.28 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Nokia [2011.11.28 15:39:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Nokia [2011.11.26 02:33:39 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Orcs Must Die [2011.11.26 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Crayon Physics Deluxe [2011.11.26 02:27:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe [2011.11.23 16:30:43 | 145,320,383 | ---- | C] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe [2011.11.23 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\jongliernacht [2011.11.21 22:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2011.11.21 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware [2011.11.21 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware [2011.11.19 17:23:50 | 000,000,000 | ---D | C] -- C:\wp-smushit [2011.11.16 19:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies [2011.11.12 12:57:10 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Skyrim [2011.11.11 20:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eclipse PHP [2011.11.07 21:33:46 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Neuer Ordner (2) [2011.11.06 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\.purple [2011.11.02 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Mumble [2011.11.01 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\test [2011.11.01 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble [2011.11.01 21:29:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\dsa [2011.11.01 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\brain [2011.10.31 19:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.29 22:47:49 | 001,650,748 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.29 22:47:49 | 000,710,810 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.29 22:47:49 | 000,663,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.29 22:47:49 | 000,153,902 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.29 22:47:49 | 000,125,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.29 22:43:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.29 22:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.29 22:43:28 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys [2011.11.29 22:42:17 | 000,000,020 | ---- | M] () -- C:\Users\Clash\defogger_reenable [2011.11.29 22:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.29 22:25:42 | 000,842,122 | ---- | M] () -- C:\Users\Clash\AppData\Local\census.cache [2011.11.29 22:25:35 | 000,100,710 | ---- | M] () -- C:\Users\Clash\AppData\Local\ars.cache [2011.11.29 22:20:31 | 000,000,036 | ---- | M] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache [2011.11.29 21:55:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job [2011.11.29 21:53:08 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.29 21:04:34 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2011.11.29 19:46:53 | 000,001,272 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg [2011.11.29 18:29:30 | 000,001,480 | ---- | M] () -- C:\Users\Clash\Desktop\MSYS.lnk [2011.11.29 18:29:30 | 000,000,044 | ---- | M] () -- C:\Windows\MSYS.INI [2011.11.29 17:26:44 | 000,001,099 | ---- | M] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk [2011.11.29 17:06:51 | 000,000,766 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk [2011.11.29 04:46:38 | 000,001,640 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk [2011.11.29 04:46:38 | 000,000,730 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk [2011.11.29 03:09:43 | 000,147,860 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl [2011.11.29 03:09:42 | 000,000,954 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi [2011.11.29 03:09:42 | 000,000,893 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini [2011.11.29 03:09:42 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2011.11.29 02:55:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job [2011.11.28 20:48:53 | 000,012,288 | -H-- | M] () -- C:\Windows\SysWow64\_.swp [2011.11.28 20:48:53 | 000,001,026 | ---- | M] () -- C:\Users\Clash\_viminfo [2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk [2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk [2011.11.28 20:43:33 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\gVim 7.3.lnk [2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gvimdiff.bat [2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gview.bat [2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\evim.bat [2011.11.28 20:43:33 | 000,000,985 | ---- | M] () -- C:\Windows\gvim.bat [2011.11.28 20:43:33 | 000,000,694 | ---- | M] () -- C:\Windows\vimtutor.bat [2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\vimdiff.bat [2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\view.bat [2011.11.28 20:43:33 | 000,000,664 | ---- | M] () -- C:\Windows\vim.bat [2011.11.28 20:36:18 | 005,006,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.28 20:30:22 | 001,627,706 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.11.28 19:32:40 | 000,000,930 | ---- | M] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk [2011.11.28 19:09:44 | 000,001,093 | ---- | M] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk [2011.11.28 18:59:19 | 000,441,530 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.11.28 18:57:29 | 000,001,266 | ---- | M] () -- C:\Users\Clash\Desktop\Spybot - Search & Destroy.lnk [2011.11.24 15:44:39 | 023,042,284 | ---- | M] () -- C:\Users\Clash\Desktop\hogy.7z [2011.11.23 16:34:54 | 000,040,538 | ---- | M] () -- C:\Windows\unins000.dat [2011.11.23 16:34:26 | 001,202,763 | ---- | M] () -- C:\Windows\unins000.exe [2011.11.23 15:42:11 | 000,096,182 | ---- | M] () -- C:\Users\Clash\Desktop\sp-Holger.jpg [2011.11.22 19:56:01 | 000,000,600 | ---- | M] () -- C:\Users\Clash\AppData\Local\PUTTY.RND [2011.11.21 19:26:52 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.11.21 19:08:40 | 000,733,363 | ---- | M] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg [2011.11.20 18:24:43 | 000,611,275 | ---- | M] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg [2011.11.16 19:41:04 | 145,320,383 | ---- | M] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe [2011.11.14 18:12:55 | 137,701,577 | ---- | M] () -- C:\EasyPHP.zip [2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.11.11 20:02:59 | 000,001,151 | ---- | M] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk [2011.11.11 12:07:29 | 000,000,036 | ---- | M] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId [2011.11.08 14:51:33 | 000,092,823 | ---- | M] () -- C:\Users\Clash\Desktop\123.PNG [2011.11.07 15:03:23 | 000,012,800 | ---- | M] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf [2011.11.06 21:00:41 | 000,035,221 | ---- | M] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg [2011.11.02 22:14:11 | 000,002,384 | ---- | M] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12 [2011.11.02 01:28:47 | 000,003,642 | ---- | M] () -- C:\Users\Clash\Desktop\wp-config.php [2011.11.01 12:13:54 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs [4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.11.29 22:42:17 | 000,000,020 | ---- | C] () -- C:\Users\Clash\defogger_reenable [2011.11.29 22:25:42 | 000,842,122 | ---- | C] () -- C:\Users\Clash\AppData\Local\census.cache [2011.11.29 22:25:35 | 000,100,710 | ---- | C] () -- C:\Users\Clash\AppData\Local\ars.cache [2011.11.29 22:20:31 | 000,000,036 | ---- | C] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache [2011.11.29 21:53:08 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.11.29 21:04:34 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2011.11.29 19:43:48 | 000,001,272 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg [2011.11.29 19:41:46 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe [2011.11.29 19:41:46 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe [2011.11.29 19:41:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe [2011.11.29 18:18:12 | 000,324,096 | ---- | C] () -- C:\Windows\SDL.dll [2011.11.29 17:26:44 | 000,001,099 | ---- | C] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk [2011.11.29 17:06:51 | 000,000,766 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk [2011.11.29 04:01:15 | 000,324,096 | ---- | C] () -- C:\Windows\SysNative\SDL.dll [2011.11.29 03:39:54 | 000,001,640 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk [2011.11.29 03:39:54 | 000,000,730 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk [2011.11.29 03:07:56 | 000,049,152 | ---- | C] () -- C:\Users\Clash\Desktop\Setup.exe [2011.11.29 03:07:56 | 000,000,117 | ---- | C] () -- C:\Users\Clash\Desktop\CmiMergeSetup.ini [2011.11.28 20:47:57 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\_.swp [2011.11.28 20:44:14 | 000,001,026 | ---- | C] () -- C:\Users\Clash\_viminfo [2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk [2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk [2011.11.28 20:43:33 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\gVim 7.3.lnk [2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gvimdiff.bat [2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gview.bat [2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\evim.bat [2011.11.28 20:43:33 | 000,000,985 | ---- | C] () -- C:\Windows\gvim.bat [2011.11.28 20:43:33 | 000,000,694 | ---- | C] () -- C:\Windows\vimtutor.bat [2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\vimdiff.bat [2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\view.bat [2011.11.28 20:43:33 | 000,000,664 | ---- | C] () -- C:\Windows\vim.bat [2011.11.28 19:32:40 | 000,000,930 | ---- | C] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk [2011.11.28 19:09:44 | 000,001,093 | ---- | C] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk [2011.11.28 16:47:32 | 000,001,480 | ---- | C] () -- C:\Users\Clash\Desktop\MSYS.lnk [2011.11.28 16:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI [2011.11.24 15:44:35 | 023,042,284 | ---- | C] () -- C:\Users\Clash\Desktop\hogy.7z [2011.11.23 16:26:54 | 000,611,275 | ---- | C] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg [2011.11.23 15:42:11 | 000,096,182 | ---- | C] () -- C:\Users\Clash\Desktop\sp-Holger.jpg [2011.11.21 19:23:39 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.11.21 19:08:37 | 000,733,363 | ---- | C] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg [2011.11.14 18:12:41 | 137,701,577 | ---- | C] () -- C:\EasyPHP.zip [2011.11.11 20:02:59 | 000,001,151 | ---- | C] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk [2011.11.11 12:07:29 | 000,000,036 | ---- | C] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId [2011.11.08 14:51:23 | 000,092,823 | ---- | C] () -- C:\Users\Clash\Desktop\123.PNG [2011.11.07 15:03:22 | 000,012,800 | ---- | C] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf [2011.11.06 21:00:41 | 000,035,221 | ---- | C] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg [2011.11.02 22:14:11 | 000,002,384 | ---- | C] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12 [2011.11.02 01:28:47 | 000,003,642 | ---- | C] () -- C:\Users\Clash\Desktop\wp-config.php [2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2011.10.03 16:53:33 | 000,000,032 | ---- | C] () -- C:\Windows\Terraria.INI [2011.09.13 20:01:49 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs [2011.09.09 15:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2011.09.07 11:39:55 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll [2011.09.07 11:39:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll [2011.09.07 11:39:55 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll [2011.09.07 11:39:54 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe [2011.09.07 11:39:54 | 000,040,538 | ---- | C] () -- C:\Windows\unins000.dat [2011.08.07 20:15:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.07.01 13:14:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.06.24 14:48:19 | 000,000,048 | ---- | C] () -- C:\Windows\ABC_mru.ini [2011.06.14 23:48:45 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI [2011.06.11 16:50:42 | 000,000,600 | ---- | C] () -- C:\Users\Clash\AppData\Local\PUTTY.RND [2011.06.08 22:56:43 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.06.08 22:56:37 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.06.08 22:56:37 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini [2011.05.26 00:57:39 | 000,007,602 | ---- | C] () -- C:\Users\Clash\AppData\Local\Resmon.ResmonCfg [2011.05.10 20:07:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.05.10 18:35:29 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI [2011.05.10 18:35:29 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini [2011.05.10 18:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini [2011.05.10 18:35:28 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI [2011.05.10 18:35:21 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.05.10 18:35:21 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT [2011.05.10 18:34:45 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini [2011.05.10 16:37:15 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe [2011.05.10 16:37:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll [2011.05.10 16:37:15 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini [2011.05.10 16:37:14 | 000,147,860 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl [2011.05.10 16:37:12 | 000,000,954 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi [2011.05.10 16:37:10 | 000,005,018 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg [2011.05.10 16:37:10 | 000,000,485 | ---- | C] () -- C:\Windows\cmudaxp.ini [2011.05.10 16:32:59 | 001,627,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2011.09.18 03:39:38 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.minecraft [2011.11.06 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.purple [2011.05.10 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ASUS [2011.09.05 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ColorSchemer [2011.11.26 02:30:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe [2011.05.19 01:39:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\cspa [2011.05.21 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DAEMON Tools Lite [2011.05.10 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DeviceVm [2011.10.13 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\elsterformular [2011.11.29 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\FileZilla [2011.11.29 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\foobar2000 [2011.09.12 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\GameMaker [2011.09.09 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Garmin [2011.07.01 13:51:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\HandBrake [2011.08.07 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Hi-Rez Studios [2011.05.14 03:17:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ImgBurn [2011.05.10 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\LibreOffice [2011.08.05 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\mkvtoolnix [2011.11.29 20:06:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Mumble [2011.06.15 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\MySQL [2011.11.29 01:27:48 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Natural Selection 2 [2011.11.28 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nokia [2011.09.30 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Notepad++ [2011.05.26 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nuance [2011.05.15 22:31:08 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Opera [2011.09.30 00:51:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\PeaZip [2011.10.13 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\RegExr.8CE3EE8FC37F7781C562DFF80977CFBA322DD1EF.1 [2011.09.09 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\rockbox.org [2011.11.21 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware [2011.11.29 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SPlayer [2011.05.17 11:40:10 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Subversion [2011.06.06 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\TeamViewer [2011.11.22 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Thunderbird [2011.05.11 12:24:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Titanium [2011.09.07 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Tunngle [2011.08.01 14:59:37 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\wargaming.net [2011.08.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\XBMC [2011.05.26 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Zeon [2011.07.13 22:51:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.11.28 21:49:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.20 22:30:06 | 000,000,000 | ---D | M] -- C:\.craftbukkit [2011.05.11 22:53:41 | 000,000,000 | ---D | M] -- C:\Android [2011.11.29 18:49:01 | 000,000,000 | ---D | M] -- C:\cPlusPlus [2011.09.20 22:36:03 | 000,000,000 | ---D | M] -- C:\craftbukkit [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.06.16 03:46:59 | 000,000,000 | ---D | M] -- C:\EasyPHP [2011.10.17 13:50:30 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie [2011.10.21 16:34:25 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie (2) [2011.10.03 16:53:24 | 000,000,000 | ---D | M] -- C:\Games [2011.06.24 15:29:30 | 000,000,000 | ---D | M] -- C:\glassfish3 [2011.09.09 15:32:26 | 000,000,000 | ---D | M] -- C:\hallo [2011.05.10 15:55:54 | 000,000,000 | ---D | M] -- C:\Intel [2011.11.29 18:29:12 | 000,000,000 | ---D | M] -- C:\mingw [2011.05.10 18:34:30 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.11.28 17:07:39 | 000,000,000 | ---D | M] -- C:\msys [2011.06.07 20:48:17 | 000,000,000 | ---D | M] -- C:\MyBootCD [2011.05.10 16:11:05 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.11.29 20:59:07 | 000,000,000 | R--D | M] -- C:\Program Files [2011.11.29 21:53:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.11.29 21:42:09 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.08.05 13:18:10 | 000,000,000 | ---D | M] -- C:\StAX [2011.11.29 22:49:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.29 21:44:36 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine [2011.11.28 16:18:58 | 000,000,000 | R--D | M] -- C:\Users [2011.11.29 17:51:02 | 000,000,000 | ---D | M] -- C:\Wascana [2011.11.29 21:15:09 | 000,000,000 | ---D | M] -- C:\Windows [2011.11.19 17:23:51 | 000,000,000 | ---D | M] -- C:\wp-smushit < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2011.05.11 15:02:08 | 005,945,944 | -H-- | M] (Safer-Networking Ltd.) MD5=B302653D473E85E3FFCF100F12062EF9 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2010.08.14 10:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > |
|
30.11.2011, 11:39
| #2 | ||||
| /// Helfer-Team    | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Hallo und Herzlich Willkommen!
__________________ Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! Ich habe zwei Vorschläge: : 1. Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!: - Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen. Zitat:
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis) ► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können? 2. Zitat:
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
4. Systemscan mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
5. Ich würde gerne noch all deine installierten Programme sehen: Lade dir das Tool CCleaner herunter → Download installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..." wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein Zitat:
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw grußkira
__________________ |
|
30.11.2011, 18:39
| #3 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos So vielen dank erstmal fürs Antworten!
__________________der Eintrag zur Systemwiederherstellung existiert nicht mehr im Startmenü! WEnn ich beim starten F8 drücke und dann reparieren auswähle, startet der Rechner nicht! Er bleibt einfach bei blabla wird geladen stehen und nix tut sich mehr. Aufgefallen ist mir noch das die "bösartige Websites blockieren" - Funktion sich nicht anschalten lässt bei Malwarebytes. Die OTL.txt ist oben gepostet eine extras.txt wurde nicht erstellt! bzw kann ich nicht mehr finden. ich hatte aber vor ein paar Tagen ein Tool namens catchme laufen lassen und das hat dies hier ausgespuckt: Code:
ATTFilter detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8279
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
30.11.2011 18:03:09
mbam-log-2011-11-30 (18-03-09).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 1561716
Laufzeit: 1 Stunde(n), 12 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Hier noch die install.txt: Code:
ATTFilter "Minimal SYStem 1.0.10" MinGW 28.11.2011 1.0.10
7-Zip 9.20 (x64 edition) Igor Pavlov 09.05.2011 4,53MB 9.20.00.0
Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 09.05.2011 6,00MB 10.2.161.23
Adobe Flash Player 10 Plugin 64-bit Adobe Systems Incorporated 09.05.2011 6,00MB 10.2.161.23
Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 22.11.2011 6,00MB 11.1.102.55
Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 22.11.2011 6,00MB 11.1.102.55
Adobe Reader X (10.1.1) Adobe Systems Incorporated 16.09.2011 160,3MB 10.1.1
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 09.05.2011 11.5.9.620
Adobe Shockwave Player 11.6 Adobe Systems, Inc 06.09.2011 33,3MB 11.6.1.629
Advanced Batch Converter BatchConverter.com 23.06.2011 5.5
Alien Swarm Valve 20.07.2011
Alien Swarm - SDK Valve 25.09.2011
Allgemeine Runtime Files (x86) Sereby Corporation 22.11.2011 37,6MB 1.0.3.2
Alliance of Valiant Arms 06.08.2011
Allmyapps Allmyapps 18.05.2011 0.9.2.8
Android SDK Tools Google Inc. 10.05.2011 0.7
Anomaly Warzone Earth 25.09.2011
Apple Application Support Apple Inc. 11.05.2011 51,0MB 1.5.1
Apple Software Update Apple Inc. 11.05.2011 2,16MB 2.1.1.116
Aquaria Bit Blot 24.11.2011
ASRock App Charger v1.0.4 ASRock Inc. 09.05.2011 1,35MB
ASRock eXtreme Tuner v0.1.54 09.05.2011 15,2MB
ASRock InstantBoot v1.26 09.05.2011
ASUS Xonar Essence ST Audio Driver 09.05.2011
Auto Gordian Knot 2.55 len0x 30.06.2011 2.55
Avant Browser (remove only) Avant Force 09.05.2011 11.8.0.131
Avidemux 2.5 09.05.2011 2.5.4.6714
AviSynth 2.5 30.06.2011
Bastion Supergiant Games 04.09.2011
Brother HL-5240 Brother 09.05.2011 1.00
Call of Duty(R) 4 - Modern Warfare(TM) Activision 07.06.2011 6.379MB 1.7
CCleaner Piriform 29.11.2011 3.13
Chromium Chromium 09.05.2011 13.0.776.0
Chromium Updater Martin Endres 09.05.2011 92,00KB 1.3.710
CloneDVD2 Elaborate Bytes 30.06.2011 2.9.3.0
CodeBlocks The Code::Blocks Team 28.11.2011 10.05
ColorSchemer Studio 2 ColorSchemer 04.09.2011 Studio v2.1
CPUID CPU-Z 1.57.1 09.05.2011 3,22MB
CraftBukkit 19.09.2011
Crayon Physics Deluxe Kloonigames 24.11.2011
Darwinia Introversion Software 24.11.2011
DEFCON Introversion Software 24.11.2011
Defense Grid: The Awakening Hidden Path Entertainment 25.09.2011
Desura Desura 16.10.2011 100.50
DivX-Setup DivX, LLC 16.05.2011 2.5.0.8
Dungeon Defenders 15.11.2011
Dungeons of Dredmor 28.11.2011
DVD Decrypter (Remove Only) 04.08.2011
DVD Shrink 3.2 deutsch DVD Shrink 04.08.2011
ElsterFormular für Unternehmer Landesfinanzdirektion Thüringen 12.10.2011 12.4.0.7094u
Emsisoft Anti-Malware Emsi Software GmbH 28.11.2011 147,2MB 6.0
ESET Online Scanner v3 28.11.2011
Etron USB3.0 Host Controller Etron Technology 09.05.2011 5,13MB 0.96
ffdshow [rev 3154] [2009-12-09] 31.07.2011 16,8MB 1.0
FileZilla Client 3.5.2 FileZilla Project 13.11.2011 16,6MB 3.5.2
FileZilla Server FileZilla Project 01.07.2011 5,12MB beta 0.9.39
foobar2000 v1.1.8 Peter Pawlowski 25.09.2011 8,62MB 1.1.8
Forsaken World 07.08.2011
Frozen Synapse 12.08.2011
GameMaker 8.1 12.09.2011
GameMaker 8.1 07.09.2011
Garmin Lifetime Updater Garmin 08.09.2011 38,1MB 2.0.10
Garry's Mod Team Garry 23.11.2011
GlassFish Server Open Source Edition 3.1 23.06.2011
Global Agenda Hi-Rez Studios 06.08.2011
Google Chrome Google Inc. 09.05.2011 14.0.835.202
Google Chrome Google Inc. 18.10.2011 15.0.874.121
Google Earth Google 20.11.2011 92,7MB 6.1.0.5001
Google Talk (remove only) 14.05.2011
Google Talk Plugin Google 23.11.2011 17,9MB 2.5.8.4958
Haali Media Splitter 09.05.2011
Heroes of Newerth S2 Games 05.09.2011 2.0.33
ImgBurn LIGHTNING UK! 09.05.2011 2.5.5.0
Intel(R) Management Engine Components Intel Corporation 10.05.2011 7.0.0.1144
Intel(R) Rapid Storage Technology Intel Corporation 10.05.2011 10.1.0.1008
Java(TM) 6 Update 25 Oracle 27.09.2011 94,7MB 6.0.250
Java(TM) 6 Update 26 (64-bit) Oracle 20.06.2011 91,6MB 6.0.260
Java(TM) 6 Update 27 Oracle 10.05.2011 96,9MB 6.0.270
Java(TM) 7 Oracle 06.09.2011 98,9MB 7.0.0
Java(TM) 7 (64-bit) Oracle 06.09.2011 93,3MB 7.0.0
Java(TM) SE Development Kit 6 Update 25 Oracle 10.05.2011 141,1MB 1.6.0.250
Java(TM) SE Development Kit 6 Update 25 (64-bit) Oracle 10.05.2011 146,8MB 1.6.0.250
Java(TM) SE Development Kit 6 Update 26 (64-bit) Oracle 20.06.2011 147,2MB 1.6.0.260
Killing Floor Tripwire Interactive 29.08.2011
Killing Floor Mod: Defence Alliance 2 29.08.2011
LibreOffice 3.3 LibreOffice 09.05.2011 948MB 3.3.202
LIMBO 23.11.2011
LogMeIn Hamachi LogMeIn, Inc. 06.09.2011 2.1.0.124
Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo 10.07.2011
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 28.11.2011 13,8MB 1.51.2.1300
Media Player Classic - Home Cinema v1.5.2.3456 x64 MPC-HC Team 31.07.2011 21,4MB 1.5.2.3456
Metro 2033 THQ 09.10.2011
Microsoft .NET Framework 1.1 German Language Pack Microsoft 09.05.2011 3,03MB 1.1.4322
Microsoft .NET Framework 1.1 SP1 + KB928366 09.05.2011
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 09.05.2011 38,8MB 4.0.30319
Microsoft .NET Framework 4 Extended Microsoft Corporation 09.05.2011 52,0MB 4.0.30319
Microsoft IntelliPoint 7.1 Microsoft 09.06.2011 34,0MB 7.10.344.0
Microsoft IntelliType Pro 8.1 Microsoft 09.05.2011 8.15.406.0
Microsoft Silverlight Microsoft Corporation 22.11.2011 60,4MB 4.0.60831.0
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.09.2011 0,29MB 8.0.59193
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Corporation 09.05.2011 0,57MB 8.0.51011
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 09.05.2011 0,77MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 09.05.2011 0,58MB 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 09.05.2011 0,25MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 09.05.2011 0,77MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 06.09.2011 0,77MB 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 09.05.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 09.05.2011 0,23MB 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 09.05.2011 0,58MB 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 06.09.2011 0,59MB 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 09.05.2011 13,7MB 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 22.11.2011 16,7MB 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package Microsoft Corporation 09.05.2011
Microsoft XNA Framework Redistributable 3.1 Microsoft Corporation 04.09.2011 7,55MB 3.1.10527.0
MinGW 5.1.4 MinGW 27.11.2011 5.1.4
MKVtoolnix 4.9.1 Moritz Bunkus 04.08.2011 4.9.1
Mozilla Firefox 8.0 (x86 de) Mozilla 07.11.2011 39,5MB 8.0
Mozilla Thunderbird (8.0) Mozilla 07.11.2011 8.0 (de)
MultipleIEs 09.05.2011
Multiwinia Introversion Software 24.11.2011
Mumble 1.2.3 Thorvald Natvig 31.10.2011 29,7MB 1.2.3
MySQL Workbench 5.2 CE Oracle Corporation 30.10.2011 74,5MB 5.2.35
Natural Selection 2 01.07.2011
NetBeans IDE 7.0 NetBeans.org 09.05.2011 7.0
Notepad++ 29.09.2011 5.9.3
Nuance PDF Reader Nuance Communications, Inc. 25.05.2011 52,3MB 7.00.0000
NVIDIA Grafiktreiber 285.62 NVIDIA Corporation 25.10.2011 285.62
NVIDIA HD-Audiotreiber 1.2.24.0 NVIDIA Corporation 25.10.2011 1.2.24.0
NVIDIA PhysX-Systemsoftware 9.11.0621 NVIDIA Corporation 25.10.2011 9.11.0621
NVIDIA Update 1.5.20 NVIDIA Corporation 25.10.2011 1.5.20
OpenAL 25.10.2011
OpenVPN 2.1_rc20 01.10.2011 2.1_rc20
OpenVPN Connect OpenVPN Technologies 15.11.2011 13,5MB 1.8.3
Opera 11.52 Opera Software ASA 07.11.2011 11.52.1100
Oracle VM VirtualBox 4.0.8 Oracle Corporation 27.06.2011 120,4MB 4.0.8
Orcs Must Die! 23.11.2011
Osmos Hemisphere Games 13.09.2011
PeaZip 4.0 (WIN64) Giorgio Tani 29.09.2011 18,8MB
Pidgin 05.11.2011 2.10.0
PuTTY version 0.61 Simon Tatham 29.09.2011 0.61
Rage 06.10.2011
RasterVect 15.3 Trial RasterVect Software 23.06.2011
Realtek Ethernet Controller Driver For Windows 7 Realtek 09.05.2011 7.23.623.2010
RegExr gskinner.com, inc. 12.10.2011 0.3.1b
Revenge of the Titans 25.09.2011
Saal Design Software SSW Software GmbH 20.11.2011 2.9.2
Safari Apple Inc. 11.05.2011 41,3MB 5.33.21.1
Sanctum 25.09.2011
Skype Click to Call Skype Technologies S.A. 28.10.2011 14,4MB 5.6.8442
Skype™ 5.5 Skype Technologies S.A. 28.10.2011 17,0MB 5.5.124
Sol Survivor Cadenza Interactive Games 25.09.2011
Spiral Knights SEGA 06.08.2011
SPlayer 08.09.2011
Spybot - Search & Destroy Safer Networking Limited 27.11.2011 1.6.2
StartNow Toolbar StartNow.com 15.10.2011 2.3.0
Steam Valve Corporation 01.07.2011 35,5MB 1.0.0.0
System Explorer 3.6.2 Mister Group 29.11.2011 4,97MB
Team Fortress 2 Valve 01.07.2011
TeamViewer 6 TeamViewer GmbH 08.11.2011 6.0.11656
The Elder Scrolls V: Skyrim Bethesda Game Studios 11.11.2011
Titanium Developer Appcelerator 10.05.2011 5,99MB 1.2.2
TP-LINK Wireless Client Utility TP-LINK 26.06.2011 7.0
Update Notifier CleanSofts.org 18.05.2011 1.1.6.141
Uplink Introversion Software 24.11.2011
Vim 7.3 (self-installing) 27.11.2011
VLC media player 1.1.11 VideoLAN 29.09.2011 1.1.11
VNC Free Edition 4.1.3 RealVNC Ltd. 09.05.2011 4.1.3
VobSub v2.23 (Remove Only) 30.06.2011
Warcraft III Blizzard Entertainment 11.05.2011
Wascana C/C++ IDE for Windows Doug Schaefer 28.11.2011 1.0.0.0
Windows Mobile-Gerätecenter Microsoft Corporation 23.07.2011 27,4MB 6.1.6965.0
WinPcap 4.1.2 CACE Technologies 13.05.2011 4.1.0.2001
WinRAR 4.01 (64-Bit) win.rar GmbH 03.08.2011 4.01.0
World of Tanks v.0.6.5 Wargaming.net 31.07.2011
XBMC Team XBMC 04.08.2011
XFastUsb 09.05.2011
XviD MPEG4 Video Codec (remove only) 30.06.2011
Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8260
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
28.11.2011 22:03:38
mbam-log-2011-11-28 (22-03-38).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 188990
Laufzeit: 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-3065023223-3259891288-495664237-1000\$RBHRZNJ.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
Geändert von The-Clash (30.11.2011 um 18:42 Uhr) Grund: eins hab ich noch vergessen: |
|
01.12.2011, 16:10
| #4 |
| /// Helfer-Team | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Punkt 4. fehlt noch, bitte nachreichen! (ein neues Logfile erstellen und posten) außerdem: TDSSKiller von Kaspersky
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
01.12.2011, 20:57
| #5 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Im Anhang befinden sich die beiden fehlenden Logs! Soooo den letzten report von TDSS werd ich gleich nachreichen! viele Grüße, Ralf. Code:
ATTFilter 20:43:22.0789 6244 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:43:23.0084 6244 ============================================================
20:43:23.0084 6244 Current date / time: 2011/12/01 20:43:23.0084
20:43:23.0084 6244 SystemInfo:
20:43:23.0084 6244
20:43:23.0084 6244 OS Version: 6.1.7601 ServicePack: 1.0
20:43:23.0084 6244 Product type: Workstation
20:43:23.0084 6244 ComputerName: DEEPTHOUGHT
20:43:23.0085 6244 UserName: Clash
20:43:23.0085 6244 Windows directory: C:\Windows
20:43:23.0085 6244 System windows directory: C:\Windows
20:43:23.0085 6244 Running under WOW64
20:43:23.0085 6244 Processor architecture: Intel x64
20:43:23.0085 6244 Number of processors: 4
20:43:23.0085 6244 Page size: 0x1000
20:43:23.0085 6244 Boot type: Normal boot
20:43:23.0085 6244 ============================================================
20:43:30.0145 6244 Initialize success
21:00:30.0783 4132 ============================================================
21:00:30.0783 4132 Scan started
21:00:30.0783 4132 Mode: Manual;
21:00:30.0783 4132 ============================================================
21:00:30.0951 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:00:30.0952 4132 1394ohci - ok
21:00:30.0960 4132 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
21:00:30.0960 4132 A2DDA - ok
21:00:30.0976 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:00:30.0980 4132 ACPI - ok
21:00:30.0993 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:00:30.0993 4132 AcpiPmi - ok
21:00:31.0010 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:00:31.0012 4132 adp94xx - ok
21:00:31.0027 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:00:31.0030 4132 adpahci - ok
21:00:31.0042 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:00:31.0043 4132 adpu320 - ok
21:00:31.0062 4132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:00:31.0067 4132 AFD - ok
21:00:31.0078 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:00:31.0080 4132 agp440 - ok
21:00:31.0091 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:00:31.0092 4132 aliide - ok
21:00:31.0105 4132 ALSysIO - ok
21:00:31.0116 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:00:31.0116 4132 amdide - ok
21:00:31.0126 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:00:31.0127 4132 AmdK8 - ok
21:00:31.0137 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:00:31.0137 4132 AmdPPM - ok
21:00:31.0147 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:00:31.0148 4132 amdsata - ok
21:00:31.0158 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:00:31.0161 4132 amdsbs - ok
21:00:31.0171 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:00:31.0171 4132 amdxata - ok
21:00:31.0181 4132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:00:31.0182 4132 AppID - ok
21:00:31.0196 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:00:31.0197 4132 arc - ok
21:00:31.0207 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:00:31.0208 4132 arcsas - ok
21:00:31.0225 4132 AsrAppCharger (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys
21:00:31.0225 4132 AsrAppCharger - ok
21:00:31.0237 4132 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
21:00:31.0237 4132 aswFsBlk - ok
21:00:31.0247 4132 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
21:00:31.0248 4132 aswMonFlt - ok
21:00:31.0258 4132 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
21:00:31.0258 4132 aswRdr - ok
21:00:31.0272 4132 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
21:00:31.0275 4132 aswSnx - ok
21:00:31.0291 4132 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
21:00:31.0293 4132 aswSP - ok
21:00:31.0305 4132 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
21:00:31.0306 4132 aswTdi - ok
21:00:31.0317 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:31.0318 4132 AsyncMac - ok
21:00:31.0328 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:00:31.0328 4132 atapi - ok
21:00:31.0348 4132 athr (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys
21:00:31.0357 4132 athr - ok
21:00:31.0376 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:00:31.0380 4132 b06bdrv - ok
21:00:31.0393 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:00:31.0395 4132 b57nd60a - ok
21:00:31.0408 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:00:31.0410 4132 Beep - ok
21:00:31.0422 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:00:31.0422 4132 blbdrive - ok
21:00:31.0435 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:00:31.0436 4132 bowser - ok
21:00:31.0447 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:00:31.0447 4132 BrFiltLo - ok
21:00:31.0457 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:00:31.0458 4132 BrFiltUp - ok
21:00:31.0472 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:00:31.0475 4132 Brserid - ok
21:00:31.0486 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:00:31.0487 4132 BrSerWdm - ok
21:00:31.0498 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:00:31.0500 4132 BrUsbMdm - ok
21:00:31.0511 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:00:31.0511 4132 BrUsbSer - ok
21:00:31.0522 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
21:00:31.0522 4132 BTHMODEM - ok
21:00:31.0537 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:31.0538 4132 cdfs - ok
21:00:31.0552 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:31.0553 4132 cdrom - ok
21:00:31.0565 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:00:31.0566 4132 circlass - ok
21:00:31.0578 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:00:31.0582 4132 CLFS - ok
21:00:31.0597 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
21:00:31.0598 4132 CmBatt - ok
21:00:31.0607 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:00:31.0608 4132 cmdide - ok
21:00:31.0635 4132 cmudaxp (0367f029425cbd5506e8db2757ff3a8f) C:\Windows\system32\drivers\cmudaxp.sys
21:00:31.0650 4132 cmudaxp - ok
21:00:31.0667 4132 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:00:31.0671 4132 CNG - ok
21:00:31.0683 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
21:00:31.0683 4132 Compbatt - ok
21:00:31.0696 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:00:31.0696 4132 CompositeBus - ok
21:00:31.0707 4132 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:00:31.0708 4132 cpuz135 - ok
21:00:31.0717 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:00:31.0717 4132 crcdisk - ok
21:00:31.0736 4132 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:00:31.0740 4132 CSC - ok
21:00:31.0757 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:00:31.0758 4132 DfsC - ok
21:00:31.0772 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:00:31.0772 4132 discache - ok
21:00:31.0785 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:00:31.0786 4132 Disk - ok
21:00:31.0797 4132 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
21:00:31.0798 4132 dmvsc - ok
21:00:31.0812 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:00:31.0813 4132 drmkaud - ok
21:00:31.0832 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:31.0840 4132 DXGKrnl - ok
21:00:31.0875 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:00:31.0892 4132 ebdrv - ok
21:00:31.0908 4132 ElbyCDIO - ok
21:00:31.0925 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:00:31.0927 4132 elxstor - ok
21:00:31.0938 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:00:31.0938 4132 ErrDev - ok
21:00:31.0952 4132 EtronHub3 (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys
21:00:31.0952 4132 EtronHub3 - ok
21:00:31.0965 4132 EtronXHCI (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys
21:00:31.0965 4132 EtronXHCI - ok
21:00:31.0980 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:00:31.0982 4132 exfat - ok
21:00:31.0993 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:00:31.0996 4132 fastfat - ok
21:00:32.0008 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:00:32.0010 4132 fdc - ok
21:00:32.0023 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:00:32.0025 4132 FileInfo - ok
21:00:32.0036 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:00:32.0037 4132 Filetrace - ok
21:00:32.0048 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:00:32.0048 4132 flpydisk - ok
21:00:32.0062 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:00:32.0065 4132 FltMgr - ok
21:00:32.0077 4132 FNETTBOH_305 (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS
21:00:32.0077 4132 FNETTBOH_305 - ok
21:00:32.0090 4132 FNETURPX (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS
21:00:32.0091 4132 FNETURPX - ok
21:00:32.0103 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:00:32.0105 4132 FsDepends - ok
21:00:32.0113 4132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:32.0115 4132 Fs_Rec - ok
21:00:32.0126 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:00:32.0127 4132 fvevol - ok
21:00:32.0141 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:00:32.0141 4132 gagp30kx - ok
21:00:32.0155 4132 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
21:00:32.0155 4132 hamachi - ok
21:00:32.0168 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:00:32.0168 4132 hcw85cir - ok
21:00:32.0182 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:00:32.0185 4132 HdAudAddService - ok
21:00:32.0197 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:32.0198 4132 HDAudBus - ok
21:00:32.0210 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:00:32.0210 4132 HidBatt - ok
21:00:32.0221 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:00:32.0222 4132 HidBth - ok
21:00:32.0235 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:00:32.0235 4132 HidIr - ok
21:00:32.0246 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:32.0246 4132 HidUsb - ok
21:00:32.0262 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:00:32.0263 4132 HpSAMD - ok
21:00:32.0281 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:00:32.0286 4132 HTTP - ok
21:00:32.0298 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:00:32.0300 4132 hwpolicy - ok
21:00:32.0311 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:32.0312 4132 i8042prt - ok
21:00:32.0327 4132 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
21:00:32.0328 4132 iaStor - ok
21:00:32.0343 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:00:32.0346 4132 iaStorV - ok
21:00:32.0360 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:00:32.0361 4132 iirsp - ok
21:00:32.0375 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:00:32.0376 4132 intelide - ok
21:00:32.0388 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:32.0388 4132 intelppm - ok
21:00:32.0400 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:32.0401 4132 IpFilterDriver - ok
21:00:32.0411 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:00:32.0412 4132 IPMIDRV - ok
21:00:32.0423 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:00:32.0425 4132 IPNAT - ok
21:00:32.0435 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:00:32.0435 4132 IRENUM - ok
21:00:32.0445 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:00:32.0445 4132 isapnp - ok
21:00:32.0456 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:00:32.0457 4132 iScsiPrt - ok
21:00:32.0472 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:32.0472 4132 kbdclass - ok
21:00:32.0483 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:32.0485 4132 kbdhid - ok
21:00:32.0496 4132 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:00:32.0497 4132 KSecDD - ok
21:00:32.0510 4132 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:00:32.0512 4132 KSecPkg - ok
21:00:32.0525 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:00:32.0526 4132 ksthunk - ok
21:00:32.0541 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:32.0542 4132 lltdio - ok
21:00:32.0557 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:00:32.0558 4132 LSI_FC - ok
21:00:32.0571 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:00:32.0572 4132 LSI_SAS - ok
21:00:32.0583 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:00:32.0585 4132 LSI_SAS2 - ok
21:00:32.0597 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:00:32.0598 4132 LSI_SCSI - ok
21:00:32.0610 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:00:32.0611 4132 luafv - ok
21:00:32.0621 4132 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:00:32.0622 4132 MBAMProtector - ok
21:00:32.0636 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:00:32.0636 4132 megasas - ok
21:00:32.0648 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:00:32.0651 4132 MegaSR - ok
21:00:32.0663 4132 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:00:32.0663 4132 MEIx64 - ok
21:00:32.0673 4132 MEMSWEEP2 (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\9F2.tmp
21:00:32.0673 4132 MEMSWEEP2 - ok
21:00:32.0687 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:00:32.0687 4132 Modem - ok
21:00:32.0696 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:00:32.0697 4132 monitor - ok
21:00:32.0707 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:32.0708 4132 mouclass - ok
21:00:32.0718 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:32.0718 4132 mouhid - ok
21:00:32.0730 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:00:32.0731 4132 mountmgr - ok
21:00:32.0742 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:00:32.0743 4132 mpio - ok
21:00:32.0753 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:00:32.0755 4132 mpsdrv - ok
21:00:32.0765 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:00:32.0766 4132 MRxDAV - ok
21:00:32.0778 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:32.0780 4132 mrxsmb - ok
21:00:32.0791 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:32.0793 4132 mrxsmb10 - ok
21:00:32.0806 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:32.0807 4132 mrxsmb20 - ok
21:00:32.0820 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:00:32.0820 4132 msahci - ok
21:00:32.0832 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:00:32.0833 4132 msdsm - ok
21:00:32.0847 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:00:32.0848 4132 Msfs - ok
21:00:32.0860 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:00:32.0860 4132 mshidkmdf - ok
21:00:32.0871 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:00:32.0872 4132 msisadrv - ok
21:00:32.0886 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:32.0886 4132 MSKSSRV - ok
21:00:32.0896 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:32.0897 4132 MSPCLOCK - ok
21:00:32.0907 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:00:32.0907 4132 MSPQM - ok
21:00:32.0920 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:00:32.0923 4132 MsRPC - ok
21:00:32.0937 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:32.0937 4132 mssmbios - ok
21:00:32.0947 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:00:32.0948 4132 MSTEE - ok
21:00:32.0957 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:00:32.0958 4132 MTConfig - ok
21:00:32.0967 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:00:32.0968 4132 Mup - ok
21:00:32.0982 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:32.0985 4132 NativeWifiP - ok
21:00:33.0006 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:00:33.0013 4132 NDIS - ok
21:00:33.0027 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:33.0028 4132 NdisCap - ok
21:00:33.0040 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:33.0040 4132 NdisTapi - ok
21:00:33.0051 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:33.0052 4132 Ndisuio - ok
21:00:33.0063 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:33.0065 4132 NdisWan - ok
21:00:33.0078 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:00:33.0078 4132 NDProxy - ok
21:00:33.0091 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:00:33.0092 4132 NetBIOS - ok
21:00:33.0105 4132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:00:33.0107 4132 NetBT - ok
21:00:33.0126 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:00:33.0127 4132 nfrd960 - ok
21:00:33.0141 4132 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
21:00:33.0142 4132 NPF - ok
21:00:33.0151 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:00:33.0152 4132 Npfs - ok
21:00:33.0163 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:00:33.0163 4132 nsiproxy - ok
21:00:33.0191 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:00:33.0202 4132 Ntfs - ok
21:00:33.0216 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:00:33.0216 4132 Null - ok
21:00:33.0230 4132 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
21:00:33.0231 4132 NVHDA - ok
21:00:33.0330 4132 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:00:33.0400 4132 nvlddmkm - ok
21:00:33.0412 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:00:33.0413 4132 nvraid - ok
21:00:33.0425 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:00:33.0426 4132 nvstor - ok
21:00:33.0440 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:00:33.0442 4132 nv_agp - ok
21:00:33.0452 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:00:33.0452 4132 ohci1394 - ok
21:00:33.0472 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:00:33.0473 4132 Parport - ok
21:00:33.0486 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:00:33.0487 4132 partmgr - ok
21:00:33.0501 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:00:33.0502 4132 pci - ok
21:00:33.0515 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:00:33.0515 4132 pciide - ok
21:00:33.0528 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:00:33.0530 4132 pcmcia - ok
21:00:33.0541 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:00:33.0542 4132 pcw - ok
21:00:33.0558 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:00:33.0563 4132 PEAUTH - ok
21:00:33.0588 4132 Point64 (7ca2487bc51fbe4fa30de657c61d27d3) C:\Windows\system32\DRIVERS\point64k.sys
21:00:33.0590 4132 Point64 - ok
21:00:33.0605 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:33.0607 4132 PptpMiniport - ok
21:00:33.0618 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:00:33.0620 4132 Processor - ok
21:00:33.0633 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:00:33.0635 4132 Psched - ok
21:00:33.0656 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:00:33.0666 4132 ql2300 - ok
21:00:33.0676 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:00:33.0677 4132 ql40xx - ok
21:00:33.0692 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:00:33.0693 4132 QWAVEdrv - ok
21:00:33.0707 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:33.0707 4132 RasAcd - ok
21:00:33.0720 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:00:33.0720 4132 RasAgileVpn - ok
21:00:33.0733 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:33.0735 4132 Rasl2tp - ok
21:00:33.0748 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:33.0750 4132 RasPppoe - ok
21:00:33.0763 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:33.0765 4132 RasSstp - ok
21:00:33.0778 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:33.0781 4132 rdbss - ok
21:00:33.0793 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:00:33.0793 4132 rdpbus - ok
21:00:33.0803 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:33.0803 4132 RDPCDD - ok
21:00:33.0816 4132 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:00:33.0817 4132 RDPDR - ok
21:00:33.0830 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:00:33.0830 4132 RDPENCDD - ok
21:00:33.0842 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:00:33.0842 4132 RDPREFMP - ok
21:00:33.0853 4132 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:00:33.0855 4132 RdpVideoMiniport - ok
21:00:33.0865 4132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:00:33.0866 4132 RDPWD - ok
21:00:33.0881 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:00:33.0883 4132 rdyboost - ok
21:00:33.0901 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:33.0902 4132 rspndr - ok
21:00:33.0915 4132 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:00:33.0916 4132 RTL8167 - ok
21:00:33.0928 4132 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:00:33.0928 4132 s3cap - ok
21:00:33.0940 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:00:33.0941 4132 sbp2port - ok
21:00:33.0956 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:00:33.0956 4132 scfilter - ok
21:00:33.0971 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:00:33.0972 4132 secdrv - ok
21:00:33.0987 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:00:33.0987 4132 Serenum - ok
21:00:34.0000 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:00:34.0001 4132 Serial - ok
21:00:34.0011 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:00:34.0012 4132 sermouse - ok
21:00:34.0027 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:00:34.0027 4132 sffdisk - ok
21:00:34.0040 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:00:34.0040 4132 sffp_mmc - ok
21:00:34.0050 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:00:34.0051 4132 sffp_sd - ok
21:00:34.0060 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:00:34.0061 4132 sfloppy - ok
21:00:34.0075 4132 silabenm (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys
21:00:34.0075 4132 silabenm - ok
21:00:34.0087 4132 silabser (39a6f89d7eff9b1b839570134170d859) C:\Windows\system32\DRIVERS\silabser.sys
21:00:34.0087 4132 silabser - ok
21:00:34.0097 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:00:34.0098 4132 SiSRaid2 - ok
21:00:34.0108 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:00:34.0108 4132 SiSRaid4 - ok
21:00:34.0121 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:00:34.0122 4132 Smb - ok
21:00:34.0137 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:00:34.0138 4132 spldr - ok
21:00:34.0143 4132 sptd - ok
21:00:34.0161 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:00:34.0165 4132 srv - ok
21:00:34.0177 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:00:34.0181 4132 srv2 - ok
21:00:34.0192 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:34.0193 4132 srvnet - ok
21:00:34.0208 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:00:34.0208 4132 stexstor - ok
21:00:34.0221 4132 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:00:34.0221 4132 storflt - ok
21:00:34.0232 4132 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:00:34.0232 4132 storvsc - ok
21:00:34.0242 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:00:34.0242 4132 swenum - ok
21:00:34.0256 4132 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
21:00:34.0257 4132 Synth3dVsc - ok
21:00:34.0272 4132 tap0901 (024adc7f69d1776d72cc5d031b41ce4f) C:\Windows\system32\DRIVERS\tap0901.sys
21:00:34.0272 4132 tap0901 - ok
21:00:34.0286 4132 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
21:00:34.0286 4132 tapoas - ok
21:00:34.0311 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:00:34.0322 4132 Tcpip - ok
21:00:34.0345 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:00:34.0352 4132 TCPIP6 - ok
21:00:34.0366 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:00:34.0366 4132 tcpipreg - ok
21:00:34.0378 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:00:34.0380 4132 TDPIPE - ok
21:00:34.0391 4132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:00:34.0391 4132 TDTCP - ok
21:00:34.0403 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:00:34.0405 4132 tdx - ok
21:00:34.0417 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:00:34.0418 4132 TermDD - ok
21:00:34.0428 4132 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
21:00:34.0430 4132 terminpt - ok
21:00:34.0447 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:34.0447 4132 tssecsrv - ok
21:00:34.0458 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:00:34.0460 4132 TsUsbFlt - ok
21:00:34.0470 4132 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:00:34.0471 4132 TsUsbGD - ok
21:00:34.0481 4132 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
21:00:34.0482 4132 tsusbhub - ok
21:00:34.0496 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:00:34.0498 4132 tunnel - ok
21:00:34.0511 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:00:34.0512 4132 uagp35 - ok
21:00:34.0526 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:00:34.0530 4132 udfs - ok
21:00:34.0545 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:00:34.0545 4132 uliagpkx - ok
21:00:34.0558 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:00:34.0560 4132 umbus - ok
21:00:34.0571 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:00:34.0572 4132 UmPass - ok
21:00:34.0588 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:34.0590 4132 usbccgp - ok
21:00:34.0601 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:00:34.0602 4132 usbcir - ok
21:00:34.0612 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:00:34.0613 4132 usbehci - ok
21:00:34.0625 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:00:34.0628 4132 usbhub - ok
21:00:34.0641 4132 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:00:34.0641 4132 usbohci - ok
21:00:34.0652 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:00:34.0653 4132 usbprint - ok
21:00:34.0663 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:34.0665 4132 USBSTOR - ok
21:00:34.0675 4132 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:00:34.0675 4132 usbuhci - ok
21:00:34.0690 4132 VBoxDrv (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:00:34.0691 4132 VBoxDrv - ok
21:00:34.0705 4132 VBoxNetAdp (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:00:34.0706 4132 VBoxNetAdp - ok
21:00:34.0718 4132 VBoxNetFlt (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:00:34.0720 4132 VBoxNetFlt - ok
21:00:34.0730 4132 VBoxUSBMon (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:00:34.0730 4132 VBoxUSBMon - ok
21:00:34.0740 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:00:34.0741 4132 vdrvroot - ok
21:00:34.0752 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:34.0752 4132 vga - ok
21:00:34.0762 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:00:34.0763 4132 VgaSave - ok
21:00:34.0772 4132 VGPU - ok
21:00:34.0785 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:00:34.0787 4132 vhdmp - ok
21:00:34.0798 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:00:34.0800 4132 viaide - ok
21:00:34.0810 4132 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:00:34.0812 4132 vmbus - ok
21:00:34.0825 4132 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:00:34.0825 4132 VMBusHID - ok
21:00:34.0837 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:00:34.0838 4132 volmgr - ok
21:00:34.0851 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:00:34.0853 4132 volmgrx - ok
21:00:34.0868 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:00:34.0872 4132 volsnap - ok
21:00:34.0883 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:00:34.0885 4132 vsmraid - ok
21:00:34.0898 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:00:34.0898 4132 vwifibus - ok
21:00:34.0911 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:00:34.0912 4132 vwififlt - ok
21:00:34.0926 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:00:34.0927 4132 WacomPen - ok
21:00:34.0940 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:34.0942 4132 WANARP - ok
21:00:34.0945 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:34.0945 4132 Wanarpv6 - ok
21:00:34.0963 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:00:34.0963 4132 Wd - ok
21:00:34.0981 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:00:34.0987 4132 Wdf01000 - ok
21:00:35.0006 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:35.0006 4132 WfpLwf - ok
21:00:35.0018 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:00:35.0018 4132 WIMMount - ok
21:00:35.0038 4132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:00:35.0038 4132 WinUsb - ok
21:00:35.0053 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:00:35.0055 4132 WmiAcpi - ok
21:00:35.0071 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:00:35.0072 4132 ws2ifsl - ok
21:00:35.0088 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:00:35.0090 4132 WudfPf - ok
21:00:35.0101 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:35.0103 4132 WUDFRd - ok
21:00:35.0112 4132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:00:35.0116 4132 \Device\Harddisk0\DR0 - ok
21:00:35.0117 4132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:00:35.0120 4132 \Device\Harddisk1\DR1 - ok
21:00:35.0137 4132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
21:00:35.0147 4132 \Device\Harddisk2\DR2 - ok
21:00:35.0148 4132 Boot (0x1200) (65a3708198a3338812aab2377a93d6ee) \Device\Harddisk0\DR0\Partition0
21:00:35.0150 4132 \Device\Harddisk0\DR0\Partition0 - ok
21:00:35.0151 4132 Boot (0x1200) (8215fa15febca7e1e8aa9bc06812f2b2) \Device\Harddisk0\DR0\Partition1
21:00:35.0151 4132 \Device\Harddisk0\DR0\Partition1 - ok
21:00:35.0152 4132 Boot (0x1200) (191d8dbd587c51072774197f1e2c7c69) \Device\Harddisk1\DR1\Partition0
21:00:35.0152 4132 \Device\Harddisk1\DR1\Partition0 - ok
21:00:35.0630 4132 Boot (0x1200) (d1682411943c55f001608fef6ae2e6b4) \Device\Harddisk1\DR1\Partition1
21:00:35.0630 4132 \Device\Harddisk1\DR1\Partition1 - ok
21:00:35.0638 4132 Boot (0x1200) (b7016e02f1ce1edfbab37f99e8cc745b) \Device\Harddisk2\DR2\Partition0
21:00:35.0640 4132 \Device\Harddisk2\DR2\Partition0 - ok
21:00:35.0650 4132 Boot (0x1200) (e76b0fe6f2707b99d3378cee1a159079) \Device\Harddisk2\DR2\Partition1
21:00:35.0650 4132 \Device\Harddisk2\DR2\Partition1 - ok
21:00:35.0650 4132 ============================================================
21:00:35.0650 4132 Scan finished
21:00:35.0650 4132 ============================================================
21:00:35.0655 7128 Detected object count: 0
21:00:35.0655 7128 Actual detected object count: 0
Geändert von The-Clash (01.12.2011 um 21:08 Uhr) Grund: *nachreich* |
|
02.12.2011, 07:33
| #6 | ||
| /// Helfer-Team | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos 1. Zitat:
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"... ► Falls Du doch es behalten möchtest: Stelle bitte den TeaTimer ab: Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident. Deaktiviere hier den "Resident TeaTimer aktiv". (Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben! 2. Deine Javaversion ist nicht aktuell! → Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! danach die Alte Version deinstallieren`Systemsteuerung → Software → Ändern/Entfernen... 3. Zitat:
Code:
ATTFilter :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/?pc=avbr [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = my.daemon-search.com
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
[2011.10.16 03:42:30 | 000,002,407 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml
[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ASRSetup.exe
O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\start.exe
O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[2011.12.01 19:55:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job
[2011.12.01 19:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.01 14:29:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.01 02:55:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job
:Commands
[purity]
[emptytemp]
4. reinige dein System mit Ccleaner:
5.
6. Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung -> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< 7. erneut einen Scan mit OTL:
► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ --> Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos |
|
02.12.2011, 11:47
| #7 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Zu 1. ) Ich habe bei Spybot immer nur ausschließlich die Immunisierungs funktion genutzt, die ich eigentlich immer recht nützlich fand. Und auch wenn es eher ein sehr sehr schwacher Schutz ist kann man ihn gut mit anderen Maßnahmen zusammen verwenden und er kostet 0% Prozessorlast! Der Teatimer war immer schon aus. Zu 2. ) hab ich kurz nach dem erstellen der Berichte gemacht weil mir selber aufgefallen war. Aber danke trozdem! Zu 3: Code:
ATTFilter All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.
File G:\ASRSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.
File H:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.
File J:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.
File F:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Clash
->Temp folder emptied: 468364420 bytes
->Temporary Internet Files folder emptied: 48693800 bytes
->Java cache emptied: 5226936 bytes
->FireFox cache emptied: 1006311235 bytes
->Google Chrome cache emptied: 4788592 bytes
->Apple Safari cache emptied: 13260800 bytes
->Opera cache emptied: 2642582 bytes
->Flash cache emptied: 187179 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Neuer Ordner
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1946 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes
RecycleBin emptied: 13702678928 bytes
Total Files Cleaned = 14.548,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 12022011_112525
Files\Folders moved on Reboot...
C:\Users\Clash\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
vielen Dank und viele Grüße, Ralf. |
|
02.12.2011, 14:16
| #8 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Leider konnte ich nicht mehr editieren... Zu 5.) so das ist der superantispywarescan: Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 12/02/2011 at 01:32 PM
Application Version : 5.0.1136
Core Rules Database Version : 8008
Trace Rules Database Version: 5820
Scan type : Complete Scan
Total Scan Time : 01:28:46
Operating System Information
Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator
Memory items scanned : 584
Memory threats detected : 0
Registry items scanned : 77493
Registry threats detected : 0
File items scanned : 492225
File threats detected : 615
Adware.Tracking Cookie
*Hier sollten 615 Tracking cookies stehen die ich mal zensiere sonst hat er nichts gefunden... xD*
|
|
02.12.2011, 14:57
| #9 |
| /// Helfer-Team | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos ► nur mit dem Firefox hast Du probleme, oder besteht das Problem mit Internet Explorer auch? 1. Vor dem nächsten Schritt, also bevor wir weitermachen: Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw) ►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können. Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks Mache das jetzt bitte! 2. Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP
 Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:  Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment). Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint. Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread. Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop. Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen. Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! 3. lade Dir HijackThis 2.0.4 von *von hier* herunter HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
03.12.2011, 02:17
| #10 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Das Problem besteht (oder bestand?) auch bei anderen Browsern. so der ESET online Scan ist durchgelaufen(wow das hat gedauert) 8 Funde alles Trojaner Alle in Ordnern in denen ich Backups von Festplatten von Freunden hab (da geh ich nie rein und die Dateien wurden auch niemals ausgeführt aber trotzdem gut das das Zeug weg ist). dannach hab ich Combofix durchgeführt. Code:
ATTFilter ComboFix 11-12-02.02 - Clash 03.12.2011 0:05.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.8175.6795 [GMT 1:00]
ausgeführt von:: c:\users\Clash\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-02 bis 2011-12-02 ))))))))))))))))))))))))))))))
.
.
2011-12-02 23:41 . 2011-12-02 23:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-02 23:41 . 2011-12-02 23:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 14:49 . 2011-12-02 14:49 -------- d-----w- c:\users\Clash\AppData\Roaming\TeraCopy
2011-12-02 11:01 . 2011-12-02 11:01 -------- d-----w- c:\users\Clash\AppData\Roaming\SUPERAntiSpyware.com
2011-12-02 11:00 . 2011-12-02 11:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-12-02 11:00 . 2011-12-02 11:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-12-01 21:14 . 2011-11-04 11:37 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-12-01 21:14 . 2011-11-04 11:37 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-12-01 21:14 . 2011-12-01 21:14 -------- d-----w- c:\program files\Oracle
2011-12-01 21:10 . 2011-12-01 21:10 -------- d-----w- c:\users\Clash\AppData\Roaming\Allmyapps
2011-12-01 20:26 . 2011-12-01 20:26 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-01 20:26 . 2011-12-01 20:26 611224 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-12-01 20:25 . 2011-12-01 20:25 -------- d-----w- c:\users\Clash\AppData\Roaming\Canneverbe Limited
2011-12-01 20:25 . 2011-12-01 20:25 -------- d-----w- c:\program files\CDBurnerXP
2011-12-01 20:24 . 2011-12-01 20:24 -------- d-----w- c:\program files (x86)\LibreOffice 3.4
2011-12-01 20:22 . 2011-12-01 20:22 -------- d-----w- c:\program files (x86)\GIMP-2.0
2011-12-01 20:21 . 2011-12-01 20:21 -------- d-----w- c:\program files (x86)\SumatraPDF
2011-12-01 20:19 . 2011-12-01 20:19 -------- d-----w- c:\program files (x86)\FileHippo.com
2011-12-01 20:19 . 2011-12-01 20:19 -------- d-----w- c:\program files\TeraCopy
2011-12-01 20:19 . 2011-12-01 20:19 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-12-01 20:18 . 2011-11-21 04:21 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-11-30 18:49 . 2011-11-28 17:53 304472 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-30 18:49 . 2011-11-28 17:51 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-30 18:49 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-30 18:49 . 2011-11-28 17:54 591192 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-30 18:49 . 2011-11-28 17:52 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-30 18:49 . 2011-11-28 17:52 58712 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-30 18:49 . 2011-11-28 17:52 66904 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-30 18:48 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-11-30 18:48 . 2011-11-28 18:01 199816 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-11-30 18:48 . 2011-11-30 18:48 -------- d-----w- c:\programdata\AVAST Software
2011-11-30 18:48 . 2011-11-30 18:48 -------- d-----w- c:\program files\AVAST Software
2011-11-30 17:30 . 2011-11-30 17:30 -------- d-----w- c:\program files\CCleaner
2011-11-30 02:35 . 2011-11-30 03:23 -------- d-----w- c:\programdata\SystemExplorer
2011-11-30 02:35 . 2011-11-30 02:35 -------- d-----w- c:\program files (x86)\System Explorer
2011-11-29 20:53 . 2011-11-29 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 20:44 . 2011-11-29 20:44 -------- d-----w- C:\TDSSKiller_Quarantine
2011-11-29 20:36 . 2011-11-29 20:36 -------- d-----w- c:\program files (x86)\ESET
2011-11-29 20:04 . 2011-11-29 21:15 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2011-11-29 18:43 . 2011-11-29 18:46 1272 ----a-w- c:\windows\SysWow64\tmp.reg
2011-11-29 17:38 . 2011-11-29 17:38 -------- d-----w- c:\users\Clash\Neuer Ordner
2011-11-29 17:29 . 2011-11-29 17:29 -------- d-----w- C:\mingw
2011-11-29 17:18 . 2009-10-17 19:17 324096 ----a-w- c:\windows\SDL.dll
2011-11-29 16:26 . 2011-11-29 16:50 -------- d-----w- c:\users\Clash\AppData\Roaming\codeblocks
2011-11-29 16:26 . 2011-11-29 16:26 -------- d-----w- c:\program files (x86)\CodeBlocks
2011-11-29 03:46 . 2011-11-29 16:51 -------- d-----w- C:\Wascana
2011-11-29 03:01 . 2009-10-17 19:17 324096 ----a-w- c:\windows\system32\SDL.dll
2011-11-29 02:07 . 2011-03-10 14:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2011-11-28 21:00 . 2011-11-28 21:00 -------- d-----w- c:\users\Clash\AppData\Roaming\Malwarebytes
2011-11-28 21:00 . 2011-11-28 21:00 -------- d-----w- c:\programdata\Malwarebytes
2011-11-28 21:00 . 2011-08-31 16:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-28 20:45 . 2011-11-28 20:45 -------- d-----w- c:\program files (x86)\Sophos
2011-11-28 20:42 . 2011-11-28 20:42 -------- d-----w- c:\users\Clash\Pavark
2011-11-28 19:43 . 2011-11-28 19:43 993 ----a-w- c:\windows\gvimdiff.bat
2011-11-28 19:43 . 2011-11-28 19:43 993 ----a-w- c:\windows\gview.bat
2011-11-28 19:43 . 2011-11-28 19:43 993 ----a-w- c:\windows\evim.bat
2011-11-28 19:43 . 2011-11-28 19:43 985 ----a-w- c:\windows\gvim.bat
2011-11-28 19:43 . 2011-11-28 19:43 694 ----a-w- c:\windows\vimtutor.bat
2011-11-28 19:43 . 2011-11-28 19:43 668 ----a-w- c:\windows\vimdiff.bat
2011-11-28 19:43 . 2011-11-28 19:43 668 ----a-w- c:\windows\view.bat
2011-11-28 19:43 . 2011-11-28 19:43 664 ----a-w- c:\windows\vim.bat
2011-11-28 19:43 . 2011-11-28 19:43 -------- d-----w- c:\program files (x86)\Vim
2011-11-28 19:35 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-28 19:34 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-28 19:34 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-28 19:34 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-28 19:30 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-11-28 19:30 . 2011-06-23 04:33 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-11-28 19:30 . 2011-06-23 04:33 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-11-28 19:28 . 2011-07-09 02:46 288768 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-11-28 16:07 . 2011-11-28 16:07 -------- d-----w- C:\msys
2011-11-28 15:18 . 2011-11-28 15:18 -------- d-----w- c:\users\Neuer Ordner
2011-11-28 14:47 . 2011-11-29 17:49 -------- d-----w- C:\cPlusPlus
2011-11-28 14:39 . 2011-11-28 15:45 -------- d-----w- c:\users\Clash\AppData\Roaming\Nokia
2011-11-28 14:39 . 2011-11-28 14:39 -------- d-----w- c:\users\Clash\AppData\Local\Nokia
2011-11-26 01:27 . 2011-11-26 01:30 -------- d-----w- c:\users\Clash\AppData\Roaming\Crayon Physics Deluxe
2011-11-21 17:56 . 2011-11-21 17:56 -------- d-----w- c:\users\Clash\AppData\Roaming\SaalDesignSoftware
2011-11-21 17:56 . 2011-11-21 17:56 -------- d-----w- c:\program files (x86)\SaalDesignSoftware
2011-11-19 16:23 . 2011-11-19 16:23 -------- d-----w- C:\wp-smushit
2011-11-16 18:52 . 2011-11-16 18:52 -------- d-----w- c:\program files (x86)\OpenVPN Technologies
2011-11-12 11:57 . 2011-11-12 11:57 -------- d-----w- c:\users\Clash\AppData\Local\Skyrim
2011-11-12 11:56 . 2008-03-05 14:56 4910088 ----a-w- c:\windows\system32\D3DX9_37.dll
2011-11-11 19:02 . 2011-11-11 19:02 -------- d-----w- c:\program files (x86)\Eclipse PHP
2011-11-06 20:40 . 2011-11-06 20:40 -------- d-----w- c:\users\Clash\AppData\Roaming\.purple
2011-11-04 11:37 . 2011-11-04 11:37 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-11-04 11:37 . 2011-11-04 11:37 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-11-04 11:36 . 2011-11-04 11:36 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 20:26 . 2011-05-10 15:30 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-11-23 15:34 . 2011-09-07 10:39 1202763 ----a-w- c:\windows\unins000.exe
2011-11-23 15:31 . 2011-05-18 11:12 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-13 01:55 . 2011-06-14 19:15 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-11-13 01:55 . 2011-06-08 21:56 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-10-26 09:59 . 2011-06-08 21:56 271200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-10-15 08:53 . 2011-10-26 09:56 7581504 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-15 08:53 . 2011-10-26 09:56 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 09:56 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-10-15 08:53 . 2011-10-26 09:56 5578560 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-10-15 08:53 . 2011-10-26 09:56 2542912 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 09:56 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-15 08:53 . 2011-10-26 09:56 24742720 ----a-w- c:\windows\system32\nvoglv64.dll
2011-10-15 08:53 . 2011-10-26 09:56 2458432 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-10-15 08:53 . 2011-10-26 09:56 2401088 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-10-15 08:53 . 2011-10-26 09:56 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 09:56 2099520 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-10-15 08:53 . 2011-10-26 09:56 18871616 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-10-15 08:53 . 2011-10-26 09:56 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-10-15 08:53 . 2011-10-26 09:56 15693120 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-10-15 08:53 . 2011-10-26 09:56 12971840 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-10-15 08:53 . 2011-10-09 20:41 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-10-15 08:53 . 2011-10-09 20:41 5067584 ----a-w- c:\windows\system32\nvsvc64.dll
2011-10-15 08:53 . 2011-10-09 20:41 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2011-10-15 08:53 . 2011-10-09 20:41 222528 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-15 08:53 . 2011-10-09 20:41 1640768 ----a-w- c:\windows\system32\nvvsvc.exe
2011-10-15 08:53 . 2011-10-09 20:41 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-10-15 08:53 . 2011-10-09 20:41 10406208 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-15 08:53 . 2011-10-09 20:39 8791360 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-10-15 08:53 . 2011-10-09 20:39 7041856 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-10-15 08:53 . 2011-10-09 20:39 2808128 ----a-w- c:\windows\system32\nvapi64.dll
2011-10-15 08:53 . 2011-10-09 20:39 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-10-15 08:53 . 2011-10-09 20:39 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-10-15 08:53 . 2011-10-09 20:39 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-10-14 22:54 . 2011-10-14 22:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-10-10 22:07 . 2011-06-16 02:49 96222375 ----a-w- C:\bio.zip
2011-09-14 21:35 . 2011-05-10 15:37 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-09-14 21:35 . 2011-05-10 15:37 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-09-07 10:39 . 2011-05-10 15:30 627600 ----a-w- c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2011-05-30 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2011-05-30 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\Clash\AppData\Local\Temp\ALSysIO64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9F2.tmp [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 SystemExplorerHelpService;System Explorer Help Service;c:\program files (x86)\System Explorer\SystemExplorerService64.exe [2011-09-22 712520]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-11-29 2996784]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-10-17 131912]
R4 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-25 24064]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]
R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]
S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206
FF - ProfilePath - c:\users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.rememberthemilk.com/home/clash666/#section.tasks|hxxp://vrr.de/de/fahrplanauskunft/index.html|hxxp://www.google.com/webhp|hxxp://www.wahlrecht.de/umfragen/index.htm|hxxp://news.google.com/news?pz=1&cf=all&ned=de&ict=ln|https://www.rememberthemilk.com/home/clash666/#section.tasks
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9F2.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-03 01:04:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-03 00:04
.
Vor Suchlauf: 3.212.455.936 Bytes frei
Nach Suchlauf: 3.458.965.504 Bytes frei
.
- - End Of File - - 28A96D2638A336E79D8AF75BDA4ADCC7
Code:
ATTFilter "Minimal SYStem 1.0.10"
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
Advanced Batch Converter
Alien Swarm
Alien Swarm - SDK
Alliance of Valiant Arms
Allmyapps
Android SDK Tools
Anomaly Warzone Earth
Apple Application Support
Apple Software Update
Aquaria
ASRock eXtreme Tuner v0.1.54
ASRock InstantBoot v1.26
Auto Gordian Knot 2.55
Avant Browser (remove only)
avast! Free Antivirus
Avi Fix Joiner 2.11
Avidemux 2.5
AviSynth 2.5
Bastion
Brink
Brother HL-5240
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Chromium
Chromium Updater
CloneDVD2
CodeBlocks
ColorSchemer Studio 2
CraftBukkit
Crayon Physics Deluxe
Darwinia
DEFCON
Defense Grid: The Awakening
DivX-Setup
Dungeon Defenders
Dungeons of Dredmor
DVD Decrypter (Remove Only)
DVD Shrink 3.2 deutsch
ElsterFormular für Unternehmer
Emsisoft Anti-Malware
ESET Online Scanner v3
Etron USB3.0 Host Controller
ffdshow [rev 3154] [2009-12-09]
FileHippo.com Update Checker
FileZilla Client 3.5.2
FileZilla Server
foobar2000 v1.1.9
Forsaken World
Frozen Synapse
GameMaker 8.1
Garmin Lifetime Updater
Garry's Mod
GIMP 2.6.11
Global Agenda
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Haali Media Splitter
HandBrake 0.9.5
Heroes of Newerth
ImgBurn
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 25
Java(TM) 6 Update 27
Java(TM) 7 Update 1
Java(TM) SE Development Kit 6 Update 25
Java(TM) SE Development Kit 7 Update 1
JDownloader
Killing Floor
Killing Floor Mod: Defence Alliance 2
LibreOffice 3.4
LIMBO
LogMeIn Hamachi
Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
Malwarebytes' Anti-Malware Version 1.51.2.1300
Metro 2033
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 SP1 + KB928366
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual J# 2.0 Redistributable Package
Microsoft XNA Framework Redistributable 3.1
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MKVtoolnix 4.9.1
Mozilla Firefox 8.0.1 (x86 de)
Mozilla Thunderbird (8.0)
MultipleIEs
Multiwinia
Mumble 1.2.3
MySQL Workbench 5.2 CE
Natural Selection 2
Notepad++
Nuance PDF Reader
NVIDIA PhysX
OpenAL
OpenVPN 2.1_rc20
OpenVPN Connect
Opera 11.52
Orcs Must Die!
Osmos
PDF Settings CS5
Pidgin
PuTTY version 0.61
Rage
RasterVect 15.3 Trial
Realtek Ethernet Controller Driver For Windows 7
RegExr
Revenge of the Titans
Saal Design Software
Safari
Sanctum
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Click to Call
Skype™ 5.5
Sol Survivor
Spiral Knights
SPlayer
Spybot - Search & Destroy
Steam
SumatraPDF
System Explorer 3.6.2
Team Fortress 2
TeamViewer 6
TeamViewer 7
The Elder Scrolls V: Skyrim
Titanium Developer
TP-LINK Wireless Client Utility
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update Notifier
Uplink
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.11
VNC Free Edition 4.1.3
VobSub v2.23 (Remove Only)
Warcraft III
Wascana C/C++ IDE for Windows
WinPcap 4.1.2
World of Tanks v.0.6.5
XBMC
XFastUsb
XviD MPEG4 Video Codec (remove only)
Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:47:34, on 03.12.2011 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe C:\Program Files (x86)\Hijack\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: System Explorer Help Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8958 bytes Grüße, Ralf |
|
03.12.2011, 13:27
| #11 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Ja diesmal dachte ich wir habens... aber, leider Nein! Nachdem ich heute morgen längere Zeit nicht umgeleitet wurde und der Browser angenehm schnell war beim dns lookup, ist es nun wieder wie gehabt. Ich habe den gleichen Link (bei googel ein link zu stiftung warentest) 2-mal im neuen tab geöffnet beim ersten Tab hat sich wie gehtabt über Umleitungen irgendeine Seite geöffnet und der 2. Tab war dann der richtige. Tja, gibt es noch was, was ich versuchen kann? Danke auf jeden Fall trotzdem, ich kann ganz gut nachvollziehen wie viel Zeit und mühe es kostet sich um PC Probleme anderer zu kümmern. Grüße, Ralf. |
|
04.12.2011, 00:11
| #12 |
| /// Helfer-Team | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos 1. Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten): HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen Code:
ATTFilter O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
poste erneut - nach der vorgenommenen Reinigungsaktion: TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!! ► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen... ► Besteht dein Problem nach wie vor?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
04.12.2011, 05:46
| #13 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos Nachdem ich Punkt 1 abgearbeitet hatte war erstmal mein Netzwerkadapter nicht mehr installiert. Leider hab ich es versäumt die Logfile die ich direkt nach dem neustart gemacht habe zu speichern. (der gefixte Punkt war aber auch weiterhin nicht mehr da) daraufhin habe ich an meinem Laptop den Treiber geladen und ihn per usb auf meinen Rechner gepackt dann den Treiber manuell kopiert und die .inf installiert. nach einem weiteren Reboot hab ich dann das Logfile direkt gemacht , der Netwerkadapter ist auch wieder installiert. nun der log von HijackThis nach dem 2.reboot : Code:
ATTFilter O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Explorer Help Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8187 bytes
Denke mal das wars dann doch noch nicht... Grüße, Ralf edit: so ich hab das mal untersucht was das mit dem JS soll. Dabei fand ich heraus das google versucht JS code nachzuladen. Code:
ATTFilter hxxp://www.google.de/extern_js/f/CgJkZRICZGUrMEU4ACwrMFo4ACwrMA44ACwrMBc4ACwrMDw4ACwrMFE4ACwrMFk4ACwrMAo4AZoCAmNjLCswmAE4ACwrMBY4ACwrMBk4ACwrMCo4ACwrMCs4AJoCC2pzX3JlZGlyZWN0LCswNTgALCswNjgALCswQTgALCswTTgALCswTjgALCswUzgAmgIGc2VhcmNoLCswVDgALCswYjgALCswaTgALCswbDgALCswbjgALCswcDgALCswkAE4ACwrMJIBOAAsKzCXATgALCswtgE4ACwrMHQ4ACwrMH04ACwrMB04ACwrMFw4AJoCBGlnY2MsKzAYOAAsKzAmOAAsgAJfkAJb/jiU9spSK5XE.js
vllt wird der download verhindert damit eine mögliche JS weiterleitung funktioniert... ich müsste mal lernen besser mit nem debugger umzugehen ... dann könnte ich die quelle dieser Blockade ausfindigmachen. nja ist wohl nicht sehr hilfreich aber ich fands grad spannend... Geändert von The-Clash (04.12.2011 um 06:25 Uhr) |
|
05.12.2011, 14:21
| #14 |
| /// Helfer-Team | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos ► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
05.12.2011, 21:03
| #15 |
| | Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos So nachdem mein Rechner heute morgen nicht mehr satrten wollte, musste ich das CMOS flashen damit ich weider starten konnte. Ich finde das sehr eigenartig war ewig nicht im BIOS hab kein OC und stabil und kühl ist der Rechner auch. (Und auch noch keine 6Monate alt,die meisten teile wie das mainboard z.B.) Jedenfalls lief der Rechner wieder und ab heute morgen auch ohne umleitungen mit javascript auf google und angenehm schnellem DNS lookup. Soweit so gut 3 neustarts und einige Stunden benutzung später immernoch alles problemlos, wenn wir davon absehen das natürlich die windows firewall defekt ist. Aber mit einer Routerfirewall bin ich wohl eh besser dran, den Sinn von Software-Firewalls hab ich noch nie verstanden. Achja: Ich benutze nun Opera als Standard-Browser. sandboxIE muss ich mir mal ansehen, kommt aber auch noch. Avast und Malwarebytes las ich als free versionen auch mal drauf vllt ist es ja doch besser, auch wenn sie diesen Trojaner nicht finden konnten. Gibt es noch was, was ich sinnvoll tun kann? Sonst einfach vielen, vielen Dank an dich für deine Hilfe! Damit war ich dann doch alleine etwas überfordert. Viele Grüße, Ralf |
|
| Themen zu Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos |
| autorun, avira, bho, bluescreen, c:\windows\system32\rundll32.exe, desktop, emsisoft, emsisoft anti-malware, entfernen, error, firefox, funktioniert nicht mehr, geld, google, google earth, helper, logfile, malware, mein log, mozilla thunderbird, plug-in, problem, realtek, registry, required, rootkit, rundll, safer networking, scan, security, security update, senden, server, software, version=2.0, webcheck, windows, zeon/pdf |
.
Linear-Darstellung
