| |
| |||||||
Log-Analyse und Auswertung: DNS Changer oder anderes ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.12.2011, 04:26
| #1 |
| |  DNS Changer oder anderes Problem Hallo Seid einigen Tagen läßt sich mein Rechner nich richtig hochfahren, er stürzt noch vor der Passwort Eingabe mit EINEM lauten Klack ab. Nach 3-10 Versuchen startet der dann und seid 2 Tagen kommt hinzu das er auch mal mittendrin abstürzt. Dazu kommt das ich auf goggel Seiten vor einiger Zeit umgeleitet wurde, diese Problem hatte aber ein Bekannter gehoben, sicher bin ich aber nicht. Das System ist irgendwie langsamer als sonst gerade wenn ich im I Net bin. Am schlimmsten sind aber die Anläufe bis der Rechner mal startet, event sind Datein beschätigt? Nun dachte ich mir das ich halt Win 7 neu draufspiele, kam aber gar nicht erst in Bios um die Bootreihenfolge zu ändern, nach einigen Versuchen war ich dann drin, geändert aber er installiert nicht neu. Immer wenn ich auf installieren klicke sagt er "ein erforderlicher installationsordner konnte nicht erstellt werden" Die cd ist in Ordnung, da sie bei meinem Bruder funktioniert. Ich habe auch schon eine neues Netzteil gekauft weil ich dachte daher kommen die Startprobleme, die Grafikkarte ist auch erst einen Monat alt und alle Kabel wurden mit dem Netzteil neu ersetzt weil ich dachte es könnte dadran liegen. Hat aber auch nichts gebracht. Nur wird es von Tag zu Tag schlechter mit dem starten des PC´s, er braucht immer mehr Anläufe. Reparaturen schlagen fehl. Könnte jemand mir einem Tip geben oder mein System mal durchschauen ob es vielleicht an der Software liegt oder Maleware (Malewarbyts und Kaspersky finden nicht)? ------------------------------------------ Ich Poste gleich noch die erforderlichen Daten von defrogger usw hinterher Grüße Ninimiel |
|
26.12.2011, 00:52
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | DNS Changer oder anderes Problem Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.
__________________Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon. Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.
__________________ |
|
26.12.2011, 00:59
| #3 |
| | DNS Changer oder anderes Problem OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 26.12.2011 00:10:29 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\---\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,04% Memory free 6,00 Gb Paging File | 4,98 Gb Available in Paging File | 83,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 80,61 Gb Free Space | 54,08% Space Free | Partition Type: NTFS Drive D: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: --- | User Name: --- | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\---\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Rainlendar2\Rainlendar2.exe () PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll () MOD - C:\Programme\Rainlendar2\Rainlendar2.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll () MOD - C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll () MOD - C:\Programme\Rainlendar2\lfs.dll () MOD - C:\Programme\Rainlendar2\lua51.dll () ========== Win32 Services (SafeList) ========== SRV - (FSORSPClient) -- File not found SRV - (FSMA) -- File not found SRV - (F-Secure Gatekeeper Handler Starter) -- File not found SRV - (FSDFWD) -- File not found SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation) DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (PfFilter) -- C:\Programme\IObit\Protected Folder\pffilter.sys (IObit Information Technology) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 52 1C 37 9B DA CB 01 [binary data] IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - prefs.js..keyword.URL: "" FF - prefs.js..network.proxy.type: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 07:30:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.24 19:04:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.25 13:57:38 | 000,000,000 | ---D | M] [2011.04.05 15:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Extensions [2011.03.04 23:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.12.26 00:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions [2011.09.06 12:46:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ninimiel\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.08.20 11:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{cf0fa468-70e0-44e0-a0a3-9332709cf0fc} [2011.12.16 13:03:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.07.11 18:31:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\battlefieldheroespatcher@ea.com [2011.12.26 00:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.11.30 11:13:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.03.05 02:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.10 19:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.08 12:29:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.12.25 12:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.09.07 02:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2011.09.07 02:29:12 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2011.11.30 11:13:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.03.05 02:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.04.10 19:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.08 12:29:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.12.25 12:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.09.07 02:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU [2011.09.07 02:29:12 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU [2011.11.27 05:57:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.22 07:30:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.12.22 07:30:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.03.05 02:02:47 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml [2011.12.22 07:30:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.22 07:30:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.22 07:30:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.12.20 16:22:00 | 000,431,138 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 14840 more lines... O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO) O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\Ninimiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\---\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F2B64E-66E6-4CEC-9A31-98D32D58F79F}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.12.24 15:46:01 | 000,000,088 | R--- | M] () - D:\auto irgendwas.txt -- [ UDF ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^---^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: F-Secure Manager - hkey= - key= - File not found MsConfig - StartUpReg: F-Secure TNB - hkey= - key= - File not found MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - File not found MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.26 00:08:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ninimiel\Desktop\OTL.exe [2011.12.22 18:30:41 | 000,000,000 | ---D | C] -- C:\Users\---\Pavark [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Tools [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Mods [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-UserName [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-SP [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-ServerMod [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Server [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Portable [2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Games [2011.12.22 08:21:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\java [2011.12.22 08:21:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Extras [2011.12.22 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\.minecraft server [2011.12.22 07:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011.12.22 07:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2011.12.21 00:54:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\.minecraft [2011.12.20 19:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.20 19:09:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.12.20 15:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5 [2011.12.20 15:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro [2011.12.20 04:31:21 | 000,000,000 | ---D | C] -- C:\sh4ldr [2011.12.20 04:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2011.12.20 01:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3 [2011.12.17 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\---\Neuer Ordner [2011.12.16 13:02:46 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Local\eSupport.com [2011.12.09 04:17:12 | 000,000,000 | ---D | C] -- C:\Users\---\.rainlendar2 [2011.12.07 20:49:18 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Local\PMB Files [2011.12.07 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2011.12.07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll [2011.12.06 14:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2 [2011.12.06 14:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar2 [2011.12.06 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Ninimiel\Documents\Freekalender2012 [2011.11.30 11:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.26 00:11:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.26 00:11:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.26 00:08:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\---\Desktop\OTL.exe [2011.12.25 23:50:47 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.25 23:50:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.22 07:45:35 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI [2011.12.22 07:32:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.20 23:57:30 | 000,001,871 | ---- | M] () -- C:\Users\---\Desktop\MineCraft.lnk [2011.12.20 22:54:33 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.12.20 19:09:23 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.20 18:10:50 | 000,000,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011.12.20 16:46:07 | 001,396,436 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB [2011.12.20 16:22:00 | 000,431,138 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011.12.20 15:52:57 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011.12.20 00:04:32 | 000,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf [2011.12.17 22:22:44 | 003,653,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.17 22:22:44 | 001,065,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.17 22:22:44 | 000,309,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.17 22:22:44 | 000,042,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.17 19:53:18 | 000,004,314 | ---- | M] () -- C:\bie786129g.mds [2011.12.17 19:53:16 | 2593,587,200 | ---- | M] () -- C:\bie786129g.iso [2011.12.15 22:41:00 | 000,408,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.13 09:35:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.12.13 09:29:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.12.07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll [2011.12.06 13:14:22 | 000,000,018 | ---- | M] () -- C:\Windows\xkalFREE2012.dat [2011.11.30 11:13:06 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2011.11.28 10:16:58 | 000,000,331 | ---- | M] () -- C:\Windows\SIERRA.INI [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.22 08:22:13 | 000,000,185 | ---- | C] () -- C:\Users\---\AppData\Roaming\MineCraftDownloads.url [2011.12.22 08:22:13 | 000,000,160 | ---- | C] () -- C:\Users\---\AppData\Roaming\MineCraft.url [2011.12.20 23:57:32 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI [2011.12.20 23:56:43 | 000,001,871 | ---- | C] () -- C:\Users\---\Desktop\MineCraft.lnk [2011.12.20 19:09:23 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.20 18:10:17 | 000,000,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg [2011.12.20 16:45:00 | 001,396,436 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB [2011.12.20 15:52:57 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys [2011.12.17 19:53:18 | 000,004,314 | ---- | C] () -- C:\bie786129g.mds [2011.12.17 19:47:18 | 2593,587,200 | ---- | C] () -- C:\bie786129g.iso [2011.12.06 13:14:22 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2012.dat [2011.11.18 18:57:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2011.11.18 18:57:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2011.10.22 19:41:29 | 000,153,088 | ---- | C] () -- C:\Windows\System32\fldlckun.exe [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.23 21:30:21 | 000,001,478 | ---- | C] () -- C:\Users\---\AppData\Local\RecConfig.xml [2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll [2011.09.07 02:29:02 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2011.09.07 02:29:02 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.08.25 12:53:32 | 000,017,408 | ---- | C] () -- C:\Users\---\AppData\Local\WebpageIcons.db [2011.08.21 21:40:17 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys [2011.07.11 18:38:06 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.07.11 18:38:05 | 000,138,056 | ---- | C] () -- C:\Users\----\AppData\Roaming\PnkBstrK.sys [2011.07.11 18:37:39 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.07.11 18:37:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.07.08 09:43:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2011.07.08 09:41:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.22 23:02:43 | 000,001,663 | ---- | C] () -- C:\Windows\wininit.ini [2011.05.22 22:59:04 | 000,000,331 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.04.24 17:11:39 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe [2011.04.02 11:55:57 | 000,000,000 | ---- | C] () -- C:\Users\----\AppData\Local\prvlcl.dat [2011.03.06 17:19:43 | 000,007,609 | ---- | C] () -- C:\Users\---\AppData\Local\resmon.resmoncfg [2011.03.06 07:26:00 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.03.05 03:36:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2011.03.04 23:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.04 21:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.09.30 04:56:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2009.07.14 09:47:43 | 003,653,904 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 09:47:43 | 001,065,404 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 05:33:53 | 000,408,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 03:05:48 | 000,309,630 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 03:05:48 | 000,042,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.04.23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.01.10 06:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll ========== LOP Check ========== [2011.12.24 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\.minecraft [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---l\AppData\Roaming\.minecraft server [2011.09.23 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Audacity [2011.04.03 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\AVG10 [2011.03.05 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\AVG9 [2011.04.24 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Carambis [2011.07.22 20:57:33 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DAEMON Tools Lite [2011.10.24 10:25:38 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DVDVideoSoft [2011.10.24 10:25:31 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.09 21:18:15 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\ESET [2011.12.22 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Extras [2011.08.21 22:26:16 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Firestorm [2011.10.23 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\FRITZ! [2011.10.17 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\GetRightToGo [2011.12.22 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\java [2011.11.16 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Kalypso Media [2011.07.11 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\LolClient [2011.11.05 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Marine Aquarium 3 [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Games [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Portable [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Server [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\MineCraft-ServerMod [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-SP [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-UserName [2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Mods [2011.08.20 13:44:18 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Origin [2011.09.03 00:37:56 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\PloppSL [2011.04.14 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\--\AppData\Roaming\SecondLife [2011.06.24 05:38:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\temp [2011.03.04 23:34:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Tools [2011.12.25 12:52:06 | 000,000,000 | ---D | M] -- C:\Users----\AppData\Roaming\TS3Client [2011.03.05 01:03:23 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\TuneUp Software [2011.11.18 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Ubisoft [2011.07.13 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\wargaming.net [2011.09.10 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Wise Disk Cleaner [2011.12.20 21:40:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.04.24 10:51:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.03.09 06:51:52 | 000,000,000 | ---D | M] -- C:\20a5838adb674a6f18 [2011.03.04 21:52:48 | 000,000,000 | ---D | M] -- C:\ATI [2011.12.24 21:59:04 | 000,000,000 | -HSD | M] -- C:\Boot [2011.12.22 07:49:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.04 19:21:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.04.24 16:15:44 | 000,000,000 | ---D | M] -- C:\dx 9.26 [2011.07.08 10:37:06 | 000,000,000 | ---D | M] -- C:\e3d9b46ae30f3b9da2837871 [2011.03.05 05:11:47 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.03.04 19:45:34 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.12.24 19:04:08 | 000,000,000 | R--D | M] -- C:\Program Files [2011.12.20 18:25:56 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.03.04 19:21:41 | 000,000,000 | -HSD | M] -- C:\Programme [2011.03.04 19:21:42 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.12.20 22:24:51 | 000,000,000 | ---D | M] -- C:\sh4ldr [2011.04.18 03:17:59 | 000,000,000 | ---D | M] -- C:\Spiele [2011.10.19 14:34:34 | 000,000,000 | ---D | M] -- C:\stdtsa [2011.12.26 00:13:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.11.09 14:12:14 | 000,000,000 | ---D | M] -- C:\Users [2011.12.25 12:52:06 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys [2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys [2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys [2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys [2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys [2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-25 11:56:48 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A18D1A5B @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8BCF4DE2 @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > So hier die Daten von OTL der Rest kommt Geändert von Ninimiel1976 (26.12.2011 um 01:54 Uhr) Grund: Username entfernt |
|
26.12.2011, 01:46
| #4 |
| | DNS Changer oder anderes Problem Hallo Hier der GMER Log GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-26 01:41:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006c MDT_MD16 rev.08.0
Running: 6dluv4h7.exe; Driver: C:\Users\---\AppData\Local\Temp\axdiikod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x9323ADAA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x9323CFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x9323D262]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x9323D4D8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x9323B6BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x9323C4F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x9323CA3C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x9323B99A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x9323C922]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x9323A998]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x9323C7F6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x9323AB40]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x9323CB5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x9323B344]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x9323B442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateUserProcess [0x9323D722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x9323C88C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x9323E24A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0x9323BE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x9323F458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x9323BC2A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x9323E33C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x9323EAA4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x9323CAD2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x9323B740]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x9323C9B2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x9323AFE8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x9323E83E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x9323CBF2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x9323AED8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x9323D7DC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x9323EDDE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x9323E6D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplaceKey [0x93239652]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x9323CF56]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x9323CE1C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x9323DFE4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRestoreKey [0x932399CA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x9323F2FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSaveKey [0x932395EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x9323C238]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x9323B560]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x9323D87E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x9323E4DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x9323EF2E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x9323F020]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x9323F15A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x9323E16E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x9323B18E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x9323B0E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x9323EC82]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x9323B27A]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83488369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C1D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10D7 834C8D8C 4 Bytes [AA, AD, 23, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 834C8DB4 8 Bytes CALL E5DFB188
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 834C8DF8 4 Bytes [D8, D4, 23, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 834C8E24 4 Bytes [BE, B6, 23, 93]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1193 834C8E48 4 Bytes [F2, C4, 23, 93]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0x8316A300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x831AD300, 0x1BEE, 0xE8000020]
PAGE peauth.sys 9F818BEC 104 Bytes JMP A9C46686
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs pffilter.sys
AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC7.00.00.01PROSTATION A1F9123AB7B9F4AC77F0A2783BDF4417DF360E64C453554EFC9070E08B48035D5F505353D78FDE789F7B349C07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933BA7FD869164D6794D0D5367B91249CD4FE9231D965C0D21095C5D36DA3C8502F6C47E4FD2B14C18D4353C80589F239E41D66FA4F2CAEB04835621064975799FC0489504B31E973204DC35B0B1C3C0397C43B609023BD8DDAC1C3655AB288A302FE909A6D614509AE70BEC12D0DD59540A22FA96C875943D6ADAC2CE4CBFD2EA73BE4CBEA491C3EA11433D7FC442C4FE3C4B31FA23905F07F53B34014DAEC370E7962F23D9BF7161681DFF883CB3DD0BAA00F12E5BAD1FA4B6CC200687D9D8489DFB89D522F79545BE75A883A511E02348C59D35E35EA88639C1BD055736F1CA0F76B628DFACF03F5D90B6B90A9F30C70C202BA28730A832866CC98C52351CA102E535A4320C36F20CDAF8B69CAFB5DC5E44A2254E6809CAA32404396944AA245D31A21BDDDADA9451DD7D69CCF84273DF448E7E5213246B14DAEC217F473F4E520C0573C1C7D870587693E75F6F0E094DAE4EFD4DC983738E629880E15795CC82A1BA16FE3B42236AD9C38B0243944BDE15F1F0D74BEE9EC94900C33691DB378F1D1A8FD626A565F187E3
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL F29EEFB36EE3A7EAC71627BBBFD71D0C1A4F7C0AE9964138948219B4FA758F93068D0444806386CA7830EDD2A08C395954198EFA4CCEF3231BBF891CFD016BDBA995EFE7060582C292FE4442692D9C2882A0167550707DC5377C342D87EDBC68855ED9CE0B444A697096061127B37F74CE0A4CF2A3113FA2058946780790ADE0C5058ABEE1D16F2AEC02B6D92CCBF90FE66B8A83B97B7B0FA12B16A130EDC93F191C6E119C10E445E93F7A490E550B1E7BCF50CAC6AB5AB5B0989AE1F8C181D3B3A696B3139787CECC409DA324669618C236BF7FC6546693D77E6E831CF9A9BF4E9EB7A5E232112EFBEA0CBD8DC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933BA7FD869164D6794E95D7D1D1E9C7BFB67492E2E869856A15CA896B2C92A111FEE877D940197A7836D16109584EF17EA4B1EF98BBF23FB2336CF0B72057D3F22B5D6EFC3F6DBD6476340F2230A451573A6BBDADD0749826A0B9CC8342EACD089A33337F7586FD8CA787777F83897A71A8F82D041A2D89D78FAD221A0667D9B747DE795883E2CC468BB2A703C42F4C8947EA5E0C9F935C701070BE8D770C5B9B27192524163FD742EA29B35047DFC34D0D12C94FA1D54BCED96337AEB32F189CA8C25B66229E308DF846
---- Files - GMER 1.0.15 ----
File C:\ProgramData\IObit\Protected Folder\config.ini 88 bytes
File C:\ProgramData\IObit\Protected Folder\drawposs.db 21 bytes
File C:\ProgramData\IObit\Protected Folder\fstile.cds 82 bytes
File C:\Users\---\Desktop\Danny 0 bytes
---- EOF - GMER 1.0.15 ----
------------------------- Ich kann so gut wie keine Sachen runterladen also zum mind keine großeren Datein, er läd dann einfach nicht die Seite zuende. Leider kenne ich mich auch nicht aus mit Linux und wüßte nicht wie ich es testen soll. Ich habe in allen Logeinträgen den Username mit --- ausgetauscht, also nicht wundern. Grüße Ninimiel1976 |
|
26.12.2011, 01:57
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DNS Changer oder anderes ProblemZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.12.2011, 02:02
| #6 |
| | DNS Changer oder anderes Problem Ok aber gibt es auch die Möglichkeit das ganze ohne zu brennen zu testen, ich habe nämlich keinen Brenner^^ Also vorher lief das System einwandfrei. Grüße Ninimiel Geändert von Ninimiel1976 (26.12.2011 um 02:03 Uhr) Grund: textänderung |
|
26.12.2011, 02:12
| #7 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DNS Changer oder anderes ProblemZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2011, 02:17
| #8 |
| | DNS Changer oder anderes Problem ok also Ubuntu heißt das ja? Muß ich dann Treiber instalieren oder macht er das wie bei win7 von alleine? Grüße Ninimiel |
|
26.12.2011, 02:19
| #9 |
| | DNS Changer oder anderes Problem Naja ich kann es nicht runterladen der Balken läd nur bis zur hälfte, wie bei allen großen Downloads seid neustem. Kleine Datein gehen ohne Probleme Grüße |
|
26.12.2011, 03:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DNS Changer oder anderes Problem Na, dann musste wohl oder übel von einem anderen Rechner der ggf. sogar an einem anderen Internetanschluss hängt das Image runterladen. Wir wissen nciht ob es an deinem Rechner liegt oder sogar dein Internetanschluss eine Macke hat. Das sehen wir erst so "richtig" beim Test mit der Live-CD. Such dir dann einen Rechner der am besten einen Brenner har, eine ISO auf CD brennen ist IMHO unkomplizierter als das betanken eines USB-Sticks.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.12.2011, 17:21
| #11 |
 | DNS Changer oder anderes Problem Hallo Also bei ubonto kam es zur Fehlermeldung "indows backend object has no attribute iso path" was bedeutet das^^ Grüße |
|
26.12.2011, 19:21
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | DNS Changer oder anderes Problem Du fummelst mit WUBI rum und genau DAS SOLLTEST DU NICHT machen. Bitte richtig lesen was ich schreibe. Lade das Image mit einem Rechner runter, der einen Brenner hat. Dann wird dieses ISO-Image auf CD gebrannt. Von dieser CD wird der Computer gebootet und nicht einfach was unter Windows ausgeführt!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu DNS Changer oder anderes Problem |
| bios, bruder, datei, dns, dns changer, folge, grafikkarte, kaspersky, klicke, langsamer, maleware, netzteil, neu, passwort, passwort eingabe, problem, probleme, rechner, seite, seiten, software, starten, startet, startprobleme, system, umgeleitet, ändern |
Linear-Darstellung
