Kein Zugriff auf Firewall! - rootkit(?)

cosinus · 21.08.2012, 13:26

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Tillus · 21.08.2012, 13:50

Bei der Version, die ich über den link bekommen habe sind noch zwei weitere Checkboxen:
System Memory
Loaded Modules

Ebenfalls markieren oder auslassen?

cosinus · 21.08.2012, 14:06

Kannst ruhig markieren

Tillus · 21.08.2012, 14:25

Log ist im Anhang.

cosinus · 21.08.2012, 14:33

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Tillus · 21.08.2012, 14:49

ich habe ein Problem, da sich Avira nicht komplett abschalten lässt.
CF weist darauf hin, dass ich Avira Desktop deaktivieren muss, ich weiß jedoch leider nicht wie. Im Avira Menü finde ich nichts dazu.
Irgendeine Idee?

Hat sich geklärt:

Code:

ATTFilter

ComboFix 12-08-20.02 - Till 21.08.2012  18:21:13.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4004.1765 [GMT 2:00]
ausgeführt von:: c:\users\Till\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-21 bis 2012-08-21  ))))))))))))))))))))))))))))))
.
.
2012-08-21 16:26 . 2012-08-21 16:26	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-08-21 13:10 . 2012-08-21 13:10	208216	----a-w-	c:\windows\system32\drivers\21272795.sys
2012-08-21 00:10 . 2012-08-21 00:10	--------	d-----w-	C:\_OTL
2012-08-16 00:48 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-15 20:55 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 20:55 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 20:55 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 20:55 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 20:55 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 20:55 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 20:55 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 20:55 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 20:55 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 20:55 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 20:55 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 20:55 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-14 16:09 . 2012-08-14 16:09	--------	d-----w-	c:\program files (x86)\ESET
2012-08-13 16:53 . 2012-08-21 15:39	--------	d-----w-	c:\users\Till\AppData\Local\ArmA 2 OA
2012-08-09 08:57 . 2012-08-09 08:57	--------	d-----w-	c:\program files\7-Zip
2012-08-08 21:56 . 2012-08-08 21:56	--------	d-----w-	c:\users\Till\AppData\Roaming\Malwarebytes
2012-08-08 21:56 . 2012-08-08 21:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-08 21:55 . 2012-08-08 21:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 21:55 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-07 23:40 . 2012-08-13 16:53	--------	d-----w-	c:\program files (x86)\Reinforcements
2012-08-07 23:37 . 2012-08-07 23:38	--------	d-----w-	c:\users\Till\AppData\Local\ArmA 2 REINFORCEMENTS
2012-08-06 13:31 . 2012-08-06 13:31	--------	d-----w-	c:\users\Till\Pavark
2012-08-05 22:27 . 2012-08-05 22:27	--------	d-----w-	c:\users\Till\AppData\Roaming\f-secure
2012-08-05 22:27 . 2012-08-05 22:27	--------	d-----w-	c:\programdata\F-Secure
2012-08-05 14:22 . 2012-08-05 14:22	--------	d-----w-	c:\users\Till\AppData\Local\Chris_Pietschmann_(http__
2012-08-05 14:05 . 2012-08-20 08:08	--------	d-----w-	c:\program files (x86)\Virtual Router
2012-07-30 23:03 . 2012-08-03 14:40	--------	d-----w-	c:\program files (x86)\fraps
2012-07-30 14:27 . 2012-07-30 21:46	--------	d-----w-	c:\users\Till\AppData\Local\gctmp
2012-07-30 14:27 . 2012-07-30 14:27	--------	d-----w-	c:\users\Till\AppData\Local\Xenocode
2012-07-30 14:07 . 2012-07-30 14:22	--------	d-----w-	c:\users\Till\AppData\Local\Dxtory Software
2012-07-27 20:51 . 2012-07-27 20:51	184248	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-27 08:32 . 2012-06-29 10:04	9133488	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7CB72261-718F-47A9-9D55-E9CFB54AAD75}\mpengine.dll
2012-07-26 12:22 . 2012-08-07 23:17	--------	d-----w-	c:\program files (x86)\Bohemia Interactive
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 00:46 . 2012-04-26 17:18	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-15 09:59 . 2012-04-19 11:52	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:59 . 2012-04-19 11:52	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 14:21 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-07-16 09:30 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-16 09:30 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 21:46 . 2012-04-22 01:11	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-07-15 21:46 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-07-05 20:06 . 2012-04-27 13:56	772544	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 20:06 . 2012-04-21 13:55	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-16 15:05 . 2012-06-16 15:05	27176	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-06-16 15:05 . 2012-06-16 15:05	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2012-06-16 15:05 . 2012-06-16 15:05	13352	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-06-09 05:43 . 2012-07-10 21:29	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:29	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:29	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:29	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:29	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:29	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:29	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-05 08:52 . 2012-06-05 08:52	64000	----a-w-	c:\windows\SysWow64\steam_api.dll
2012-06-05 08:18 . 2012-06-05 08:18	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-02 22:19 . 2012-06-22 08:57	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:57	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 08:57	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:57	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 08:57	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 08:57	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-22 08:57	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-10 21:29	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:29	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-10 21:29	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-10 21:29	340992	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:29	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:29	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:29	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:29	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:29	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-05-31 10:25 . 2010-11-21 03:27	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-05-30 06:17 . 2012-05-30 06:17	71680	----a-w-	c:\windows\system32\frapsv64.dll
2012-05-30 06:17 . 2012-05-30 06:17	65536	----a-w-	c:\windows\SysWow64\frapsvid.dll
2012-05-29 15:34 . 2012-05-29 15:34	955848	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-05-29 15:34 . 2012-05-29 15:34	839112	----a-w-	c:\windows\system32\deployJava1.dll
2012-05-29 15:34 . 2012-05-29 15:34	268744	----a-w-	c:\windows\system32\javaws.exe
2012-05-29 15:34 . 2012-05-29 15:34	189384	----a-w-	c:\windows\system32\javaw.exe
2012-05-29 15:34 . 2012-05-29 15:34	188872	----a-w-	c:\windows\system32\java.exe
2012-05-25 22:58 . 2012-05-25 22:58	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
2012-05-24 19:10 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-23 16:50 . 2012-06-17 11:44	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2012-05-23 16:49 . 2012-05-23 16:49	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2012-05-23 16:49 . 2012-05-23 16:49	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2012-05-23 16:49 . 2012-05-23 16:49	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2012-05-23 16:49 . 2012-05-23 16:49	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2012-05-23 16:49 . 2012-05-23 16:49	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2012-05-23 16:49 . 2012-05-23 16:49	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2012-05-23 16:49 . 2012-05-23 16:49	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2012-05-23 16:49 . 2012-05-23 16:49	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2012-05-23 16:49 . 2012-05-23 16:49	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2012-05-23 16:49 . 2012-05-23 16:49	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	24576	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2012-05-23 16:49 . 2012-05-23 16:49	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2012-05-23 16:49 . 2012-05-23 16:49	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2012-05-23 16:49 . 2012-05-23 16:49	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2012-05-23 16:49 . 2012-05-23 16:49	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2012-05-23 16:49 . 2012-05-23 16:49	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2012-05-23 16:49 . 2012-05-23 16:49	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2012-05-23 16:49 . 2012-05-23 16:49	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2012-05-23 16:49 . 2012-05-23 16:49	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-08-12 5229568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-16 13352]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-24 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-05 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:59]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001Core.job
- c:\users\Till\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 22:16]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001UA.job
- c:\users\Till\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = 
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\Till\AppData\Roaming\Mozilla\Firefox\Profiles\ap0gm487.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - 
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-82177841.sys
SafeBoot-83988040.sys
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-BattlEye - c:\program files (x86)\Bohemia Interactive\ArmA 2 Operation ArrowheadExpansion\BattlEye\UnInstallBE.exe
AddRemove-BattlEye A2 Free - c:\program files (x86)\Bohemia Interactive\ArmA 2 FreeBattlEye\UnInstallBE.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-21  18:30:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-21 16:30
.
Vor Suchlauf: 11 Verzeichnis(se), 96.416.325.632 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 95.998.185.472 Bytes frei
.
- - End Of File - - 2AB5F12E7C76689C126F9B9C3153F951

Tillus · 23.08.2012, 12:51

Meine Firewall ist nun übrigens wieder normal!
Schonmal danke, auch wenn ich nicht weiß, ob das alles war.

cosinus · 30.08.2012, 14:20

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

ATTFilter

Filelook::
c:\windows\system32\drivers\21272795.sys

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Tillus · 31.08.2012, 19:20

Code:

ATTFilter

ComboFix 12-08-30.05 - Till 31.08.2012  19:58:58.2.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4004.2421 [GMT 2:00]
ausgeführt von:: c:\users\Till\Desktop\virenzeug\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Till\Desktop\virenzeug\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-28 bis 2012-08-31  ))))))))))))))))))))))))))))))
.
.
2012-08-31 10:34 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D19DCD3-0ABF-4D85-8B90-2F0EE0FD3F2F}\mpengine.dll
2012-08-22 21:56 . 2012-08-22 21:56	--------	d-----w-	c:\users\Till\AppData\Roaming\Leadertech
2012-08-22 21:56 . 2012-08-22 21:56	53248	----a-r-	c:\users\Till\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-22 21:56 . 2012-08-22 21:56	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2012-08-22 21:56 . 2012-08-22 21:56	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-08-22 21:55 . 2012-08-22 22:37	--------	d-----w-	c:\programdata\Logishrd
2012-08-22 21:54 . 2012-08-22 21:56	--------	d-----w-	c:\users\Till\AppData\Roaming\Logitech
2012-08-22 21:54 . 2012-08-22 21:55	--------	d-----w-	c:\users\Till\AppData\Roaming\Logishrd
2012-08-21 13:10 . 2012-08-21 13:10	208216	----a-w-	c:\windows\system32\drivers\21272795.sys
2012-08-21 00:10 . 2012-08-21 00:10	--------	d-----w-	C:\_OTL
2012-08-16 00:48 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-15 20:55 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-15 20:55 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-15 20:55 . 2012-07-04 22:16	73216	----a-w-	c:\windows\system32\netapi32.dll
2012-08-15 20:55 . 2012-07-04 22:13	59392	----a-w-	c:\windows\system32\browcli.dll
2012-08-15 20:55 . 2012-07-04 22:13	136704	----a-w-	c:\windows\system32\browser.dll
2012-08-15 20:55 . 2012-07-04 21:14	41984	----a-w-	c:\windows\SysWow64\browcli.dll
2012-08-15 20:55 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-08-15 20:55 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-08-15 20:55 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-08-15 20:55 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-08-15 20:55 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-15 20:55 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-14 16:09 . 2012-08-14 16:09	--------	d-----w-	c:\program files (x86)\ESET
2012-08-13 16:53 . 2012-08-31 10:43	--------	d-----w-	c:\users\Till\AppData\Local\ArmA 2 OA
2012-08-09 08:57 . 2012-08-09 08:57	--------	d-----w-	c:\program files\7-Zip
2012-08-08 21:56 . 2012-08-08 21:56	--------	d-----w-	c:\users\Till\AppData\Roaming\Malwarebytes
2012-08-08 21:56 . 2012-08-08 21:56	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-08 21:55 . 2012-08-08 21:56	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-08 21:55 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-08-07 23:40 . 2012-08-13 16:53	--------	d-----w-	c:\program files (x86)\Reinforcements
2012-08-07 23:37 . 2012-08-07 23:38	--------	d-----w-	c:\users\Till\AppData\Local\ArmA 2 REINFORCEMENTS
2012-08-06 13:31 . 2012-08-06 13:31	--------	d-----w-	c:\users\Till\Pavark
2012-08-05 22:27 . 2012-08-05 22:27	--------	d-----w-	c:\users\Till\AppData\Roaming\f-secure
2012-08-05 22:27 . 2012-08-05 22:27	--------	d-----w-	c:\programdata\F-Secure
2012-08-05 14:22 . 2012-08-05 14:22	--------	d-----w-	c:\users\Till\AppData\Local\Chris_Pietschmann_(http__
2012-08-05 14:05 . 2012-08-20 08:08	--------	d-----w-	c:\program files (x86)\Virtual Router
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 00:46 . 2012-04-26 17:18	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-15 09:59 . 2012-04-19 11:52	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:59 . 2012-04-19 11:52	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-30 14:21 . 2009-07-13 23:19	328704	----a-w-	c:\windows\system32\services.exe
2012-07-16 09:30 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2012-07-16 09:30 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2012-07-15 21:46 . 2012-04-22 01:11	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2012-07-15 21:46 . 2012-04-22 01:12	298016	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2012-07-05 20:06 . 2012-04-27 13:56	772544	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 20:06 . 2012-04-21 13:55	687544	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-06-16 15:05 . 2012-06-16 15:05	27176	----a-w-	c:\windows\system32\drivers\ggsemc.sys
2012-06-16 15:05 . 2012-06-16 15:05	1490656	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2012-06-16 15:05 . 2012-06-16 15:05	13352	----a-w-	c:\windows\system32\drivers\ggflt.sys
2012-06-09 05:43 . 2012-07-10 21:29	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:29	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:29	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:29	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:29	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:29	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:29	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-06-05 08:52 . 2012-06-05 08:52	64000	----a-w-	c:\windows\SysWow64\steam_api.dll
2012-06-05 08:18 . 2012-06-05 08:18	283200	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-02 22:19 . 2012-06-22 08:57	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 08:57	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 08:57	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 08:57	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 08:57	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 08:57	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 08:57	99840	----a-w-	c:\windows\system32\wudriver.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\21272795.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.8.4.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 208216
Created time: 2012-08-21 13:10
Modified time: 2012-08-21 13:10
MD5: F146E2BA475893DD77B2370DC1211FC6
SHA1: B34C5CDBC9597694131FD20562DB201F62E6D1FE
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-08-21_16.27.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-08-31 17:50	49420              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-31 17:50	31948              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-04-19 13:10 . 2012-08-31 17:50	13554              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4282135630-3380497043-1520993403-1001_UserData.bin
+ 2011-09-02 06:30 . 2011-09-02 06:30	55064              c:\windows\system32\LMouFiltCoInst.dll
+ 2009-07-14 05:30 . 2012-08-30 11:28	86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-08-16 07:33	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2012-08-30 11:27 . 2012-05-15 10:48	68928              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\OpenCL64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	68928              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\OpenCL64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	61248              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\OpenCL.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	61248              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\OpenCL.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	28992              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvpciflt.sys
- 2012-06-10 00:25 . 2012-05-15 10:48	28992              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvpciflt.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30	42776              c:\windows\system32\drivers\LUsbFilt.sys
+ 2011-09-02 06:30 . 2011-09-02 06:30	60696              c:\windows\system32\drivers\LMouFilt.Sys
+ 2011-09-02 06:30 . 2011-09-02 06:30	66840              c:\windows\system32\drivers\LHidFilt.Sys
+ 2012-04-19 11:27 . 2012-08-21 18:10	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-19 11:27 . 2012-08-15 09:59	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-08-21 18:10 . 2012-08-21 18:10	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 09:59	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-21 18:10	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-10 00:25 . 2012-05-15 10:48	4096              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdetx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	4096              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdetx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	4096              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdet.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	4096              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdet.dll
+ 2012-08-31 17:48 . 2012-08-31 17:48	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-21 16:26 . 2012-08-21 16:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-31 17:48 . 2012-08-31 17:48	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-21 16:26 . 2012-08-21 16:26	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-21 13:48 . 2012-08-30 08:48	246602              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-08-30 08:49	652148              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-13 13:29	652148              c:\windows\system32\perfh009.dat
+ 2011-02-23 12:59 . 2012-08-30 08:49	696870              c:\windows\system32\perfh007.dat
- 2011-02-23 12:59 . 2012-08-13 13:29	696870              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-08-13 13:29	121080              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-30 08:49	121080              c:\windows\system32\perfc009.dat
+ 2011-02-23 12:59 . 2012-08-30 08:49	148134              c:\windows\system32\perfc007.dat
- 2011-02-23 12:59 . 2012-08-13 13:29	148134              c:\windows\system32\perfc007.dat
+ 2009-07-14 05:30 . 2012-08-30 11:28	239616              c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-08-16 07:33	239616              c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-30 11:28	143360              c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-08-16 07:33	143360              c:\windows\system32\DriverStore\infstor.dat
+ 2012-08-30 11:27 . 2012-05-15 12:55	398656              c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvstusb64.sys
- 2012-06-10 00:25 . 2012-05-15 12:55	398656              c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvstusb64.sys
+ 2012-08-30 11:27 . 2012-05-15 10:48	949056              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvumdshimx.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	949056              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvumdshimx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	818496              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvumdshim.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	818496              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvumdshim.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	246592              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvinitx.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	246592              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvinitx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	202048              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvinit.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	202048              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvinit.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	249856              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdxgiwrapx.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	249856              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdxgiwrapx.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	220480              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdxgiwrap.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	220480              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdxgiwrap.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	301376              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdecodemft32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	301376              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdecodemft32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	364352              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdecodemft.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	364352              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdecodemft.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	316928              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\Nvd3d9wrapx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	316928              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\Nvd3d9wrapx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	285504              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\Nvd3d9wrap.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	285504              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\Nvd3d9wrap.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	232768              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\dbInstaller.exe
- 2012-06-10 00:25 . 2012-05-15 10:48	232768              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\dbInstaller.exe
- 2009-07-14 04:46 . 2012-08-17 11:30	106528              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-08-22 21:28	106528              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-08-21 16:26	287072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-31 14:26	287072              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-11-16 18:10 . 2009-11-16 18:10	889344              c:\windows\Installer\18ce8f3.msi
+ 2011-09-02 06:30 . 2011-09-02 06:30	1845528              c:\windows\system32\LkmdfCoInst.dll
- 2012-06-10 00:25 . 2012-05-15 12:55	1468224              c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvgenco64.dll
+ 2012-08-30 11:27 . 2012-05-15 12:55	1468224              c:\windows\system32\DriverStore\FileRepository\nvstusb.inf_amd64_neutral_9040728c38bb13af\nvgenco64.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	8105280              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvwgf2um.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	8105280              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvwgf2um.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	1468224              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvgenco64.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	1468224              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvgenco64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	1066872              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdrsdb.bin
+ 2012-08-30 11:27 . 2012-05-15 10:48	1066872              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdrsdb.bin
+ 2012-08-30 11:27 . 2012-05-15 10:48	1738048              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdispco64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	1738048              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvdispco64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2524992              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvid32.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2524992              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvid32.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2681664              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvid.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2681664              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvid.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2881856              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvenc64.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2881856              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvenc64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2445120              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvenc.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2445120              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuvenc.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	5982528              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuda32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	5982528              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuda32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	8139072              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuda.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	8139072              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcuda.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2741568              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvapi64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2741568              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvapi64.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	2368832              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvapi.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	2368832              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvapi.dll
+ 2009-07-14 04:45 . 2012-08-22 14:45	7413881              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-08-16 07:36	7413881              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-04-19 13:01 . 2012-08-30 11:30	7017840              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4282135630-3380497043-1520993403-1001-12288.dat
+ 2012-08-30 11:27 . 2012-05-15 10:48	10194752              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvwgf2umx.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	10194752              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvwgf2umx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	25743168              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvoglv64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	25743168              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvoglv64.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	19607872              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvoglv32.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	19607872              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvoglv32.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	14298944              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvlddmkm.sys
- 2012-06-10 00:25 . 2012-05-15 10:48	14298944              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvlddmkm.sys
- 2012-06-10 00:25 . 2012-05-15 10:48	18044224              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvd3dumx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	18044224              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvd3dumx.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	15322432              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvd3dum.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	15322432              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvd3dum.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	71931424              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\NvCplSetupInt.exe
- 2012-06-10 00:25 . 2012-05-15 10:48	71931424              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\NvCplSetupInt.exe
+ 2012-08-30 11:27 . 2012-05-15 10:48	17551680              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcompiler32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	17551680              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcompiler32.dll
- 2012-06-10 00:25 . 2012-05-15 10:48	25248064              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcompiler.dll
+ 2012-08-30 11:27 . 2012-05-15 10:48	25248064              c:\windows\system32\DriverStore\FileRepository\nvmi.inf_amd64_neutral_200a707d227cdc3c\nvcompiler.dll
+ 2012-04-19 13:01 . 2012-08-31 14:26	15171896              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-4282135630-3380497043-1520993403-1001-8192.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2011-08-12 5229568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-06-16 13352]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-24 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-05-15 28992]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-05 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-10-31 8615936]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 09:59]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001Core.job
- c:\users\Till\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 22:16]
.
2012-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001UA.job
- c:\users\Till\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-14 11697768]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = 
TCP: DhcpNameServer = 192.168.179.1
FF - ProfilePath - c:\users\Till\AppData\Roaming\Mozilla\Firefox\Profiles\ap0gm487.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-31  20:15:30
ComboFix-quarantined-files.txt  2012-08-31 18:15
ComboFix2.txt  2012-08-21 16:30
.
Vor Suchlauf: 16 Verzeichnis(se), 111.066.607.616 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 110.772.310.016 Bytes frei
.
- - End Of File - - 9A7C2486F7C208DE761EAC391FFC165C

cosinus · 31.08.2012, 20:38

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Tillus · 02.09.2012, 15:10

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-02 16:09:08
Windows 6.1.7601 Service Pack 1 
Running: sn5ks24m.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4ceb429418ac                      
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4ceb429418ac (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:14:55 on 02.09.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Google Inc. Google Chrome 21.0.1180.83

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001Core.job" - "Google Inc." - C:\Users\Till\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-4282135630-3380497043-1520993403-1001UA.job" - "Google Inc." - C:\Users\Till\AppData\Local\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"cpuz135" (cpuz135) - ? - C:\Windows\TEMP\cpuz135\cpuz135_x64.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"Logitech SetPoint KMDF HID Filter Driver" (LHidFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LHidFilt.Sys
"Logitech SetPoint KMDF Mouse Filter Driver" (LMouFilt) - "Logitech, Inc." - C:\Windows\System32\DRIVERS\LMouFilt.Sys
"Logitech SetPoint KMDF USB Filter" (LUsbFilt) - "Logitech, Inc." - C:\Windows\System32\Drivers\LUsbFilt.Sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash32_11_3_300_271.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{5C051655-FCD5-4969-9182-770EA5AA5565} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\Windows\Downloaded Program Files\SolitaireShowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\Windows\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Till\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Logitech . Produktregistrierung.lnk" - "Leader Technologies/Logitech" - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe  (Shortcut exists | File exists)
"OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Steam" - "Valve Corporation" - "C:\Program Files (x86)\Steam\steam.exe" -silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"NUSB3MON" - "Renesas Electronics Corporation" - "c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
"S-Bar" - "MSI" - %PROGRAMFILES%\S-Bar\S-Bar.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File not found)
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 03.09.2012, 19:16

Was ist mit aswMBR?

Tillus · 04.09.2012, 01:43

hatte ich erst vergessen und hat mich dann eben mit einem bluescreen gecrasht..

cosinus · 04.09.2012, 14:39

Deswegen hatte ich extra noch ein Hinweis unter aswMBR gepostet - bezieht sich auch darauf, falls der Rechner ganz abstürzt

Tillus · 04.09.2012, 16:42

das hab ich dann falsch verstanden, wollte nicht noch einen crash provozieren.

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-04 17:35:14
-----------------------------
17:35:14.222    OS Version: Windows x64 6.1.7601 Service Pack 1
17:35:14.222    Number of processors: 8 586 0x2A07
17:35:14.222    ComputerName: NORMANDY  UserName: Till
17:35:17.854    Initialize success
17:35:25.959    AVAST engine defs: 12090301
17:35:38.226    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:35:38.232    Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
17:35:38.258    Disk 0 MBR read successfully
17:35:38.265    Disk 0 MBR scan
17:35:38.275    Disk 0 Windows 7 default MBR code
17:35:38.284    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476938 MB offset 2048
17:35:38.315    Disk 0 scanning C:\Windows\system32\drivers
17:35:48.674    Service scanning
17:36:15.495    Modules scanning
17:36:15.511    Disk 0 trace - called modules:
17:36:15.535    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:36:15.541    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a3b790]
17:36:15.547    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80044b6050]
17:36:15.554    Scan finished successfully
17:42:09.823    Disk 0 MBR has been saved successfully to "C:\Users\Till\Desktop\MBR.dat"
17:42:09.834    The log file has been saved successfully to "C:\Users\Till\Desktop\aswMBR.txt"

21.08.2012, 14:06	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Kein Zugriff auf Firewall! - rootkit(?) Kannst ruhig markieren __________________ __________________

03.09.2012, 19:16	#27
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Kein Zugriff auf Firewall! - rootkit(?) Was ist mit aswMBR? __________________ Logfiles bitte immer in CODE-Tags posten

04.09.2012, 14:39	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Kein Zugriff auf Firewall! - rootkit(?) Deswegen hatte ich extra noch ein Hinweis unter aswMBR gepostet - bezieht sich auch darauf, falls der Rechner ganz abstürzt __________________ Logfiles bitte immer in CODE-Tags posten

Kein Zugriff auf Firewall! - rootkit(?)

Plagegeister aller Art und deren Bekämpfung: Kein Zugriff auf Firewall! - rootkit(?)