Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

plagiat · 27.05.2014, 02:22

Hallo, ich habe jetzt schon seit bestimmt einer Woche das Problem, dass mein PC und Laptop befallen sind. Schon Kaspersky, Avira und AVG mit jeweiligem Rescue Disks zur Hilfe genommen, aber die Malware umgeht das alles.

FRST64:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-05-2014 02
Ran by ADMIN (administrator) on ADMIN-PC on 27-05-2014 01:46:26
Running from E:\scans
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
() E:\scans\Defogger.exe


==================== Registry (Whitelisted) ==================


==================== Internet (Whitelisted) ====================

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
Tcpip\Parameters: [DhcpNameServer] 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10

FireFox:
========

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-27 02:36 - 2014-05-27 01:43 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:43 - 2014-05-27 01:46 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:43 - 2014-05-27 01:44 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:43 - 2014-05-27 01:44 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:43 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:39 - 2014-05-27 01:45 - 00007696 _____ () C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2014-05-27 02:36 - 2009-07-14 07:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-05-27 02:36 - 2009-07-14 07:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 ____D () C:\FRST
2014-05-27 01:46 - 2014-05-27 01:46 - 00000000 _____ () C:\Users\ADMIN\defogger_reenable
2014-05-27 01:46 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN
2014-05-27 01:45 - 2014-05-27 01:45 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-05-27 01:45 - 2014-05-27 01:39 - 00007696 _____ () C:\Windows\WindowsUpdate.log
2014-05-27 01:45 - 2009-07-14 06:51 - 00022393 _____ () C:\Windows\setupact.log
2014-05-27 01:44 - 2014-05-27 01:44 - 00001405 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00001439 _____ () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 01:44 - 2014-05-27 01:43 - 00000000 ___RD () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:43 - 2014-05-27 02:36 - 00000000 ____D () C:\Windows\Panther
2014-05-27 01:43 - 2014-05-27 01:43 - 00000020 ___SH () C:\Users\ADMIN\ntuser.ini
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Public\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Netzwerkumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Lokale Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Eigene Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Druckumgebung
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Musik
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Documents\Eigene Bilder
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Verlauf
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\AppData\Local\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Users\ADMIN\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Vorlagen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Startmenü
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Favoriten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Dokumente
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\ProgramData\Anwendungsdaten
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Program Files\Gemeinsame Dateien
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 _SHDL () C:\Dokumente und Einstellungen
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 __SHD () C:\Recovery
2014-05-27 01:43 - 2014-05-27 01:43 - 00000000 ____D () C:\Users\ADMIN\AppData\Local\VirtualStore
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-05-27 01:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Windows NT
2014-05-27 01:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-27 01:42 - 2009-07-14 06:45 - 00274464 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-27 01:42 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-27 01:40 - 2014-05-27 01:40 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-05-27 01:40 - 2014-05-27 01:40 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2014-05-27 01:40 - 2014-05-27 01:40 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2014-05-27 01:40 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 01:40 - 2009-07-14 06:46 - 00002790 _____ () C:\Windows\DtcInstall.log
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 06:45 - 00016848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 01:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-05-27 01:37 - 2010-11-21 08:27 - 00000000 ____D () C:\Windows\CSC

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.


LastRegBack: 2014-05-27 01:36

==================== End Of Log ============================

--- --- ---

[/CODE]

Addition:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-05-2014 02
Ran by ADMIN at 2014-05-27 01:46:45
Running from E:\scans
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================


==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe

==================== Loaded Modules (whitelisted) =============

2014-05-26 22:28 - 2014-05-26 22:28 - 00050477 _____ () E:\scans\Defogger.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Ethernet-Controller
Description: Ethernet-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI-Kommunikationscontroller (einfach)
Description: PCI-Kommunikationscontroller (einfach)
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (05/27/2014 01:42:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: 
cdrom


Microsoft Office Sessions:
=========================
Error: (05/27/2014 01:43:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 21%
Total physical RAM: 4076.67 MB
Available physical RAM: 3211.14 MB
Total Pagefile: 8151.54 MB
Available Pagefile: 7258.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:95 GB) (Free:80.71 GB) NTFS
Drive d: (Daten) (Fixed) (Total:340.31 GB) (Free:213.79 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:1.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: AECDB9E2)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=95 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=347 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 007BCF32)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

GMER:

Code:

ATTFilter

GMER Logfile:

	Code: 

 ATTFilter

  
	GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-27 02:50:42
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC66G 465,76GB
Running: h735myn9s.exe; Driver: C:\Users\ADMIN\AppData\Local\Temp\aglorpod.sys


---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [224:716]  000007fef7ba9688

---- EOF - GMER 2.1 ----
         
 --- --- ---

Nachtrag: OTL

Code:

ATTFilter

OTL logfile created on: 27.05.2014 02:51:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\scans
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,43% Memory free
7,96 Gb Paging File | 7,23 Gb Available in Paging File | 90,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 95,00 Gb Total Space | 80,67 Gb Free Space | 84,91% Space Free | Partition Type: NTFS
Drive D: | 340,31 Gb Total Space | 213,79 Gb Free Space | 62,82% Space Free | Partition Type: NTFS
Drive F: | 3,69 Gb Total Space | 1,75 Gb Free Space | 47,51% Space Free | Partition Type: FAT32
 
Computer Name: ADMIN-PC | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.05.26 00:14:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\scans\OTL.exe
PRC - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.05.26 00:01:32 | 000,380,416 | ---- | M] () -- F:\scan\h735myn9s.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.05.12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService)
SRV - [2014.05.12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.31.79.142 172.31.79.144 157.54.104.75 157.54.14.146 157.54.14.162 157.54.80.10
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.05.27 02:36:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014.05.27 02:34:50 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.27 02:34:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.05.27 02:34:32 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.27 02:34:32 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.27 02:34:32 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.05.27 02:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014.05.27 02:34:21 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Programs
[2014.05.27 02:10:27 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics
[2014.05.27 02:10:09 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Diagnostics
[2014.05.27 02:06:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.05.27 01:46:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Searches
[2014.05.27 01:43:55 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014.05.27 01:43:46 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Identities
[2014.05.27 01:43:43 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Contacts
[2014.05.27 01:43:42 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\VirtualStore
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Vorlagen
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Verlauf
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Temporary Internet Files
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Startmenü
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\SendTo
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Recent
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Netzwerkumgebung
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Lokale Einstellungen
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Videos
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Musik
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Eigene Dateien
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Documents\Eigene Bilder
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Druckumgebung
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Cookies
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\AppData\Local\Anwendungsdaten
[2014.05.27 01:43:30 | 000,000,000 | -HSD | C] -- C:\Users\ADMIN\Anwendungsdaten
[2014.05.27 01:43:29 | 000,000,000 | --SD | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Videos
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Saved Games
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Pictures
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Music
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Links
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Favorites
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Downloads
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Documents
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\Desktop
[2014.05.27 01:43:29 | 000,000,000 | R--D | C] -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014.05.27 01:43:29 | 000,000,000 | -H-D | C] -- C:\Users\ADMIN\AppData
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Temp
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Local\Microsoft
[2014.05.27 01:43:29 | 000,000,000 | ---D | C] -- C:\Users\ADMIN\AppData\Roaming\Media Center Programs
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Programme
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2014.05.27 01:43:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2014.05.27 01:39:48 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014.05.27 01:37:39 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014.05.27 01:36:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2014.05.27 02:36:10 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.05.27 02:34:59 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.05.27 02:34:59 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.05.27 02:34:59 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.05.27 02:34:59 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.05.27 02:34:59 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.05.27 02:34:34 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.05.27 02:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.05.27 02:12:37 | 3206,025,216 | -HS- | M] () -- C:\hiberfil.sys
[2014.05.27 02:12:14 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.05.27 02:12:13 | 000,017,056 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.05.27 01:46:08 | 000,000,000 | ---- | M] () -- C:\Users\ADMIN\defogger_reenable
[2014.05.27 01:45:42 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.05.27 01:42:08 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014.05.27 01:40:45 | 000,055,513 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014.05.12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.05.12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.05.12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014.05.27 02:34:34 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.05.27 01:46:08 | 000,000,000 | ---- | C] () -- C:\Users\ADMIN\defogger_reenable
[2014.05.27 01:45:42 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2014.05.27 01:44:03 | 000,001,405 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014.05.27 01:43:57 | 000,001,439 | ---- | C] () -- C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014.05.27 01:40:38 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2014.05.27 01:40:36 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2014.05.27 01:36:51 | 3206,025,216 | -HS- | C] () -- C:\hiberfil.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 05:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 05:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Plagegeister aller Art und deren Bekämpfung: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen

Ähnliche Themen: Windows 7 64bit - Virus/Trojaner/Rotkit nicht wegzubekokmen