Trojaner-Board - Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos (https://www.trojaner-board.de/105586-rootkit-verdacht-malwarebytes-avira-div-andere-tools-nutzlos.html)

Rootkit Verdacht. Malwarebytes, Avira und div andere tools nutzlos

Nach fast 10Jahren ohne virenscanner oder firewall im netz bei fast 1000+ Seiten täglich hab ich mir doch zum ersten mal was eingefangen, und dann auch noch was fieses. die freeware version von Emi Anti Malware Bedankt sich für die nutztung mit einem Bluescreen (zumindest wenn man nach rootkits sucht), die Windows Firewall lässt sich nicht mehr aktivieren, Die meisten meiner Programme + desktop + startmenü waren komplett deaktiviert oder unsichtbar, eine Scareware wollte Geld für das entfernen haben (ja klar aber sicher ....) und google öffnet ab und an andere links als die auf die ich klicke...

Ich hab nun fast alles von Hand wiederhergestellt.Die Scareware is runter, die Dateien wieder sichtbar, etc...

Übrig ist die kaputte Windows Firewall und das Problem mit Google. Sobald das problem loslegt wird Google merklich langsamer und javscript funktioniert nicht mehr auf der Seite (ich kann z.b. nicht mehr auf "Safesearch" klicken (kein effekt), dann öffnen sich über eine Weiterleitung verscheidenen Seiten auf die ich definitiv nicht geklickt habe (aber immer nur eine pro klick)
Das tritt sehr unregelmäßig auf, aber oft genug um zu stören.

hier mein log

Code:

OTL logfile created on: 29.11.2011 22:49:03 - Run 2

OTL by OldTimer - Version 3.2.31.0     Folder = E:\LiedvonEisundFeuer

64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,98 Gb Total Physical Memory | 6,49 Gb Available Physical Memory | 81,30% Memory free

15,96 Gb Paging File | 14,35 Gb Available in Paging File | 89,90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 111,69 Gb Total Space | 10,01 Gb Free Space | 8,96% Space Free | Partition Type: NTFS

Drive D: | 931,51 Gb Total Space | 274,30 Gb Free Space | 29,45% Space Free | Partition Type: NTFS

Drive E: | 931,51 Gb Total Space | 434,23 Gb Free Space | 46,62% Space Free | Partition Type: NTFS

 

Computer Name: DEEPTHOUGHT | User Name: Clash | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.29 22:45:43 | 000,584,192 | ---- | M] (OldTimer Tools) -- E:\LiedvonEisundFeuer\OTL.exe

PRC - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010.11.05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.11.29 00:10:36 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4ffea70edf9aa81cba6a5be8070d3dd9\IAStorUtil.ni.dll

MOD - [2011.11.29 00:10:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6aef03034d33721bfbd588d9d7fffe60\IAStorCommon.ni.dll

MOD - [2011.11.28 20:37:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll

MOD - [2011.11.28 20:36:57 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll

MOD - [2011.11.28 20:36:53 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll

MOD - [2011.11.28 20:36:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll

MOD - [2011.11.28 20:36:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll

MOD - [2011.11.28 20:36:40 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll

MOD - [2011.11.28 20:36:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll

MOD - [2011.11.28 20:36:37 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2011.01.19 02:17:34 | 000,895,488 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Plus Web Player\libxml2.dll

MOD - [2010.11.21 07:21:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.11.29 21:13:37 | 002,996,784 | ---- | M] (Emsi Software GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)

SRV - [2011.11.03 19:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.10.17 10:40:10 | 000,131,912 | ---- | M] (Desura Pty Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)

SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011.08.25 19:35:02 | 000,024,064 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)

SRV - [2011.08.22 14:17:02 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2011.08.15 15:18:12 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)

SRV - [2011.08.03 18:42:24 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.06.10 23:43:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.06.07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)

SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)

SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.10.15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)

SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2011.08.22 14:17:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)

DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.05.16 17:35:14 | 000,156,912 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2011.05.12 14:03:12 | 000,006,144 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\9F2.tmp -- (MEMSWEEP2)

DRV:64bit: - [2011.05.10 16:02:53 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2011.05.10 15:59:41 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.03.10 15:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)

DRV:64bit: - [2011.02.08 06:30:52 | 000,064,512 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)

DRV:64bit: - [2011.02.08 06:30:52 | 000,039,936 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)

DRV:64bit: - [2011.01.27 19:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2011.01.27 19:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)

DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)

DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.11.09 14:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)

DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)

DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2010.06.23 10:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010.06.11 13:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV:64bit: - [2010.01.27 16:25:42 | 001,584,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009.11.11 16:41:04 | 000,034,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64k.sys -- (Point64)

DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)

DRV - [2011.05.19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)

DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.bing.com/?pc=avbr [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 55 C1 65 24 0F CC 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = my.daemon-search.com

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "https://www.rememberthemilk.com/home/clash666/#section.tasks|hxxp://vrr.de/de/fahrplanauskunft/index.html|hxxp://www.google.com/webhp|hxxp://www.wahlrecht.de/umfragen/index.htm|hxxp://news.google.com/news?pz=1&cf=all&ned=de&ict=ln|https://www.rememberthemilk.com/home/clash666/#section.tasks"

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Clash\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.17 01:47:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.17 01:47:25 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.08 02:43:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.11.08 21:56:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.09.17 12:38:58 | 000,000,000 | ---D | M]

 

[2011.05.10 17:10:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions

[2011.05.04 16:09:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.11.28 22:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions

[2011.09.09 15:20:37 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2011.10.04 10:50:16 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}

[2011.11.19 12:03:40 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2011.08.25 20:52:43 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Clash\AppData\Roaming\mozilla\Firefox\Profiles\oato85hz.default\extensions\foxmarks@kei.com

[2011.10.16 03:42:30 | 000,002,407 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml

[2011.04.28 23:43:05 | 000,002,101 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\googlede.xml

[2011.11.08 02:43:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2011.10.29 21:00:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{5355BE22-20F5-11DC-8314-0800200C9A66}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{B2509CD4-17CD-45ED-8146-A82AF038F493}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\{FFFE0EAC-3819-4561-8AA9-178A68450D4F}.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\OPENWITH@DARKTROJAN.NET.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI

() (No name found) -- C:\USERS\CLASH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\OATO85HZ.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI

[2011.11.05 08:10:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.11.05 04:38:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.11.05 04:38:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.11.05 04:38:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.11.05 04:38:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.11.28 18:59:19 | 000,441,530 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

127.0.0.1        www.007guard.com

127.0.0.1        007guard.com

127.0.0.1        008i.com

127.0.0.1        www.008k.com

127.0.0.1        008k.com

127.0.0.1        www.00hq.com

127.0.0.1        00hq.com

127.0.0.1        010402.com

127.0.0.1        www.032439.com

127.0.0.1        032439.com

127.0.0.1        www.0scan.com

127.0.0.1        0scan.com

127.0.0.1        1000gratisproben.com

127.0.0.1        www.1000gratisproben.com

127.0.0.1        1001namen.com

127.0.0.1        www.1001namen.com

127.0.0.1        100888290cs.com

127.0.0.1        www.100888290cs.com

127.0.0.1        www.100sexlinks.com

127.0.0.1        100sexlinks.com

127.0.0.1        10sek.com

127.0.0.1        www.10sek.com

127.0.0.1        www.1-2005-search.com

127.0.0.1        1-2005-search.com

127.0.0.1        123fporn.info

O1 - Hosts: 15180 more lines...

O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [ASRockXTU]  File not found

O4 - HKCU..\Run: [zASRockInstantBoot]  File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E3FA767-F4EF-4953-9AFE-56CC3C15E348}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96634769-7F6E-46D0-B872-EDEE345DECA0}: DhcpNameServer = 80.67.0.2 91.213.246.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ASRSetup.exe

O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\start.exe

O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpFolder: C:^Users^Clash^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: AdobeCS5ServiceManager - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Cmaudio8788 - hkey= - key= - C:\Windows\syswow64\RunDll32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Cmaudio8788GX - hkey= - key= - C:\Windows\syswow64\HsMgr.exe ()

MsConfig:64bit - StartUpReg: Cmaudio8788GX64 - hkey= - key= - C:\Windows\system\HsMgr64.exe ()

MsConfig:64bit - StartUpReg: Desura - hkey= - key= - C:\Program Files (x86)\Desura\desura.exe (Desura Pty Ltd)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: FileZilla Server Interface - hkey= - key= - C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)

MsConfig:64bit - StartUpReg: Garmin Lifetime Updater - hkey= - key= - C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)

MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Clash\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: ISUSPM - hkey= - key= - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)

MsConfig:64bit - StartUpReg: itype - hkey= - key= - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)

MsConfig:64bit - StartUpReg: Nuance PDF Reader-reminder - hkey= - key= - C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

MsConfig:64bit - StartUpReg: RunDLLEntry - hkey= - key= - C:\Windows\SysNative\RunDLL32.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: StartNowToolbarHelper - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Steam - hkey= - key= - E:\Games\Steam\Steam.exe (Valve Corporation)

MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: XFastUsb - hkey= - key= - C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

MsConfig:64bit - StartUpReg: yEfRqQhDUGAmlI.exe - hkey= - key= -  File not found

MsConfig:64bit - State: "services" - Reg Error: Key error.

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.29 21:53:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.11.29 21:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.11.29 21:44:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2011.11.29 21:36:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2011.11.29 21:04:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware

[2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware

[2011.11.29 21:04:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Anti-Malware

[2011.11.29 20:35:12 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Gaslamp Games

[2011.11.29 19:41:46 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe

[2011.11.29 19:41:46 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe

[2011.11.29 19:41:46 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe

[2011.11.29 19:41:46 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe

[2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe

[2011.11.29 19:41:46 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe

[2011.11.29 19:41:46 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe

[2011.11.29 19:41:46 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe

[2011.11.29 19:41:46 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe

[2011.11.29 19:41:46 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe

[2011.11.29 19:41:46 | 000,053,248 | ---- | C] (hxxp://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe

[2011.11.29 18:38:55 | 000,000,000 | ---D | C] -- C:\Users\Clash\Neuer Ordner

[2011.11.29 18:29:10 | 000,000,000 | ---D | C] -- C:\mingw

[2011.11.29 17:26:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\codeblocks

[2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CodeBlocks

[2011.11.29 17:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeBlocks

[2011.11.29 17:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeBlocks

[2011.11.29 04:46:23 | 000,000,000 | ---D | C] -- C:\Wascana

[2011.11.29 03:39:54 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wascana

[2011.11.29 03:07:56 | 002,725,376 | ---- | C] (C-Media Inc) -- C:\Windows\SysNative\drivers\cmudaxp.sys

[2011.11.29 03:07:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\WIN7

[2011.11.28 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Malwarebytes

[2011.11.28 22:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.11.28 22:00:34 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.11.28 21:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos

[2011.11.28 21:42:51 | 000,000,000 | ---D | C] -- C:\Users\Clash\Pavark

[2011.11.28 21:29:42 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Wolframs von Eschenbach - Parzival CD1

[2011.11.28 20:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vim 7.3

[2011.11.28 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vim

[2011.11.28 17:07:39 | 000,000,000 | ---D | C] -- C:\msys

[2011.11.28 17:06:24 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MinGW

[2011.11.28 16:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MinGW

[2011.11.28 15:47:53 | 000,000,000 | ---D | C] -- C:\cPlusPlus

[2011.11.28 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Nokia

[2011.11.28 15:39:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Nokia

[2011.11.26 02:33:39 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Orcs Must Die

[2011.11.26 02:29:07 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\Crayon Physics Deluxe

[2011.11.26 02:27:56 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe

[2011.11.23 16:30:43 | 145,320,383 | ---- | C] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe

[2011.11.23 16:04:50 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\jongliernacht

[2011.11.21 22:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2011.11.21 18:56:58 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware

[2011.11.21 18:56:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaalDesignSoftware

[2011.11.19 17:23:50 | 000,000,000 | ---D | C] -- C:\wp-smushit

[2011.11.16 19:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN Technologies

[2011.11.12 12:57:10 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Local\Skyrim

[2011.11.11 20:02:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eclipse PHP

[2011.11.07 21:33:46 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\Neuer Ordner (2)

[2011.11.06 21:40:30 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\.purple

[2011.11.02 22:10:04 | 000,000,000 | ---D | C] -- C:\Users\Clash\AppData\Roaming\Mumble

[2011.11.01 21:40:11 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\test

[2011.11.01 21:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble

[2011.11.01 21:29:27 | 000,000,000 | ---D | C] -- C:\Users\Clash\Documents\dsa

[2011.11.01 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Clash\Desktop\brain

[2011.10.31 19:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.29 22:47:49 | 001,650,748 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.11.29 22:47:49 | 000,710,810 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.11.29 22:47:49 | 000,663,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.11.29 22:47:49 | 000,153,902 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.11.29 22:47:49 | 000,125,952 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.29 22:43:46 | 000,005,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.29 22:43:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.11.29 22:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.29 22:43:28 | 2133,868,543 | -HS- | M] () -- C:\hiberfil.sys

[2011.11.29 22:42:17 | 000,000,020 | ---- | M] () -- C:\Users\Clash\defogger_reenable

[2011.11.29 22:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.11.29 22:25:42 | 000,842,122 | ---- | M] () -- C:\Users\Clash\AppData\Local\census.cache

[2011.11.29 22:25:35 | 000,100,710 | ---- | M] () -- C:\Users\Clash\AppData\Local\ars.cache

[2011.11.29 22:20:31 | 000,000,036 | ---- | M] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache

[2011.11.29 21:55:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job

[2011.11.29 21:53:08 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.29 21:04:34 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2011.11.29 19:46:53 | 000,001,272 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg

[2011.11.29 18:29:30 | 000,001,480 | ---- | M] () -- C:\Users\Clash\Desktop\MSYS.lnk

[2011.11.29 18:29:30 | 000,000,044 | ---- | M] () -- C:\Windows\MSYS.INI

[2011.11.29 17:26:44 | 000,001,099 | ---- | M] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk

[2011.11.29 17:06:51 | 000,000,766 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk

[2011.11.29 04:46:38 | 000,001,640 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk

[2011.11.29 04:46:38 | 000,000,730 | ---- | M] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk

[2011.11.29 03:09:43 | 000,147,860 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.cfl

[2011.11.29 03:09:42 | 000,000,954 | ---- | M] () -- C:\Windows\Cmicnfgp.ini.imi

[2011.11.29 03:09:42 | 000,000,893 | ---- | M] () -- C:\Windows\System\Cmicnfgp.ini

[2011.11.29 03:09:42 | 000,000,140 | ---- | M] () -- C:\Windows\System\Dlap.pfx

[2011.11.29 02:55:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job

[2011.11.28 20:48:53 | 000,012,288 | -H-- | M] () -- C:\Windows\SysWow64\_.swp

[2011.11.28 20:48:53 | 000,001,026 | ---- | M] () -- C:\Users\Clash\_viminfo

[2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk

[2011.11.28 20:43:33 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk

[2011.11.28 20:43:33 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\gVim 7.3.lnk

[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gvimdiff.bat

[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\gview.bat

[2011.11.28 20:43:33 | 000,000,993 | ---- | M] () -- C:\Windows\evim.bat

[2011.11.28 20:43:33 | 000,000,985 | ---- | M] () -- C:\Windows\gvim.bat

[2011.11.28 20:43:33 | 000,000,694 | ---- | M] () -- C:\Windows\vimtutor.bat

[2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\vimdiff.bat

[2011.11.28 20:43:33 | 000,000,668 | ---- | M] () -- C:\Windows\view.bat

[2011.11.28 20:43:33 | 000,000,664 | ---- | M] () -- C:\Windows\vim.bat

[2011.11.28 20:36:18 | 005,006,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.11.28 20:30:22 | 001,627,706 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011.11.28 19:32:40 | 000,000,930 | ---- | M] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk

[2011.11.28 19:09:44 | 000,001,093 | ---- | M] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk

[2011.11.28 18:59:19 | 000,441,530 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011.11.28 18:57:29 | 000,001,266 | ---- | M] () -- C:\Users\Clash\Desktop\Spybot - Search & Destroy.lnk

[2011.11.24 15:44:39 | 023,042,284 | ---- | M] () -- C:\Users\Clash\Desktop\hogy.7z

[2011.11.23 16:34:54 | 000,040,538 | ---- | M] () -- C:\Windows\unins000.dat

[2011.11.23 16:34:26 | 001,202,763 | ---- | M] () -- C:\Windows\unins000.exe

[2011.11.23 15:42:11 | 000,096,182 | ---- | M] () -- C:\Users\Clash\Desktop\sp-Holger.jpg

[2011.11.22 19:56:01 | 000,000,600 | ---- | M] () -- C:\Users\Clash\AppData\Local\PUTTY.RND

[2011.11.21 19:26:52 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011.11.21 19:08:40 | 000,733,363 | ---- | M] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg

[2011.11.20 18:24:43 | 000,611,275 | ---- | M] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg

[2011.11.16 19:41:04 | 145,320,383 | ---- | M] (Sereby Corporation) -- C:\Users\Clash\Desktop\aio-runtimes.exe

[2011.11.14 18:12:55 | 137,701,577 | ---- | M] () -- C:\EasyPHP.zip

[2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.11.13 02:55:19 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.11.11 20:02:59 | 000,001,151 | ---- | M] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk

[2011.11.11 12:07:29 | 000,000,036 | ---- | M] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId

[2011.11.08 14:51:33 | 000,092,823 | ---- | M] () -- C:\Users\Clash\Desktop\123.PNG

[2011.11.07 15:03:23 | 000,012,800 | ---- | M] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf

[2011.11.06 21:00:41 | 000,035,221 | ---- | M] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg

[2011.11.02 22:14:11 | 000,002,384 | ---- | M] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12

[2011.11.02 01:28:47 | 000,003,642 | ---- | M] () -- C:\Users\Clash\Desktop\wp-config.php

[2011.11.01 12:13:54 | 000,000,132 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs

[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Users\Clash\Desktop\*.tmp files -> C:\Users\Clash\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.11.29 22:42:17 | 000,000,020 | ---- | C] () -- C:\Users\Clash\defogger_reenable

[2011.11.29 22:25:42 | 000,842,122 | ---- | C] () -- C:\Users\Clash\AppData\Local\census.cache

[2011.11.29 22:25:35 | 000,100,710 | ---- | C] () -- C:\Users\Clash\AppData\Local\ars.cache

[2011.11.29 22:20:31 | 000,000,036 | ---- | C] () -- C:\Users\Clash\AppData\Local\housecall.guid.cache

[2011.11.29 21:53:08 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.11.29 21:04:34 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

[2011.11.29 19:43:48 | 000,001,272 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg

[2011.11.29 19:41:46 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe

[2011.11.29 19:41:46 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe

[2011.11.29 19:41:46 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe

[2011.11.29 18:18:12 | 000,324,096 | ---- | C] () -- C:\Windows\SDL.dll

[2011.11.29 17:26:44 | 000,001,099 | ---- | C] () -- C:\Users\Clash\Desktop\CodeBlocks.lnk

[2011.11.29 17:06:51 | 000,000,766 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse (2).lnk

[2011.11.29 04:01:15 | 000,324,096 | ---- | C] () -- C:\Windows\SysNative\SDL.dll

[2011.11.29 03:39:54 | 000,001,640 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Shell.lnk

[2011.11.29 03:39:54 | 000,000,730 | ---- | C] () -- C:\Users\Clash\Desktop\Wascana Eclipse.lnk

[2011.11.29 03:07:56 | 000,049,152 | ---- | C] () -- C:\Users\Clash\Desktop\Setup.exe

[2011.11.29 03:07:56 | 000,000,117 | ---- | C] () -- C:\Users\Clash\Desktop\CmiMergeSetup.ini

[2011.11.28 20:47:57 | 000,012,288 | -H-- | C] () -- C:\Windows\SysWow64\_.swp

[2011.11.28 20:44:14 | 000,001,026 | ---- | C] () -- C:\Users\Clash\_viminfo

[2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Read only 7.3.lnk

[2011.11.28 20:43:33 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\gVim Easy 7.3.lnk

[2011.11.28 20:43:33 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\gVim 7.3.lnk

[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gvimdiff.bat

[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\gview.bat

[2011.11.28 20:43:33 | 000,000,993 | ---- | C] () -- C:\Windows\evim.bat

[2011.11.28 20:43:33 | 000,000,985 | ---- | C] () -- C:\Windows\gvim.bat

[2011.11.28 20:43:33 | 000,000,694 | ---- | C] () -- C:\Windows\vimtutor.bat

[2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\vimdiff.bat

[2011.11.28 20:43:33 | 000,000,668 | ---- | C] () -- C:\Windows\view.bat

[2011.11.28 20:43:33 | 000,000,664 | ---- | C] () -- C:\Windows\vim.bat

[2011.11.28 19:32:40 | 000,000,930 | ---- | C] () -- C:\Users\Clash\Desktop\Steam - Verknüpfung.lnk

[2011.11.28 19:09:44 | 000,001,093 | ---- | C] () -- C:\Users\Clash\Desktop\netbeans - Verknüpfung.lnk

[2011.11.28 16:47:32 | 000,001,480 | ---- | C] () -- C:\Users\Clash\Desktop\MSYS.lnk

[2011.11.28 16:47:32 | 000,000,044 | ---- | C] () -- C:\Windows\MSYS.INI

[2011.11.24 15:44:35 | 023,042,284 | ---- | C] () -- C:\Users\Clash\Desktop\hogy.7z

[2011.11.23 16:26:54 | 000,611,275 | ---- | C] () -- C:\Users\Clash\Desktop\comp_tnmp-3017.jpg

[2011.11.23 15:42:11 | 000,096,182 | ---- | C] () -- C:\Users\Clash\Desktop\sp-Holger.jpg

[2011.11.21 19:23:39 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011.11.21 19:08:37 | 000,733,363 | ---- | C] () -- C:\Users\Clash\Desktop\hogwarts_high.jpg

[2011.11.14 18:12:41 | 137,701,577 | ---- | C] () -- C:\EasyPHP.zip

[2011.11.11 20:02:59 | 000,001,151 | ---- | C] () -- C:\Users\Clash\Desktop\eclipse for PHP.lnk

[2011.11.11 12:07:29 | 000,000,036 | ---- | C] () -- C:\Users\Clash\.org.eclipse.epp.usagedata.recording.userId

[2011.11.08 14:51:23 | 000,092,823 | ---- | C] () -- C:\Users\Clash\Desktop\123.PNG

[2011.11.07 15:03:22 | 000,012,800 | ---- | C] () -- C:\Users\Clash\Documents\domaintransferauftraege.pdf

[2011.11.06 21:00:41 | 000,035,221 | ---- | C] () -- C:\Users\Clash\Desktop\313289_307111715972340_306091499407695_1496240_1080525599_n.jpg

[2011.11.02 22:14:11 | 000,002,384 | ---- | C] () -- C:\Users\Clash\Documents\MumbleAutomaticCertificateBackup.p12

[2011.11.02 01:28:47 | 000,003,642 | ---- | C] () -- C:\Users\Clash\Desktop\wp-config.php

[2011.10.14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

[2011.10.03 16:53:33 | 000,000,032 | ---- | C] () -- C:\Windows\Terraria.INI

[2011.09.13 20:01:49 | 000,000,132 | ---- | C] () -- C:\Users\Clash\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011.09.09 15:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat

[2011.09.07 11:39:55 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll

[2011.09.07 11:39:55 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll

[2011.09.07 11:39:55 | 000,100,352 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

[2011.09.07 11:39:54 | 001,202,763 | ---- | C] () -- C:\Windows\unins000.exe

[2011.09.07 11:39:54 | 000,040,538 | ---- | C] () -- C:\Windows\unins000.dat

[2011.08.07 20:15:40 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat

[2011.07.01 13:14:25 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2011.06.24 14:48:19 | 000,000,048 | ---- | C] () -- C:\Windows\ABC_mru.ini

[2011.06.14 23:48:45 | 000,000,000 | ---- | C] () -- C:\Windows\Bench32.INI

[2011.06.11 16:50:42 | 000,000,600 | ---- | C] () -- C:\Users\Clash\AppData\Local\PUTTY.RND

[2011.06.08 22:56:43 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.06.08 22:56:37 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.06.08 22:56:37 | 000,000,306 | ---- | C] () -- C:\Windows\game.ini

[2011.05.26 00:57:39 | 000,007,602 | ---- | C] () -- C:\Users\Clash\AppData\Local\Resmon.ResmonCfg

[2011.05.10 20:07:57 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll

[2011.05.10 18:35:29 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI

[2011.05.10 18:35:29 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini

[2011.05.10 18:35:29 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini

[2011.05.10 18:35:28 | 000,014,496 | ---- | C] () -- C:\Windows\HL-5240.INI

[2011.05.10 18:35:21 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011.05.10 18:35:21 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD5240.DAT

[2011.05.10 18:34:45 | 000,000,091 | ---- | C] () -- C:\Windows\Brownie.ini

[2011.05.10 16:37:15 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe

[2011.05.10 16:37:15 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll

[2011.05.10 16:37:15 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini

[2011.05.10 16:37:14 | 000,147,860 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl

[2011.05.10 16:37:12 | 000,000,954 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi

[2011.05.10 16:37:10 | 000,005,018 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg

[2011.05.10 16:37:10 | 000,000,485 | ---- | C] () -- C:\Windows\cmudaxp.ini

[2011.05.10 16:32:59 | 001,627,706 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

 
 ========== LOP Check ==========

 

[2011.09.18 03:39:38 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.minecraft

[2011.11.06 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\.purple

[2011.05.10 16:37:22 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ASUS

[2011.09.05 14:30:06 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ColorSchemer

[2011.11.26 02:30:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Crayon Physics Deluxe

[2011.05.19 01:39:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\cspa

[2011.05.21 23:11:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DAEMON Tools Lite

[2011.05.10 16:09:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\DeviceVm

[2011.10.13 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\elsterformular

[2011.11.29 16:13:55 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\FileZilla

[2011.11.29 22:14:42 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\foobar2000

[2011.09.12 16:36:49 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\GameMaker

[2011.09.09 15:28:36 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Garmin

[2011.07.01 13:51:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\HandBrake

[2011.08.07 20:06:46 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Hi-Rez Studios

[2011.05.14 03:17:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\ImgBurn

[2011.05.10 18:31:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\LibreOffice

[2011.08.05 11:35:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\mkvtoolnix

[2011.11.29 20:06:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Mumble

[2011.06.15 23:06:13 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\MySQL

[2011.11.29 01:27:48 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Natural Selection 2

[2011.11.28 16:45:57 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nokia

[2011.09.30 00:50:59 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Notepad++

[2011.05.26 15:17:34 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Nuance

[2011.05.15 22:31:08 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Opera

[2011.09.30 00:51:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\PeaZip

[2011.10.13 10:58:04 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\RegExr.8CE3EE8FC37F7781C562DFF80977CFBA322DD1EF.1

[2011.09.09 15:15:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\rockbox.org

[2011.11.21 18:56:58 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SaalDesignSoftware

[2011.11.29 22:42:30 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\SPlayer

[2011.05.17 11:40:10 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Subversion

[2011.06.06 18:36:35 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\TeamViewer

[2011.11.22 19:49:27 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Thunderbird

[2011.05.11 12:24:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Titanium

[2011.09.07 16:48:31 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Tunngle

[2011.08.01 14:59:37 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\wargaming.net

[2011.08.05 22:45:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\XBMC

[2011.05.26 15:17:21 | 000,000,000 | ---D | M] -- C:\Users\Clash\AppData\Roaming\Zeon

[2011.07.13 22:51:51 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.11.28 21:49:43 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.09.20 22:30:06 | 000,000,000 | ---D | M] -- C:\.craftbukkit

[2011.05.11 22:53:41 | 000,000,000 | ---D | M] -- C:\Android

[2011.11.29 18:49:01 | 000,000,000 | ---D | M] -- C:\cPlusPlus

[2011.09.20 22:36:03 | 000,000,000 | ---D | M] -- C:\craftbukkit

[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.06.16 03:46:59 | 000,000,000 | ---D | M] -- C:\EasyPHP

[2011.10.17 13:50:30 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie

[2011.10.21 16:34:25 | 000,000,000 | ---D | M] -- C:\EasyPHP - Kopie (2)

[2011.10.03 16:53:24 | 000,000,000 | ---D | M] -- C:\Games

[2011.06.24 15:29:30 | 000,000,000 | ---D | M] -- C:\glassfish3

[2011.09.09 15:32:26 | 000,000,000 | ---D | M] -- C:\hallo

[2011.05.10 15:55:54 | 000,000,000 | ---D | M] -- C:\Intel

[2011.11.29 18:29:12 | 000,000,000 | ---D | M] -- C:\mingw

[2011.05.10 18:34:30 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.11.28 17:07:39 | 000,000,000 | ---D | M] -- C:\msys

[2011.06.07 20:48:17 | 000,000,000 | ---D | M] -- C:\MyBootCD

[2011.05.10 16:11:05 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.11.29 20:59:07 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.11.29 21:53:04 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011.11.29 21:42:09 | 000,000,000 | ---D | M] -- C:\ProgramData

[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.05.10 15:53:19 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.08.05 13:18:10 | 000,000,000 | ---D | M] -- C:\StAX

[2011.11.29 22:49:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.11.29 21:44:36 | 000,000,000 | ---D | M] -- C:\TDSSKiller_Quarantine

[2011.11.28 16:18:58 | 000,000,000 | R--D | M] -- C:\Users

[2011.11.29 17:51:02 | 000,000,000 | ---D | M] -- C:\Wascana

[2011.11.29 21:15:09 | 000,000,000 | ---D | M] -- C:\Windows

[2011.11.19 17:23:51 | 000,000,000 | ---D | M] -- C:\wp-smushit

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2011.05.11 15:02:08 | 005,945,944 | -H-- | M] (Safer-Networking Ltd.) MD5=B302653D473E85E3FFCF100F12062EF9 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\ProgramData\Microsoft\Windows\RAI\64\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Users\All Users\Microsoft\Windows\RAI\64\winlogon.exe

[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2010.08.14 10:37:49 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=87A00ED70FEC36D0DD968E5058C29AA1 -- C:\Windows\SysNative\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

Nun ich bin für jede Hilfe dankbar! Grüße, Ralf

Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

Ich habe zwei Vorschläge: :

1.
Wenn du glaubst zu kennen die Zeitpunkt wo dein System noch einwandfrei funktioniert hat, die Systemwiederherstellung ist einen Versuch Wert!:

- Gibt es einen "relativ einfachen Weg",wenn eine frische Infektion vorliegt, oder mal bestimmte Probleme bekommt man auch gelöst, was man sogleich ausprobieren sollte. Dies bietet Dir die Möglichkeit, Systemänderungen am Computer ohne Auswirkung auf persönliche Dateien, wie z. B. E-Mails, Dokumente oder Fotos, rückgängig zu machen.

Zitat:

-> Systemwiederherstellung
► Bitte wähle das älteste verfügbare Datum für die Wiederherstellung von Windows aus, wo dein Rechner noch einwandfrei funktioniert hat!

Du musst dich als Administrator oder als Benutzer mit Administratorrechten anmelden.
Die Systemwiederherstellung lässt sich unter Windows Vista/XP/7 wie folgt aufrufen:
► Start → Alle Programme → Zubehör → Systemprogramme → Systemwiederherstellung

->Eine Schritt-für-Schritt-Anleitung zum Einsatz der Systemwiederherstellung unter Windows XP
->Systemwiederherstellung unter Windows Vista
->Unter Win 7
► Falls nötig, kannst Du es im abgesicherten Modus auch tun - (Link bitte unbedingt anklicken & lesen!)

Die Systemwiederherstellung ist nur ein "Notlösung", das Problem wird damit nie 100%ig beseitigt, da dem Zeitpunkt des Eindringen des Trojaners nicht mehr feststellen kann. Aber man kann damit die Funktionsfähigkeit eines Computersystems erhöhen.
(Kannst noch immer bis zum heutigen Zeitpunkt rückgängig machen, falls liefert nicht das gewünschte Ergebnis)

► berichte mir auch, ob die SWH funktioniert hat, bzw ob Du das System auf einen früheren Wiederherstellungspunkt zurückstellen können?

2.

Zitat:

Sollte die Systemwiederherstellung nicht funktionieren (Malware kann es verhindern):
- Du kannst auch noch die folgenden Methoden ausprobieren, um das Problem zu beheben.:-> Verwenden der letzten als funktionierend bekannten Konfiguration

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

4.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.

http://image.hijackthis.eu/upload/otl_screen_neu.jpg
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

So vielen dank erstmal fürs Antworten!

der Eintrag zur Systemwiederherstellung existiert nicht mehr im Startmenü!
WEnn ich beim starten F8 drücke und dann reparieren auswähle, startet der Rechner nicht! Er bleibt einfach bei blabla wird geladen stehen und nix tut sich mehr.

Aufgefallen ist mir noch das die "bösartige Websites blockieren" - Funktion sich nicht anschalten lässt bei Malwarebytes.

Die OTL.txt ist oben gepostet eine extras.txt wurde nicht erstellt! bzw kann ich nicht mehr finden.

ich hatte aber vor ein paar Tagen ein Tool namens catchme laufen lassen und das hat dies hier ausgespuckt:

Code:

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
 

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error
 

detected NTDLL code modification:

ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

Und der Malwarebytes.log:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8279
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

30.11.2011 18:03:09

mbam-log-2011-11-30 (18-03-09).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 1561716

Laufzeit: 1 Stunde(n), 12 Minute(n), 30 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Eine neu installation möchte ich ,wenn möglich, vermeiden. Ich arbeite mit dem Rechner und das einrichten meiner seeehr zahlreichen Programme stiehlt mir sicher 1-2 Tage, wenn nicht mehr.

Hier noch die install.txt:

Code:

"Minimal SYStem 1.0.10"        MinGW        28.11.2011                1.0.10

7-Zip 9.20 (x64 edition)        Igor Pavlov        09.05.2011        4,53MB        9.20.00.0

Adobe Flash Player 10 ActiveX 64-bit        Adobe Systems Incorporated        09.05.2011        6,00MB        10.2.161.23

Adobe Flash Player 10 Plugin 64-bit        Adobe Systems Incorporated        09.05.2011        6,00MB        10.2.161.23

Adobe Flash Player 11 ActiveX 64-bit        Adobe Systems Incorporated        22.11.2011        6,00MB        11.1.102.55

Adobe Flash Player 11 Plugin 64-bit        Adobe Systems Incorporated        22.11.2011        6,00MB        11.1.102.55

Adobe Reader X (10.1.1)        Adobe Systems Incorporated        16.09.2011        160,3MB        10.1.1

Adobe Shockwave Player 11.5        Adobe Systems, Inc.        09.05.2011                11.5.9.620

Adobe Shockwave Player 11.6        Adobe Systems, Inc        06.09.2011        33,3MB        11.6.1.629

Advanced Batch Converter        BatchConverter.com        23.06.2011                5.5

Alien Swarm        Valve        20.07.2011                

Alien Swarm - SDK        Valve        25.09.2011                

Allgemeine Runtime Files (x86)        Sereby Corporation        22.11.2011        37,6MB        1.0.3.2

Alliance of Valiant Arms                06.08.2011                

Allmyapps        Allmyapps        18.05.2011                0.9.2.8

Android SDK Tools        Google Inc.        10.05.2011                0.7

Anomaly Warzone Earth                25.09.2011                

Apple Application Support        Apple Inc.        11.05.2011        51,0MB        1.5.1

Apple Software Update        Apple Inc.        11.05.2011        2,16MB        2.1.1.116

Aquaria        Bit Blot        24.11.2011                

ASRock App Charger v1.0.4        ASRock Inc.        09.05.2011        1,35MB        

ASRock eXtreme Tuner v0.1.54                09.05.2011        15,2MB        

ASRock InstantBoot v1.26                09.05.2011                

ASUS Xonar Essence ST Audio Driver                09.05.2011                

Auto Gordian Knot 2.55        len0x        30.06.2011                2.55

Avant Browser (remove only)        Avant Force        09.05.2011                11.8.0.131

Avidemux 2.5                09.05.2011                2.5.4.6714

AviSynth 2.5                30.06.2011                

Bastion        Supergiant Games        04.09.2011                

Brother HL-5240        Brother        09.05.2011                1.00

Call of Duty(R) 4 - Modern Warfare(TM)        Activision        07.06.2011        6.379MB        1.7

CCleaner        Piriform        29.11.2011                3.13

Chromium        Chromium        09.05.2011                13.0.776.0

Chromium Updater        Martin Endres        09.05.2011        92,00KB        1.3.710

CloneDVD2        Elaborate Bytes        30.06.2011                2.9.3.0

CodeBlocks        The Code::Blocks Team        28.11.2011                10.05

ColorSchemer Studio 2        ColorSchemer        04.09.2011                Studio v2.1

CPUID CPU-Z 1.57.1                09.05.2011        3,22MB        

CraftBukkit                19.09.2011                

Crayon Physics Deluxe        Kloonigames        24.11.2011                

Darwinia        Introversion Software        24.11.2011                

DEFCON        Introversion Software        24.11.2011                

Defense Grid: The Awakening        Hidden Path Entertainment        25.09.2011                

Desura        Desura        16.10.2011                100.50

DivX-Setup        DivX, LLC        16.05.2011                2.5.0.8

Dungeon Defenders                15.11.2011                

Dungeons of Dredmor                28.11.2011                

DVD Decrypter (Remove Only)                04.08.2011                

DVD Shrink 3.2 deutsch        DVD Shrink        04.08.2011                

ElsterFormular für Unternehmer        Landesfinanzdirektion Thüringen        12.10.2011                12.4.0.7094u

Emsisoft Anti-Malware        Emsi Software GmbH        28.11.2011        147,2MB        6.0

ESET Online Scanner v3                28.11.2011                

Etron USB3.0 Host Controller        Etron Technology        09.05.2011        5,13MB        0.96

ffdshow [rev 3154] [2009-12-09]                31.07.2011        16,8MB        1.0

FileZilla Client 3.5.2        FileZilla Project        13.11.2011        16,6MB        3.5.2

FileZilla Server        FileZilla Project        01.07.2011        5,12MB        beta 0.9.39

foobar2000 v1.1.8        Peter Pawlowski        25.09.2011        8,62MB        1.1.8

Forsaken World                07.08.2011                

Frozen Synapse                12.08.2011                

GameMaker 8.1                12.09.2011                

GameMaker 8.1                07.09.2011                

Garmin Lifetime Updater        Garmin        08.09.2011        38,1MB        2.0.10

Garry's Mod        Team Garry        23.11.2011                

GlassFish Server Open Source Edition 3.1                23.06.2011                

Global Agenda        Hi-Rez Studios        06.08.2011                

Google Chrome        Google Inc.        09.05.2011                14.0.835.202

Google Chrome        Google Inc.        18.10.2011                15.0.874.121

Google Earth        Google        20.11.2011        92,7MB        6.1.0.5001

Google Talk (remove only)                14.05.2011                

Google Talk Plugin        Google        23.11.2011        17,9MB        2.5.8.4958

Haali Media Splitter                09.05.2011                

Heroes of Newerth        S2 Games        05.09.2011                2.0.33

ImgBurn        LIGHTNING UK!        09.05.2011                2.5.5.0

Intel(R) Management Engine Components        Intel Corporation        10.05.2011                7.0.0.1144

Intel(R) Rapid Storage Technology        Intel Corporation        10.05.2011                10.1.0.1008

Java(TM) 6 Update 25        Oracle        27.09.2011        94,7MB        6.0.250

Java(TM) 6 Update 26 (64-bit)        Oracle        20.06.2011        91,6MB        6.0.260

Java(TM) 6 Update 27        Oracle        10.05.2011        96,9MB        6.0.270

Java(TM) 7        Oracle        06.09.2011        98,9MB        7.0.0

Java(TM) 7 (64-bit)        Oracle        06.09.2011        93,3MB        7.0.0

Java(TM) SE Development Kit 6 Update 25        Oracle        10.05.2011        141,1MB        1.6.0.250

Java(TM) SE Development Kit 6 Update 25 (64-bit)        Oracle        10.05.2011        146,8MB        1.6.0.250

Java(TM) SE Development Kit 6 Update 26 (64-bit)        Oracle        20.06.2011        147,2MB        1.6.0.260

Killing Floor        Tripwire Interactive        29.08.2011                

Killing Floor Mod: Defence Alliance 2                29.08.2011                

LibreOffice 3.3        LibreOffice        09.05.2011        948MB        3.3.202

LIMBO                23.11.2011                

LogMeIn Hamachi        LogMeIn, Inc.        06.09.2011                2.1.0.124

Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo                10.07.2011                

Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        28.11.2011        13,8MB        1.51.2.1300

Media Player Classic - Home Cinema v1.5.2.3456 x64        MPC-HC Team        31.07.2011        21,4MB        1.5.2.3456

Metro 2033        THQ        09.10.2011                

Microsoft .NET Framework 1.1 German Language Pack        Microsoft        09.05.2011        3,03MB        1.1.4322

Microsoft .NET Framework 1.1 SP1 + KB928366                09.05.2011                

Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        09.05.2011        38,8MB        4.0.30319

Microsoft .NET Framework 4 Extended        Microsoft Corporation        09.05.2011        52,0MB        4.0.30319

Microsoft IntelliPoint 7.1        Microsoft        09.06.2011        34,0MB        7.10.344.0

Microsoft IntelliType Pro 8.1        Microsoft        09.05.2011                8.15.406.0

Microsoft Silverlight        Microsoft Corporation        22.11.2011        60,4MB        4.0.60831.0

Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        06.09.2011        0,29MB        8.0.59193

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175        Microsoft Corporation        09.05.2011        0,57MB        8.0.51011

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570        Microsoft Corporation        09.05.2011        0,77MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        09.05.2011        0,58MB        9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17        Microsoft Corporation        09.05.2011        0,25MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        09.05.2011        0,77MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161        Microsoft Corporation        06.09.2011        0,77MB        9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729        Microsoft Corporation        09.05.2011        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        09.05.2011        0,23MB        9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        09.05.2011        0,58MB        9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        06.09.2011        0,59MB        9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        09.05.2011        13,7MB        10.0.30319

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219        Microsoft Corporation        22.11.2011        16,7MB        10.0.40219

Microsoft Visual J# 2.0 Redistributable Package        Microsoft Corporation        09.05.2011                

Microsoft XNA Framework Redistributable 3.1        Microsoft Corporation        04.09.2011        7,55MB        3.1.10527.0

MinGW 5.1.4        MinGW        27.11.2011                5.1.4

MKVtoolnix 4.9.1        Moritz Bunkus        04.08.2011                4.9.1

Mozilla Firefox 8.0 (x86 de)        Mozilla        07.11.2011        39,5MB        8.0

Mozilla Thunderbird (8.0)        Mozilla        07.11.2011                8.0 (de)

MultipleIEs                09.05.2011                

Multiwinia        Introversion Software        24.11.2011                

Mumble 1.2.3        Thorvald Natvig        31.10.2011        29,7MB        1.2.3

MySQL Workbench 5.2 CE        Oracle Corporation        30.10.2011        74,5MB        5.2.35

Natural Selection 2                01.07.2011                

NetBeans IDE 7.0        NetBeans.org        09.05.2011                7.0

Notepad++                29.09.2011                5.9.3

Nuance PDF Reader        Nuance Communications, Inc.        25.05.2011        52,3MB        7.00.0000

NVIDIA Grafiktreiber 285.62        NVIDIA Corporation        25.10.2011                285.62

NVIDIA HD-Audiotreiber 1.2.24.0        NVIDIA Corporation        25.10.2011                1.2.24.0

NVIDIA PhysX-Systemsoftware 9.11.0621        NVIDIA Corporation        25.10.2011                9.11.0621

NVIDIA Update 1.5.20        NVIDIA Corporation        25.10.2011                1.5.20

OpenAL                25.10.2011                

OpenVPN 2.1_rc20                01.10.2011                2.1_rc20

OpenVPN Connect        OpenVPN Technologies        15.11.2011        13,5MB        1.8.3

Opera 11.52        Opera Software ASA        07.11.2011                11.52.1100

Oracle VM VirtualBox 4.0.8        Oracle Corporation        27.06.2011        120,4MB        4.0.8

Orcs Must Die!                23.11.2011                

Osmos        Hemisphere Games        13.09.2011                

PeaZip 4.0 (WIN64)        Giorgio Tani        29.09.2011        18,8MB        

Pidgin                05.11.2011                2.10.0

PuTTY version 0.61        Simon Tatham        29.09.2011                0.61

Rage                06.10.2011                

RasterVect 15.3 Trial        RasterVect Software        23.06.2011                

Realtek Ethernet Controller Driver For Windows 7        Realtek        09.05.2011                7.23.623.2010

RegExr        gskinner.com, inc.        12.10.2011                0.3.1b

Revenge of the Titans                25.09.2011                

Saal Design Software        SSW Software GmbH        20.11.2011                2.9.2

Safari        Apple Inc.        11.05.2011        41,3MB        5.33.21.1

Sanctum                25.09.2011                

Skype Click to Call        Skype Technologies S.A.        28.10.2011        14,4MB        5.6.8442

Skype™ 5.5        Skype Technologies S.A.        28.10.2011        17,0MB        5.5.124

Sol Survivor        Cadenza Interactive Games        25.09.2011                

Spiral Knights        SEGA        06.08.2011                

SPlayer                08.09.2011                

Spybot - Search & Destroy        Safer Networking Limited        27.11.2011                1.6.2

StartNow Toolbar        StartNow.com        15.10.2011                2.3.0

Steam        Valve Corporation        01.07.2011        35,5MB        1.0.0.0

System Explorer 3.6.2        Mister Group        29.11.2011        4,97MB        

Team Fortress 2        Valve        01.07.2011                

TeamViewer 6        TeamViewer GmbH        08.11.2011                6.0.11656

The Elder Scrolls V: Skyrim        Bethesda Game Studios        11.11.2011                

Titanium Developer        Appcelerator        10.05.2011        5,99MB        1.2.2

TP-LINK Wireless Client Utility        TP-LINK        26.06.2011                7.0

Update Notifier        CleanSofts.org        18.05.2011                1.1.6.141

Uplink        Introversion Software        24.11.2011                

Vim 7.3 (self-installing)                27.11.2011                

VLC media player 1.1.11        VideoLAN        29.09.2011                1.1.11

VNC Free Edition 4.1.3        RealVNC Ltd.        09.05.2011                4.1.3

VobSub v2.23 (Remove Only)                30.06.2011                

Warcraft III        Blizzard Entertainment        11.05.2011                

Wascana C/C++ IDE for Windows        Doug Schaefer        28.11.2011                1.0.0.0

Windows Mobile-Gerätecenter        Microsoft Corporation        23.07.2011        27,4MB        6.1.6965.0

WinPcap 4.1.2        CACE Technologies        13.05.2011                4.1.0.2001

WinRAR 4.01 (64-Bit)        win.rar GmbH        03.08.2011                4.01.0

World of Tanks v.0.6.5        Wargaming.net        31.07.2011                

XBMC        Team XBMC        04.08.2011                

XFastUsb                09.05.2011                

XviD MPEG4 Video Codec (remove only)                30.06.2011

/edit: So eins noch vergessen, Das war der erste Scan mit malwarebytes nach der Infektion:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8260
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

28.11.2011 22:03:38

mbam-log-2011-11-28 (22-03-38).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 188990

Laufzeit: 40 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 1

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\$Recycle.Bin\s-1-5-21-3065023223-3259891288-495664237-1000\$RBHRZNJ.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.

Punkt 4. fehlt noch, bitte nachreichen! (ein neues Logfile erstellen und posten)

außerdem:

TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

Im Anhang befinden sich die beiden fehlenden Logs!

Soooo den letzten report von TDSS werd ich gleich nachreichen!

viele Grüße, Ralf.

Code:

20:43:22.0789 6244        TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44

20:43:23.0084 6244        ============================================================

20:43:23.0084 6244        Current date / time: 2011/12/01 20:43:23.0084

20:43:23.0084 6244        SystemInfo:

20:43:23.0084 6244        

20:43:23.0084 6244        OS Version: 6.1.7601 ServicePack: 1.0

20:43:23.0084 6244        Product type: Workstation

20:43:23.0084 6244        ComputerName: DEEPTHOUGHT

20:43:23.0085 6244        UserName: Clash

20:43:23.0085 6244        Windows directory: C:\Windows

20:43:23.0085 6244        System windows directory: C:\Windows

20:43:23.0085 6244        Running under WOW64

20:43:23.0085 6244        Processor architecture: Intel x64

20:43:23.0085 6244        Number of processors: 4

20:43:23.0085 6244        Page size: 0x1000

20:43:23.0085 6244        Boot type: Normal boot

20:43:23.0085 6244        ============================================================

20:43:30.0145 6244        Initialize success

21:00:30.0783 4132        ============================================================

21:00:30.0783 4132        Scan started

21:00:30.0783 4132        Mode: Manual; 

21:00:30.0783 4132        ============================================================

21:00:30.0951 4132        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

21:00:30.0952 4132        1394ohci - ok

21:00:30.0960 4132        A2DDA           (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

21:00:30.0960 4132        A2DDA - ok

21:00:30.0976 4132        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

21:00:30.0980 4132        ACPI - ok

21:00:30.0993 4132        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

21:00:30.0993 4132        AcpiPmi - ok

21:00:31.0010 4132        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

21:00:31.0012 4132        adp94xx - ok

21:00:31.0027 4132        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

21:00:31.0030 4132        adpahci - ok

21:00:31.0042 4132        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

21:00:31.0043 4132        adpu320 - ok

21:00:31.0062 4132        AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

21:00:31.0067 4132        AFD - ok

21:00:31.0078 4132        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

21:00:31.0080 4132        agp440 - ok

21:00:31.0091 4132        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

21:00:31.0092 4132        aliide - ok

21:00:31.0105 4132        ALSysIO - ok

21:00:31.0116 4132        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

21:00:31.0116 4132        amdide - ok

21:00:31.0126 4132        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

21:00:31.0127 4132        AmdK8 - ok

21:00:31.0137 4132        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

21:00:31.0137 4132        AmdPPM - ok

21:00:31.0147 4132        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

21:00:31.0148 4132        amdsata - ok

21:00:31.0158 4132        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

21:00:31.0161 4132        amdsbs - ok

21:00:31.0171 4132        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

21:00:31.0171 4132        amdxata - ok

21:00:31.0181 4132        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

21:00:31.0182 4132        AppID - ok

21:00:31.0196 4132        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

21:00:31.0197 4132        arc - ok

21:00:31.0207 4132        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

21:00:31.0208 4132        arcsas - ok

21:00:31.0225 4132        AsrAppCharger   (912a215ce180a6e7c923c662d7ec777d) C:\Windows\system32\DRIVERS\AsrAppCharger.sys

21:00:31.0225 4132        AsrAppCharger - ok

21:00:31.0237 4132        aswFsBlk        (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys

21:00:31.0237 4132        aswFsBlk - ok

21:00:31.0247 4132        aswMonFlt       (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys

21:00:31.0248 4132        aswMonFlt - ok

21:00:31.0258 4132        aswRdr          (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys

21:00:31.0258 4132        aswRdr - ok

21:00:31.0272 4132        aswSnx          (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys

21:00:31.0275 4132        aswSnx - ok

21:00:31.0291 4132        aswSP           (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys

21:00:31.0293 4132        aswSP - ok

21:00:31.0305 4132        aswTdi          (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys

21:00:31.0306 4132        aswTdi - ok

21:00:31.0317 4132        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

21:00:31.0318 4132        AsyncMac - ok

21:00:31.0328 4132        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

21:00:31.0328 4132        atapi - ok

21:00:31.0348 4132        athr            (2142725e147c9a44b3f0d76099c5da71) C:\Windows\system32\DRIVERS\athrx.sys

21:00:31.0357 4132        athr - ok

21:00:31.0376 4132        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

21:00:31.0380 4132        b06bdrv - ok

21:00:31.0393 4132        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

21:00:31.0395 4132        b57nd60a - ok

21:00:31.0408 4132        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

21:00:31.0410 4132        Beep - ok

21:00:31.0422 4132        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

21:00:31.0422 4132        blbdrive - ok

21:00:31.0435 4132        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

21:00:31.0436 4132        bowser - ok

21:00:31.0447 4132        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

21:00:31.0447 4132        BrFiltLo - ok

21:00:31.0457 4132        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

21:00:31.0458 4132        BrFiltUp - ok

21:00:31.0472 4132        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

21:00:31.0475 4132        Brserid - ok

21:00:31.0486 4132        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

21:00:31.0487 4132        BrSerWdm - ok

21:00:31.0498 4132        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

21:00:31.0500 4132        BrUsbMdm - ok

21:00:31.0511 4132        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

21:00:31.0511 4132        BrUsbSer - ok

21:00:31.0522 4132        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

21:00:31.0522 4132        BTHMODEM - ok

21:00:31.0537 4132        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

21:00:31.0538 4132        cdfs - ok

21:00:31.0552 4132        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

21:00:31.0553 4132        cdrom - ok

21:00:31.0565 4132        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

21:00:31.0566 4132        circlass - ok

21:00:31.0578 4132        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

21:00:31.0582 4132        CLFS - ok

21:00:31.0597 4132        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

21:00:31.0598 4132        CmBatt - ok

21:00:31.0607 4132        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

21:00:31.0608 4132        cmdide - ok

21:00:31.0635 4132        cmudaxp         (0367f029425cbd5506e8db2757ff3a8f) C:\Windows\system32\drivers\cmudaxp.sys

21:00:31.0650 4132        cmudaxp - ok

21:00:31.0667 4132        CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

21:00:31.0671 4132        CNG - ok

21:00:31.0683 4132        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

21:00:31.0683 4132        Compbatt - ok

21:00:31.0696 4132        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

21:00:31.0696 4132        CompositeBus - ok

21:00:31.0707 4132        cpuz135         (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys

21:00:31.0708 4132        cpuz135 - ok

21:00:31.0717 4132        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

21:00:31.0717 4132        crcdisk - ok

21:00:31.0736 4132        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

21:00:31.0740 4132        CSC - ok

21:00:31.0757 4132        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

21:00:31.0758 4132        DfsC - ok

21:00:31.0772 4132        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

21:00:31.0772 4132        discache - ok

21:00:31.0785 4132        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

21:00:31.0786 4132        Disk - ok

21:00:31.0797 4132        dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys

21:00:31.0798 4132        dmvsc - ok

21:00:31.0812 4132        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

21:00:31.0813 4132        drmkaud - ok

21:00:31.0832 4132        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

21:00:31.0840 4132        DXGKrnl - ok

21:00:31.0875 4132        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

21:00:31.0892 4132        ebdrv - ok

21:00:31.0908 4132        ElbyCDIO - ok

21:00:31.0925 4132        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

21:00:31.0927 4132        elxstor - ok

21:00:31.0938 4132        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

21:00:31.0938 4132        ErrDev - ok

21:00:31.0952 4132        EtronHub3       (df2f6c1e55f6e81cfc7f688380d85816) C:\Windows\system32\Drivers\EtronHub3.sys

21:00:31.0952 4132        EtronHub3 - ok

21:00:31.0965 4132        EtronXHCI       (e093abfb67a4b9d94f80611a7d0a8bb9) C:\Windows\system32\Drivers\EtronXHCI.sys

21:00:31.0965 4132        EtronXHCI - ok

21:00:31.0980 4132        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

21:00:31.0982 4132        exfat - ok

21:00:31.0993 4132        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

21:00:31.0996 4132        fastfat - ok

21:00:32.0008 4132        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

21:00:32.0010 4132        fdc - ok

21:00:32.0023 4132        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

21:00:32.0025 4132        FileInfo - ok

21:00:32.0036 4132        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

21:00:32.0037 4132        Filetrace - ok

21:00:32.0048 4132        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

21:00:32.0048 4132        flpydisk - ok

21:00:32.0062 4132        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

21:00:32.0065 4132        FltMgr - ok

21:00:32.0077 4132        FNETTBOH_305    (fe95ae537b41a7e2f4cfe353064dc4af) C:\Windows\system32\drivers\FNETTBOH_305.SYS

21:00:32.0077 4132        FNETTBOH_305 - ok

21:00:32.0090 4132        FNETURPX        (7c3c4b4c951ec1bdfd4f769d05e2cc68) C:\Windows\system32\drivers\FNETURPX.SYS

21:00:32.0091 4132        FNETURPX - ok

21:00:32.0103 4132        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

21:00:32.0105 4132        FsDepends - ok

21:00:32.0113 4132        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

21:00:32.0115 4132        Fs_Rec - ok

21:00:32.0126 4132        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

21:00:32.0127 4132        fvevol - ok

21:00:32.0141 4132        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

21:00:32.0141 4132        gagp30kx - ok

21:00:32.0155 4132        hamachi         (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

21:00:32.0155 4132        hamachi - ok

21:00:32.0168 4132        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

21:00:32.0168 4132        hcw85cir - ok

21:00:32.0182 4132        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

21:00:32.0185 4132        HdAudAddService - ok

21:00:32.0197 4132        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

21:00:32.0198 4132        HDAudBus - ok

21:00:32.0210 4132        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

21:00:32.0210 4132        HidBatt - ok

21:00:32.0221 4132        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

21:00:32.0222 4132        HidBth - ok

21:00:32.0235 4132        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

21:00:32.0235 4132        HidIr - ok

21:00:32.0246 4132        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

21:00:32.0246 4132        HidUsb - ok

21:00:32.0262 4132        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

21:00:32.0263 4132        HpSAMD - ok

21:00:32.0281 4132        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

21:00:32.0286 4132        HTTP - ok

21:00:32.0298 4132        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

21:00:32.0300 4132        hwpolicy - ok

21:00:32.0311 4132        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

21:00:32.0312 4132        i8042prt - ok

21:00:32.0327 4132        iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys

21:00:32.0328 4132        iaStor - ok

21:00:32.0343 4132        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

21:00:32.0346 4132        iaStorV - ok

21:00:32.0360 4132        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

21:00:32.0361 4132        iirsp - ok

21:00:32.0375 4132        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

21:00:32.0376 4132        intelide - ok

21:00:32.0388 4132        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

21:00:32.0388 4132        intelppm - ok

21:00:32.0400 4132        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

21:00:32.0401 4132        IpFilterDriver - ok

21:00:32.0411 4132        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

21:00:32.0412 4132        IPMIDRV - ok

21:00:32.0423 4132        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

21:00:32.0425 4132        IPNAT - ok

21:00:32.0435 4132        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

21:00:32.0435 4132        IRENUM - ok

21:00:32.0445 4132        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

21:00:32.0445 4132        isapnp - ok

21:00:32.0456 4132        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

21:00:32.0457 4132        iScsiPrt - ok

21:00:32.0472 4132        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

21:00:32.0472 4132        kbdclass - ok

21:00:32.0483 4132        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

21:00:32.0485 4132        kbdhid - ok

21:00:32.0496 4132        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

21:00:32.0497 4132        KSecDD - ok

21:00:32.0510 4132        KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

21:00:32.0512 4132        KSecPkg - ok

21:00:32.0525 4132        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

21:00:32.0526 4132        ksthunk - ok

21:00:32.0541 4132        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

21:00:32.0542 4132        lltdio - ok

21:00:32.0557 4132        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

21:00:32.0558 4132        LSI_FC - ok

21:00:32.0571 4132        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

21:00:32.0572 4132        LSI_SAS - ok

21:00:32.0583 4132        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

21:00:32.0585 4132        LSI_SAS2 - ok

21:00:32.0597 4132        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

21:00:32.0598 4132        LSI_SCSI - ok

21:00:32.0610 4132        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

21:00:32.0611 4132        luafv - ok

21:00:32.0621 4132        MBAMProtector   (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys

21:00:32.0622 4132        MBAMProtector - ok

21:00:32.0636 4132        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

21:00:32.0636 4132        megasas - ok

21:00:32.0648 4132        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

21:00:32.0651 4132        MegaSR - ok

21:00:32.0663 4132        MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

21:00:32.0663 4132        MEIx64 - ok

21:00:32.0673 4132        MEMSWEEP2       (f9ce67e9e0226079b59107b649851f96) C:\Windows\system32\9F2.tmp

21:00:32.0673 4132        MEMSWEEP2 - ok

21:00:32.0687 4132        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

21:00:32.0687 4132        Modem - ok

21:00:32.0696 4132        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

21:00:32.0697 4132        monitor - ok

21:00:32.0707 4132        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

21:00:32.0708 4132        mouclass - ok

21:00:32.0718 4132        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

21:00:32.0718 4132        mouhid - ok

21:00:32.0730 4132        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

21:00:32.0731 4132        mountmgr - ok

21:00:32.0742 4132        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

21:00:32.0743 4132        mpio - ok

21:00:32.0753 4132        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

21:00:32.0755 4132        mpsdrv - ok

21:00:32.0765 4132        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

21:00:32.0766 4132        MRxDAV - ok

21:00:32.0778 4132        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

21:00:32.0780 4132        mrxsmb - ok

21:00:32.0791 4132        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

21:00:32.0793 4132        mrxsmb10 - ok

21:00:32.0806 4132        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

21:00:32.0807 4132        mrxsmb20 - ok

21:00:32.0820 4132        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

21:00:32.0820 4132        msahci - ok

21:00:32.0832 4132        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

21:00:32.0833 4132        msdsm - ok

21:00:32.0847 4132        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

21:00:32.0848 4132        Msfs - ok

21:00:32.0860 4132        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

21:00:32.0860 4132        mshidkmdf - ok

21:00:32.0871 4132        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

21:00:32.0872 4132        msisadrv - ok

21:00:32.0886 4132        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

21:00:32.0886 4132        MSKSSRV - ok

21:00:32.0896 4132        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

21:00:32.0897 4132        MSPCLOCK - ok

21:00:32.0907 4132        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

21:00:32.0907 4132        MSPQM - ok

21:00:32.0920 4132        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

21:00:32.0923 4132        MsRPC - ok

21:00:32.0937 4132        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

21:00:32.0937 4132        mssmbios - ok

21:00:32.0947 4132        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

21:00:32.0948 4132        MSTEE - ok

21:00:32.0957 4132        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

21:00:32.0958 4132        MTConfig - ok

21:00:32.0967 4132        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

21:00:32.0968 4132        Mup - ok

21:00:32.0982 4132        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

21:00:32.0985 4132        NativeWifiP - ok

21:00:33.0006 4132        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

21:00:33.0013 4132        NDIS - ok

21:00:33.0027 4132        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

21:00:33.0028 4132        NdisCap - ok

21:00:33.0040 4132        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

21:00:33.0040 4132        NdisTapi - ok

21:00:33.0051 4132        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

21:00:33.0052 4132        Ndisuio - ok

21:00:33.0063 4132        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

21:00:33.0065 4132        NdisWan - ok

21:00:33.0078 4132        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

21:00:33.0078 4132        NDProxy - ok

21:00:33.0091 4132        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

21:00:33.0092 4132        NetBIOS - ok

21:00:33.0105 4132        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

21:00:33.0107 4132        NetBT - ok

21:00:33.0126 4132        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

21:00:33.0127 4132        nfrd960 - ok

21:00:33.0141 4132        NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

21:00:33.0142 4132        NPF - ok

21:00:33.0151 4132        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

21:00:33.0152 4132        Npfs - ok

21:00:33.0163 4132        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

21:00:33.0163 4132        nsiproxy - ok

21:00:33.0191 4132        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

21:00:33.0202 4132        Ntfs - ok

21:00:33.0216 4132        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

21:00:33.0216 4132        Null - ok

21:00:33.0230 4132        NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

21:00:33.0231 4132        NVHDA - ok

21:00:33.0330 4132        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

21:00:33.0400 4132        nvlddmkm - ok

21:00:33.0412 4132        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

21:00:33.0413 4132        nvraid - ok

21:00:33.0425 4132        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

21:00:33.0426 4132        nvstor - ok

21:00:33.0440 4132        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

21:00:33.0442 4132        nv_agp - ok

21:00:33.0452 4132        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

21:00:33.0452 4132        ohci1394 - ok

21:00:33.0472 4132        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys

21:00:33.0473 4132        Parport - ok

21:00:33.0486 4132        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

21:00:33.0487 4132        partmgr - ok

21:00:33.0501 4132        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

21:00:33.0502 4132        pci - ok

21:00:33.0515 4132        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

21:00:33.0515 4132        pciide - ok

21:00:33.0528 4132        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

21:00:33.0530 4132        pcmcia - ok

21:00:33.0541 4132        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

21:00:33.0542 4132        pcw - ok

21:00:33.0558 4132        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

21:00:33.0563 4132        PEAUTH - ok

21:00:33.0588 4132        Point64         (7ca2487bc51fbe4fa30de657c61d27d3) C:\Windows\system32\DRIVERS\point64k.sys

21:00:33.0590 4132        Point64 - ok

21:00:33.0605 4132        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

21:00:33.0607 4132        PptpMiniport - ok

21:00:33.0618 4132        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

21:00:33.0620 4132        Processor - ok

21:00:33.0633 4132        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

21:00:33.0635 4132        Psched - ok

21:00:33.0656 4132        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

21:00:33.0666 4132        ql2300 - ok

21:00:33.0676 4132        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

21:00:33.0677 4132        ql40xx - ok

21:00:33.0692 4132        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

21:00:33.0693 4132        QWAVEdrv - ok

21:00:33.0707 4132        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

21:00:33.0707 4132        RasAcd - ok

21:00:33.0720 4132        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

21:00:33.0720 4132        RasAgileVpn - ok

21:00:33.0733 4132        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

21:00:33.0735 4132        Rasl2tp - ok

21:00:33.0748 4132        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

21:00:33.0750 4132        RasPppoe - ok

21:00:33.0763 4132        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

21:00:33.0765 4132        RasSstp - ok

21:00:33.0778 4132        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

21:00:33.0781 4132        rdbss - ok

21:00:33.0793 4132        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

21:00:33.0793 4132        rdpbus - ok

21:00:33.0803 4132        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

21:00:33.0803 4132        RDPCDD - ok

21:00:33.0816 4132        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

21:00:33.0817 4132        RDPDR - ok

21:00:33.0830 4132        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

21:00:33.0830 4132        RDPENCDD - ok

21:00:33.0842 4132        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

21:00:33.0842 4132        RDPREFMP - ok

21:00:33.0853 4132        RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

21:00:33.0855 4132        RdpVideoMiniport - ok

21:00:33.0865 4132        RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

21:00:33.0866 4132        RDPWD - ok

21:00:33.0881 4132        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

21:00:33.0883 4132        rdyboost - ok

21:00:33.0901 4132        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

21:00:33.0902 4132        rspndr - ok

21:00:33.0915 4132        RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

21:00:33.0916 4132        RTL8167 - ok

21:00:33.0928 4132        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

21:00:33.0928 4132        s3cap - ok

21:00:33.0940 4132        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

21:00:33.0941 4132        sbp2port - ok

21:00:33.0956 4132        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

21:00:33.0956 4132        scfilter - ok

21:00:33.0971 4132        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

21:00:33.0972 4132        secdrv - ok

21:00:33.0987 4132        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

21:00:33.0987 4132        Serenum - ok

21:00:34.0000 4132        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

21:00:34.0001 4132        Serial - ok

21:00:34.0011 4132        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

21:00:34.0012 4132        sermouse - ok

21:00:34.0027 4132        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

21:00:34.0027 4132        sffdisk - ok

21:00:34.0040 4132        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

21:00:34.0040 4132        sffp_mmc - ok

21:00:34.0050 4132        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

21:00:34.0051 4132        sffp_sd - ok

21:00:34.0060 4132        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

21:00:34.0061 4132        sfloppy - ok

21:00:34.0075 4132        silabenm        (7799106fee728b907a86d9c9751e02d5) C:\Windows\system32\DRIVERS\silabenm.sys

21:00:34.0075 4132        silabenm - ok

21:00:34.0087 4132        silabser        (39a6f89d7eff9b1b839570134170d859) C:\Windows\system32\DRIVERS\silabser.sys

21:00:34.0087 4132        silabser - ok

21:00:34.0097 4132        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

21:00:34.0098 4132        SiSRaid2 - ok

21:00:34.0108 4132        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

21:00:34.0108 4132        SiSRaid4 - ok

21:00:34.0121 4132        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

21:00:34.0122 4132        Smb - ok

21:00:34.0137 4132        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

21:00:34.0138 4132        spldr - ok

21:00:34.0143 4132        sptd - ok

21:00:34.0161 4132        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

21:00:34.0165 4132        srv - ok

21:00:34.0177 4132        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

21:00:34.0181 4132        srv2 - ok

21:00:34.0192 4132        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

21:00:34.0193 4132        srvnet - ok

21:00:34.0208 4132        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

21:00:34.0208 4132        stexstor - ok

21:00:34.0221 4132        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

21:00:34.0221 4132        storflt - ok

21:00:34.0232 4132        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

21:00:34.0232 4132        storvsc - ok

21:00:34.0242 4132        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

21:00:34.0242 4132        swenum - ok

21:00:34.0256 4132        Synth3dVsc      (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys

21:00:34.0257 4132        Synth3dVsc - ok

21:00:34.0272 4132        tap0901         (024adc7f69d1776d72cc5d031b41ce4f) C:\Windows\system32\DRIVERS\tap0901.sys

21:00:34.0272 4132        tap0901 - ok

21:00:34.0286 4132        tapoas          (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys

21:00:34.0286 4132        tapoas - ok

21:00:34.0311 4132        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

21:00:34.0322 4132        Tcpip - ok

21:00:34.0345 4132        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

21:00:34.0352 4132        TCPIP6 - ok

21:00:34.0366 4132        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

21:00:34.0366 4132        tcpipreg - ok

21:00:34.0378 4132        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

21:00:34.0380 4132        TDPIPE - ok

21:00:34.0391 4132        TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

21:00:34.0391 4132        TDTCP - ok

21:00:34.0403 4132        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

21:00:34.0405 4132        tdx - ok

21:00:34.0417 4132        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

21:00:34.0418 4132        TermDD - ok

21:00:34.0428 4132        terminpt        (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys

21:00:34.0430 4132        terminpt - ok

21:00:34.0447 4132        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

21:00:34.0447 4132        tssecsrv - ok

21:00:34.0458 4132        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

21:00:34.0460 4132        TsUsbFlt - ok

21:00:34.0470 4132        TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

21:00:34.0471 4132        TsUsbGD - ok

21:00:34.0481 4132        tsusbhub        (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys

21:00:34.0482 4132        tsusbhub - ok

21:00:34.0496 4132        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

21:00:34.0498 4132        tunnel - ok

21:00:34.0511 4132        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

21:00:34.0512 4132        uagp35 - ok

21:00:34.0526 4132        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

21:00:34.0530 4132        udfs - ok

21:00:34.0545 4132        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

21:00:34.0545 4132        uliagpkx - ok

21:00:34.0558 4132        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

21:00:34.0560 4132        umbus - ok

21:00:34.0571 4132        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

21:00:34.0572 4132        UmPass - ok

21:00:34.0588 4132        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

21:00:34.0590 4132        usbccgp - ok

21:00:34.0601 4132        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

21:00:34.0602 4132        usbcir - ok

21:00:34.0612 4132        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

21:00:34.0613 4132        usbehci - ok

21:00:34.0625 4132        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

21:00:34.0628 4132        usbhub - ok

21:00:34.0641 4132        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

21:00:34.0641 4132        usbohci - ok

21:00:34.0652 4132        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

21:00:34.0653 4132        usbprint - ok

21:00:34.0663 4132        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

21:00:34.0665 4132        USBSTOR - ok

21:00:34.0675 4132        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

21:00:34.0675 4132        usbuhci - ok

21:00:34.0690 4132        VBoxDrv         (f6b266fda43a39924e40b1a42b91c983) C:\Windows\system32\DRIVERS\VBoxDrv.sys

21:00:34.0691 4132        VBoxDrv - ok

21:00:34.0705 4132        VBoxNetAdp      (d119c47f337b5b5a80e259563703a922) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

21:00:34.0706 4132        VBoxNetAdp - ok

21:00:34.0718 4132        VBoxNetFlt      (a10eb38d1395f5fce91e07608e0185b6) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys

21:00:34.0720 4132        VBoxNetFlt - ok

21:00:34.0730 4132        VBoxUSBMon      (6dd88ea539217a9cfeff4ef888c9d101) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys

21:00:34.0730 4132        VBoxUSBMon - ok

21:00:34.0740 4132        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

21:00:34.0741 4132        vdrvroot - ok

21:00:34.0752 4132        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

21:00:34.0752 4132        vga - ok

21:00:34.0762 4132        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

21:00:34.0763 4132        VgaSave - ok

21:00:34.0772 4132        VGPU - ok

21:00:34.0785 4132        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

21:00:34.0787 4132        vhdmp - ok

21:00:34.0798 4132        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

21:00:34.0800 4132        viaide - ok

21:00:34.0810 4132        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

21:00:34.0812 4132        vmbus - ok

21:00:34.0825 4132        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

21:00:34.0825 4132        VMBusHID - ok

21:00:34.0837 4132        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

21:00:34.0838 4132        volmgr - ok

21:00:34.0851 4132        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

21:00:34.0853 4132        volmgrx - ok

21:00:34.0868 4132        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

21:00:34.0872 4132        volsnap - ok

21:00:34.0883 4132        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

21:00:34.0885 4132        vsmraid - ok

21:00:34.0898 4132        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

21:00:34.0898 4132        vwifibus - ok

21:00:34.0911 4132        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

21:00:34.0912 4132        vwififlt - ok

21:00:34.0926 4132        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

21:00:34.0927 4132        WacomPen - ok

21:00:34.0940 4132        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:00:34.0942 4132        WANARP - ok

21:00:34.0945 4132        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

21:00:34.0945 4132        Wanarpv6 - ok

21:00:34.0963 4132        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

21:00:34.0963 4132        Wd - ok

21:00:34.0981 4132        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

21:00:34.0987 4132        Wdf01000 - ok

21:00:35.0006 4132        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

21:00:35.0006 4132        WfpLwf - ok

21:00:35.0018 4132        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

21:00:35.0018 4132        WIMMount - ok

21:00:35.0038 4132        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

21:00:35.0038 4132        WinUsb - ok

21:00:35.0053 4132        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

21:00:35.0055 4132        WmiAcpi - ok

21:00:35.0071 4132        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

21:00:35.0072 4132        ws2ifsl - ok

21:00:35.0088 4132        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

21:00:35.0090 4132        WudfPf - ok

21:00:35.0101 4132        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

21:00:35.0103 4132        WUDFRd - ok

21:00:35.0112 4132        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

21:00:35.0116 4132        \Device\Harddisk0\DR0 - ok

21:00:35.0117 4132        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1

21:00:35.0120 4132        \Device\Harddisk1\DR1 - ok

21:00:35.0137 4132        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

21:00:35.0147 4132        \Device\Harddisk2\DR2 - ok

21:00:35.0148 4132        Boot (0x1200)   (65a3708198a3338812aab2377a93d6ee) \Device\Harddisk0\DR0\Partition0

21:00:35.0150 4132        \Device\Harddisk0\DR0\Partition0 - ok

21:00:35.0151 4132        Boot (0x1200)   (8215fa15febca7e1e8aa9bc06812f2b2) \Device\Harddisk0\DR0\Partition1

21:00:35.0151 4132        \Device\Harddisk0\DR0\Partition1 - ok

21:00:35.0152 4132        Boot (0x1200)   (191d8dbd587c51072774197f1e2c7c69) \Device\Harddisk1\DR1\Partition0

21:00:35.0152 4132        \Device\Harddisk1\DR1\Partition0 - ok

21:00:35.0630 4132        Boot (0x1200)   (d1682411943c55f001608fef6ae2e6b4) \Device\Harddisk1\DR1\Partition1

21:00:35.0630 4132        \Device\Harddisk1\DR1\Partition1 - ok

21:00:35.0638 4132        Boot (0x1200)   (b7016e02f1ce1edfbab37f99e8cc745b) \Device\Harddisk2\DR2\Partition0

21:00:35.0640 4132        \Device\Harddisk2\DR2\Partition0 - ok

21:00:35.0650 4132        Boot (0x1200)   (e76b0fe6f2707b99d3378cee1a159079) \Device\Harddisk2\DR2\Partition1

21:00:35.0650 4132        \Device\Harddisk2\DR2\Partition1 - ok

21:00:35.0650 4132        ============================================================

21:00:35.0650 4132        Scan finished

21:00:35.0650 4132        ============================================================

21:00:35.0655 7128        Detected object count: 0

21:00:35.0655 7128        Actual detected object count: 0

Zitat:

Spybot

- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!
danach die Alte Version deinstallieren`Systemsteuerung → Software → Ändern/Entfernen...

3.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

:OTL

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/?pc=AVBR

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bing.com/?pc=avbr [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = my.daemon-search.com

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

[2011.10.16 03:42:30 | 000,002,407 | ---- | M] () -- C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml

[2011.11.05 04:32:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011.11.05 04:38:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found

O4 - HKCU..\Run: [ASRockXTU]  File not found

O4 - HKCU..\Run: [zASRockInstantBoot]  File not found

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.7.0)

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = G:\ASRSetup.exe

O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\Shell\AutoRun\command - "" = J:\start.exe

O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

[2011.12.01 19:55:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job

[2011.12.01 19:29:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.12.01 14:29:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.12.01 02:55:01 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job
 

:Commands

[purity]

[emptytemp]

und füge es hier ein: http://image.hijackthis.eu/upload/hjt1-021.jpg
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

4.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

7.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Zu 1. ) Ich habe bei Spybot immer nur ausschließlich die Immunisierungs funktion genutzt, die ich eigentlich immer recht nützlich fand. Und auch wenn es eher ein sehr sehr schwacher Schutz ist kann man ihn gut mit anderen Maßnahmen zusammen verwenden und er kostet 0% Prozessorlast!

Der Teatimer war immer schon aus.

Zu 2. ) hab ich kurz nach dem erstellen der Berichte gemacht weil mir selber aufgefallen war. Aber danke trozdem!

Zu 3:

Code:

All processes killed

========== OTL ==========

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.

C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll moved successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.

File C:\Users\Clash\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

C:\Users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\searchplugins\ask.uk.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.

File C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.

64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.

64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b93c-7b47-11e0-985b-806e6f6e6963}\ not found.

File G:\ASRSetup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4604b943-7b47-11e0-985b-806e6f6e6963}\ not found.

File H:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{882efc40-7b22-11e0-a2ab-806e6f6e6963}\ not found.

File J:\start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1f0f240-a2ce-11e0-a3ff-806e6f6e6963}\ not found.

File F:\start.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.

File D:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.

File H:\LaunchU3.exe -a not found.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000UA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.

C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3065023223-3259891288-495664237-1000Core.job moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Clash

->Temp folder emptied: 468364420 bytes

->Temporary Internet Files folder emptied: 48693800 bytes

->Java cache emptied: 5226936 bytes

->FireFox cache emptied: 1006311235 bytes

->Google Chrome cache emptied: 4788592 bytes

->Apple Safari cache emptied: 13260800 bytes

->Opera cache emptied: 2642582 bytes

->Flash cache emptied: 187179 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56475 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Neuer Ordner

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56468 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 200704 bytes

%systemroot%\System32 .tmp files removed: 1618992 bytes

%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1946 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 751 bytes

RecycleBin emptied: 13702678928 bytes

 

Total Files Cleaned = 14.548,00 mb

 

 

OTL by OldTimer - Version 3.2.31.0 log created on 12022011_112525
 

Files\Folders moved on Reboot...

C:\Users\Clash\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

bisher leider ohne Erfolg (wurde gerade schon wieder auf eine dieser dubiosen seiten weitergeleitet als ich gegoogelt hab...) aber die Punkte 4-7 mache ich jetzt und editiere dann diesen Post. Wir werden ja sehen was dann passiert.

vielen Dank und viele Grüße, Ralf.

Leider konnte ich nicht mehr editieren...

Zu 5.) so das ist der superantispywarescan:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 12/02/2011 at 01:32 PM
 

Application Version : 5.0.1136
 

Core Rules Database Version : 8008

Trace Rules Database Version: 5820
 

Scan type       : Complete Scan

Total Scan Time : 01:28:46
 

Operating System Information

Windows 7 Enterprise 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator
 

Memory items scanned      : 584

Memory threats detected   : 0

Registry items scanned    : 77493

Registry threats detected : 0

File items scanned        : 492225

File threats detected     : 615
 

Adware.Tracking Cookie
 

*Hier sollten 615 Tracking cookies stehen die ich mal zensiere sonst hat er nichts gefunden... xD*

► nur mit dem Firefox hast Du probleme, oder besteht das Problem mit Internet Explorer auch?

1.
Vor dem nächsten Schritt, also bevor wir weitermachen:
Da jederzeit etwas passieren kann, wenn du wichtige Daten hast die Du sichern möchtest, empfehle ich Dir es jetzt machen (wie Bilder, Musik usw)
►Achte darauf: Die sicherten Daten sollen keine "Ausführbare Dateien" enthalten! - ►Dateiendungen - Dies ist eine Liste von Dateiendungen, die Dateien mit ausführbarem Code bezeichnen können.
Unabhängig von einem Befall (weil ja kann eine Festplatte auch kaputt gehen, oder es gibt andere technische Probleme ), sollte man regelmäßig Sicherung machen und an einem sicheren Ort bewahren, wie CD und DVD, externe Festplatten oder/und USB-Sticks
Mache das jetzt bitte!

2.
Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:

Windows XP (nur 32-bit)
Windows 2000 (nur 32-bit)
Windows Vista (32-bit/64-bit)
Windows 7 (32-bit/64-bit)

Vorbereitung und wichtige Hinweise

Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
Liste der zu deaktivierenden Programme.
Bei Unklarheiten bitte vorher fragen.
Bitte während des Laufs von Combofix nicht in das Combofix-Fenster klicken.
Das könnte Dein System einfrieren oder hängen bleiben lassen.
Es kann circa eine Viertelstunde dauern, bis der Scan fertig ist.
ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
Teile uns das mit und warte auf unsere Anweisungen.

Kurzanleitung zur Installation der Wiederherstellungskonsole unter XP

Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
Akzeptiere die Bedingungen (Disclaimer) mit "Ja".
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist.
Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

** Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.

Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.

Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!

3.
lade Dir HijackThis 2.0.4 von *von hier* herunter
HijackThis starten→ "Do a system scan and save a logfile" klicken→ das erhaltene Logfile "markieren" → "kopieren"→ hier in deinem Thread (rechte Maustaste) "einfügen"

Das Problem besteht (oder bestand?) auch bei anderen Browsern.

so der ESET online Scan ist durchgelaufen(wow das hat gedauert)
8 Funde alles Trojaner Alle in Ordnern in denen ich Backups von Festplatten von Freunden hab (da geh ich nie rein und die Dateien wurden auch niemals ausgeführt aber trotzdem gut das das Zeug weg ist).

dannach hab ich Combofix durchgeführt.

Code:

ComboFix 11-12-02.02 - Clash 03.12.2011   0:05.1.4 - x64

Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.8175.6795 [GMT 1:00]

ausgeführt von:: c:\users\Clash\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-11-02 bis 2011-12-02  ))))))))))))))))))))))))))))))

.

.

2011-12-02 23:41 . 2011-12-02 23:41        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2011-12-02 23:41 . 2011-12-02 23:41        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-12-02 14:49 . 2011-12-02 14:49        --------        d-----w-        c:\users\Clash\AppData\Roaming\TeraCopy

2011-12-02 11:01 . 2011-12-02 11:01        --------        d-----w-        c:\users\Clash\AppData\Roaming\SUPERAntiSpyware.com

2011-12-02 11:00 . 2011-12-02 11:01        --------        d-----w-        c:\program files\SUPERAntiSpyware

2011-12-02 11:00 . 2011-12-02 11:00        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2011-12-01 21:14 . 2011-11-04 11:37        224048        ----a-w-        c:\windows\system32\drivers\VBoxDrv.sys

2011-12-01 21:14 . 2011-11-04 11:37        130864        ----a-w-        c:\windows\system32\drivers\VBoxUSBMon.sys

2011-12-01 21:14 . 2011-12-01 21:14        --------        d-----w-        c:\program files\Oracle

2011-12-01 21:10 . 2011-12-01 21:10        --------        d-----w-        c:\users\Clash\AppData\Roaming\Allmyapps

2011-12-01 20:26 . 2011-12-01 20:26        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-12-01 20:26 . 2011-12-01 20:26        611224        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-12-01 20:25 . 2011-12-01 20:25        --------        d-----w-        c:\users\Clash\AppData\Roaming\Canneverbe Limited

2011-12-01 20:25 . 2011-12-01 20:25        --------        d-----w-        c:\program files\CDBurnerXP

2011-12-01 20:24 . 2011-12-01 20:24        --------        d-----w-        c:\program files (x86)\LibreOffice 3.4

2011-12-01 20:22 . 2011-12-01 20:22        --------        d-----w-        c:\program files (x86)\GIMP-2.0

2011-12-01 20:21 . 2011-12-01 20:21        --------        d-----w-        c:\program files (x86)\SumatraPDF

2011-12-01 20:19 . 2011-12-01 20:19        --------        d-----w-        c:\program files (x86)\FileHippo.com

2011-12-01 20:19 . 2011-12-01 20:19        --------        d-----w-        c:\program files\TeraCopy

2011-12-01 20:19 . 2011-12-01 20:19        --------        d-----w-        c:\program files (x86)\Apple Software Update

2011-12-01 20:18 . 2011-11-21 04:21        134104        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll

2011-11-30 18:49 . 2011-11-28 17:53        304472        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-11-30 18:49 . 2011-11-28 17:51        24408        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-11-30 18:49 . 2011-11-28 18:01        256960        ----a-w-        c:\windows\system32\aswBoot.exe

2011-11-30 18:49 . 2011-11-28 17:54        591192        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-11-30 18:49 . 2011-11-28 17:52        42328        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-11-30 18:49 . 2011-11-28 17:52        58712        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-11-30 18:49 . 2011-11-28 17:52        66904        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-11-30 18:48 . 2011-11-28 18:01        41184        ----a-w-        c:\windows\avastSS.scr

2011-11-30 18:48 . 2011-11-28 18:01        199816        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2011-11-30 18:48 . 2011-11-30 18:48        --------        d-----w-        c:\programdata\AVAST Software

2011-11-30 18:48 . 2011-11-30 18:48        --------        d-----w-        c:\program files\AVAST Software

2011-11-30 17:30 . 2011-11-30 17:30        --------        d-----w-        c:\program files\CCleaner

2011-11-30 02:35 . 2011-11-30 03:23        --------        d-----w-        c:\programdata\SystemExplorer

2011-11-30 02:35 . 2011-11-30 02:35        --------        d-----w-        c:\program files (x86)\System Explorer

2011-11-29 20:53 . 2011-11-29 20:53        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-11-29 20:44 . 2011-11-29 20:44        --------        d-----w-        C:\TDSSKiller_Quarantine

2011-11-29 20:36 . 2011-11-29 20:36        --------        d-----w-        c:\program files (x86)\ESET

2011-11-29 20:04 . 2011-11-29 21:15        --------        d-----w-        c:\program files (x86)\Emsisoft Anti-Malware

2011-11-29 18:43 . 2011-11-29 18:46        1272        ----a-w-        c:\windows\SysWow64\tmp.reg

2011-11-29 17:38 . 2011-11-29 17:38        --------        d-----w-        c:\users\Clash\Neuer Ordner

2011-11-29 17:29 . 2011-11-29 17:29        --------        d-----w-        C:\mingw

2011-11-29 17:18 . 2009-10-17 19:17        324096        ----a-w-        c:\windows\SDL.dll

2011-11-29 16:26 . 2011-11-29 16:50        --------        d-----w-        c:\users\Clash\AppData\Roaming\codeblocks

2011-11-29 16:26 . 2011-11-29 16:26        --------        d-----w-        c:\program files (x86)\CodeBlocks

2011-11-29 03:46 . 2011-11-29 16:51        --------        d-----w-        C:\Wascana

2011-11-29 03:01 . 2009-10-17 19:17        324096        ----a-w-        c:\windows\system32\SDL.dll

2011-11-29 02:07 . 2011-03-10 14:44        2725376        ----a-w-        c:\windows\system32\drivers\cmudaxp.sys

2011-11-28 21:00 . 2011-11-28 21:00        --------        d-----w-        c:\users\Clash\AppData\Roaming\Malwarebytes

2011-11-28 21:00 . 2011-11-28 21:00        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-28 21:00 . 2011-08-31 16:00        25416        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-28 20:45 . 2011-11-28 20:45        --------        d-----w-        c:\program files (x86)\Sophos

2011-11-28 20:42 . 2011-11-28 20:42        --------        d-----w-        c:\users\Clash\Pavark

2011-11-28 19:43 . 2011-11-28 19:43        993        ----a-w-        c:\windows\gvimdiff.bat

2011-11-28 19:43 . 2011-11-28 19:43        993        ----a-w-        c:\windows\gview.bat

2011-11-28 19:43 . 2011-11-28 19:43        993        ----a-w-        c:\windows\evim.bat

2011-11-28 19:43 . 2011-11-28 19:43        985        ----a-w-        c:\windows\gvim.bat

2011-11-28 19:43 . 2011-11-28 19:43        694        ----a-w-        c:\windows\vimtutor.bat

2011-11-28 19:43 . 2011-11-28 19:43        668        ----a-w-        c:\windows\vimdiff.bat

2011-11-28 19:43 . 2011-11-28 19:43        668        ----a-w-        c:\windows\view.bat

2011-11-28 19:43 . 2011-11-28 19:43        664        ----a-w-        c:\windows\vim.bat

2011-11-28 19:43 . 2011-11-28 19:43        --------        d-----w-        c:\program files (x86)\Vim

2011-11-28 19:35 . 2011-09-29 04:03        3144704        ----a-w-        c:\windows\system32\win32k.sys

2011-11-28 19:34 . 2011-10-01 05:45        886784        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-28 19:34 . 2011-10-01 04:37        708608        ----a-w-        c:\program files (x86)\Common Files\System\wab32.dll

2011-11-28 19:34 . 2011-09-29 16:29        1923952        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-28 19:30 . 2011-06-23 05:43        5561216        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-11-28 19:30 . 2011-06-23 04:33        3967872        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe

2011-11-28 19:30 . 2011-06-23 04:33        3912576        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe

2011-11-28 19:28 . 2011-07-09 02:46        288768        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-11-28 16:07 . 2011-11-28 16:07        --------        d-----w-        C:\msys

2011-11-28 15:18 . 2011-11-28 15:18        --------        d-----w-        c:\users\Neuer Ordner

2011-11-28 14:47 . 2011-11-29 17:49        --------        d-----w-        C:\cPlusPlus

2011-11-28 14:39 . 2011-11-28 15:45        --------        d-----w-        c:\users\Clash\AppData\Roaming\Nokia

2011-11-28 14:39 . 2011-11-28 14:39        --------        d-----w-        c:\users\Clash\AppData\Local\Nokia

2011-11-26 01:27 . 2011-11-26 01:30        --------        d-----w-        c:\users\Clash\AppData\Roaming\Crayon Physics Deluxe

2011-11-21 17:56 . 2011-11-21 17:56        --------        d-----w-        c:\users\Clash\AppData\Roaming\SaalDesignSoftware

2011-11-21 17:56 . 2011-11-21 17:56        --------        d-----w-        c:\program files (x86)\SaalDesignSoftware

2011-11-19 16:23 . 2011-11-19 16:23        --------        d-----w-        C:\wp-smushit

2011-11-16 18:52 . 2011-11-16 18:52        --------        d-----w-        c:\program files (x86)\OpenVPN Technologies

2011-11-12 11:57 . 2011-11-12 11:57        --------        d-----w-        c:\users\Clash\AppData\Local\Skyrim

2011-11-12 11:56 . 2008-03-05 14:56        4910088        ----a-w-        c:\windows\system32\D3DX9_37.dll

2011-11-11 19:02 . 2011-11-11 19:02        --------        d-----w-        c:\program files (x86)\Eclipse PHP

2011-11-06 20:40 . 2011-11-06 20:40        --------        d-----w-        c:\users\Clash\AppData\Roaming\.purple

2011-11-04 11:37 . 2011-11-04 11:37        165680        ----a-w-        c:\windows\system32\drivers\VBoxNetFlt.sys

2011-11-04 11:37 . 2011-11-04 11:37        146736        ----a-w-        c:\windows\system32\drivers\VBoxNetAdp.sys

2011-11-04 11:36 . 2011-11-04 11:36        320816        ----a-w-        c:\windows\system32\VBoxNetFltNobj.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-01 20:26 . 2011-05-10 15:30        544656        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-11-23 15:34 . 2011-09-07 10:39        1202763        ----a-w-        c:\windows\unins000.exe

2011-11-23 15:31 . 2011-05-18 11:12        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-13 01:55 . 2011-06-14 19:15        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-11-13 01:55 . 2011-06-08 21:56        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-10-26 09:59 . 2011-06-08 21:56        271200        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-10-15 08:53 . 2011-10-26 09:56        7581504        ----a-w-        c:\windows\system32\nvcuda.dll

2011-10-15 08:53 . 2011-10-26 09:56        68928        ----a-w-        c:\windows\system32\OpenCL.dll

2011-10-15 08:53 . 2011-10-26 09:56        61248        ----a-w-        c:\windows\SysWow64\OpenCL.dll

2011-10-15 08:53 . 2011-10-26 09:56        5578560        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2011-10-15 08:53 . 2011-10-26 09:56        2542912        ----a-w-        c:\windows\system32\nvcuvid.dll

2011-10-15 08:53 . 2011-10-26 09:56        24796992        ----a-w-        c:\windows\system32\nvcompiler.dll

2011-10-15 08:53 . 2011-10-26 09:56        24742720        ----a-w-        c:\windows\system32\nvoglv64.dll

2011-10-15 08:53 . 2011-10-26 09:56        2458432        ----a-w-        c:\windows\SysWow64\nvapi.dll

2011-10-15 08:53 . 2011-10-26 09:56        2401088        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2011-10-15 08:53 . 2011-10-26 09:56        2232128        ----a-w-        c:\windows\system32\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-26 09:56        2099520        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2011-10-15 08:53 . 2011-10-26 09:56        18871616        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2011-10-15 08:53 . 2011-10-26 09:56        17248576        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2011-10-15 08:53 . 2011-10-26 09:56        15693120        ----a-w-        c:\windows\system32\nvd3dumx.dll

2011-10-15 08:53 . 2011-10-26 09:56        12971840        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2011-10-15 08:53 . 2011-10-09 20:41        837952        ----a-w-        c:\windows\system32\easyupdatusapiu64.dll

2011-10-15 08:53 . 2011-10-09 20:41        5067584        ----a-w-        c:\windows\system32\nvsvc64.dll

2011-10-15 08:53 . 2011-10-09 20:41        3074368        ----a-w-        c:\windows\system32\nvsvcr.dll

2011-10-15 08:53 . 2011-10-09 20:41        222528        ----a-w-        c:\windows\system32\nvmctray.dll

2011-10-15 08:53 . 2011-10-09 20:41        1640768        ----a-w-        c:\windows\system32\nvvsvc.exe

2011-10-15 08:53 . 2011-10-09 20:41        137536        ----a-w-        c:\windows\system32\nvshext.dll

2011-10-15 08:53 . 2011-10-09 20:41        10406208        ----a-w-        c:\windows\system32\nvcpl.dll

2011-10-15 08:53 . 2011-10-09 20:39        8791360        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2011-10-15 08:53 . 2011-10-09 20:39        7041856        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2011-10-15 08:53 . 2011-10-09 20:39        2808128        ----a-w-        c:\windows\system32\nvapi64.dll

2011-10-15 08:53 . 2011-10-09 20:39        1533248        ----a-w-        c:\windows\system32\nvdispco64.dll

2011-10-15 08:53 . 2011-10-09 20:39        1454400        ----a-w-        c:\windows\system32\nvgenco64.dll

2011-10-15 08:53 . 2011-10-09 20:39        13205312        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2011-10-14 22:54 . 2011-10-14 22:54        321856        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

2011-10-10 22:07 . 2011-06-16 02:49        96222375        ----a-w-        C:\bio.zip

2011-09-14 21:35 . 2011-05-10 15:37        466456        ----a-w-        c:\windows\system32\wrap_oal.dll

2011-09-14 21:35 . 2011-05-10 15:37        122904        ----a-w-        c:\windows\system32\OpenAL32.dll

2011-09-07 10:39 . 2011-05-10 15:30        627600        ----a-w-        c:\windows\system32\deployJava1.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[-] 2010-08-14 . 87A00ED70FEC36D0DD968E5058C29AA1 . 389632 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe

.

[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

[-] 2011-05-30 . D186BABDFAE7C0D93C9F6AE63957EE96 . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll

.

[-] 2011-05-30 . 0A8910F85D554ADB5C7F5B157FEE8622 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll

[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-07 5495680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-05 283160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ALSysIO;ALSysIO;c:\users\Clash\AppData\Local\Temp\ALSysIO64.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]

R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [x]

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9F2.tmp [x]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 SystemExplorerHelpService;System Explorer Help Service;c:\program files (x86)\System Explorer\SystemExplorerService64.exe [2011-09-22 712520]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R4 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-11-29 2996784]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R4 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2011-10-17 131912]

R4 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]

R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-19 136176]

R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]

R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2011-08-25 24064]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-11-03 2358656]

R4 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-11-29 2916736]

S3 cmudaxp;ASUS Xonar Essence ST Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01        134384        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: Interfaces\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206

FF - ProfilePath - c:\users\Clash\AppData\Roaming\Mozilla\Firefox\Profiles\oato85hz.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.rememberthemilk.com/home/clash666/#section.tasks|hxxp://vrr.de/de/fahrplanauskunft/index.html|hxxp://www.google.com/webhp|hxxp://www.wahlrecht.de/umfragen/index.htm|hxxp://news.google.com/news?pz=1&cf=all&ned=de&ict=ln|https://www.rememberthemilk.com/home/clash666/#section.tasks

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\9F2.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Internet Explorer\iexplore.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-12-03  01:04:22 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-12-03 00:04

.

Vor Suchlauf: 3.212.455.936 Bytes frei

Nach Suchlauf: 3.458.965.504 Bytes frei

.

- - End Of File - - 28A96D2638A336E79D8AF75BDA4ADCC7

Code:

"Minimal SYStem 1.0.10"

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Reader X (10.1.1)

Adobe Shockwave Player 11.6

Advanced Batch Converter

Alien Swarm

Alien Swarm - SDK

Alliance of Valiant Arms

Allmyapps

Android SDK Tools

Anomaly Warzone Earth

Apple Application Support

Apple Software Update

Aquaria

ASRock eXtreme Tuner v0.1.54

ASRock InstantBoot v1.26

Auto Gordian Knot 2.55

Avant Browser (remove only)

avast! Free Antivirus

Avi Fix Joiner 2.11

Avidemux 2.5

AviSynth 2.5

Bastion

Brink

Brother HL-5240

Call of Duty(R) 4 - Modern Warfare(TM)

Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch

Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch

Chromium

Chromium Updater

CloneDVD2

CodeBlocks

ColorSchemer Studio 2

CraftBukkit

Crayon Physics Deluxe

Darwinia

DEFCON

Defense Grid: The Awakening

DivX-Setup

Dungeon Defenders

Dungeons of Dredmor

DVD Decrypter (Remove Only)

DVD Shrink 3.2 deutsch

ElsterFormular für Unternehmer

Emsisoft Anti-Malware

ESET Online Scanner v3

Etron USB3.0 Host Controller

ffdshow [rev 3154] [2009-12-09]

FileHippo.com Update Checker

FileZilla Client 3.5.2

FileZilla Server

foobar2000 v1.1.9

Forsaken World 

Frozen Synapse

GameMaker 8.1

Garmin Lifetime Updater

Garry's Mod

GIMP 2.6.11

Global Agenda

Google Chrome

Google Earth

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

Haali Media Splitter

HandBrake 0.9.5

Heroes of Newerth

ImgBurn

Intel(R) Management Engine Components

Intel(R) Rapid Storage Technology

Java Auto Updater

Java(TM) 6 Update 25

Java(TM) 6 Update 27

Java(TM) 7 Update 1

Java(TM) SE Development Kit 6 Update 25

Java(TM) SE Development Kit 7 Update 1

JDownloader

Killing Floor

Killing Floor Mod: Defence Alliance 2

LibreOffice 3.4

LIMBO

LogMeIn Hamachi

Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo

Malwarebytes' Anti-Malware Version 1.51.2.1300

Metro 2033

Microsoft .NET Framework 1.1 German Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 1.1 SP1 + KB928366

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft XNA Framework Redistributable 3.1

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MKVtoolnix 4.9.1

Mozilla Firefox 8.0.1 (x86 de)

Mozilla Thunderbird (8.0)

MultipleIEs

Multiwinia

Mumble 1.2.3

MySQL Workbench 5.2 CE

Natural Selection 2

Notepad++

Nuance PDF Reader

NVIDIA PhysX

OpenAL

OpenVPN 2.1_rc20

OpenVPN Connect

Opera 11.52

Orcs Must Die!

Osmos

PDF Settings CS5

Pidgin

PuTTY version 0.61

Rage

RasterVect 15.3 Trial

Realtek Ethernet Controller Driver For Windows 7

RegExr

Revenge of the Titans

Saal Design Software

Safari

Sanctum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Skype Click to Call

Skype™ 5.5

Sol Survivor

Spiral Knights

SPlayer

Spybot - Search & Destroy

Steam

SumatraPDF

System Explorer 3.6.2

Team Fortress 2

TeamViewer 6

TeamViewer 7

The Elder Scrolls V: Skyrim

Titanium Developer

TP-LINK Wireless Client Utility

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update Notifier

Uplink

VC80CRTRedist - 8.0.50727.4053

VLC media player 1.1.11

VNC Free Edition 4.1.3

VobSub v2.23 (Remove Only)

Warcraft III

Wascana C/C++ IDE for Windows

WinPcap 4.1.2

World of Tanks v.0.6.5

XBMC

XFastUsb

XviD MPEG4 Video Codec (remove only)

Code:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:47:34, on 03.12.2011

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal
 

Running processes:

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Users\Clash\AppData\Local\Chromium\Application\chrome.exe

C:\Program Files (x86)\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: System Explorer Help Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 8958 bytes

Sooo war noch nicht viel im Netz aber bisher hat er mich nicht mehr umgeleitet ich meld mich wieder wenn ich mehr weiß.

Grüße, Ralf

Ja diesmal dachte ich wir habens... aber, leider Nein! Nachdem ich heute morgen längere Zeit nicht umgeleitet wurde und der Browser angenehm schnell war beim dns lookup, ist es nun wieder wie gehabt. Ich habe den gleichen Link (bei googel ein link zu stiftung warentest) 2-mal im neuen tab geöffnet beim ersten Tab hat sich wie gehtabt über Umleitungen irgendeine Seite geöffnet und der 2. Tab war dann der richtige.

Tja, gibt es noch was, was ich versuchen kann?

Danke auf jeden Fall trotzdem, ich kann ganz gut nachvollziehen wie viel Zeit und mühe es kostet sich um PC Probleme anderer zu kümmern.

Grüße, Ralf.

1.
Schliesse alle Programme einschliesslich Internet Explorer und fixe mit Hijackthis die Einträge aus der nachfolgenden Codebox (HijackThis starten→ "Do a system scan only"→ Einträge auswählen→ Häckhen setzen→ "Fix checked" klicken→ PC neu aufstarten):
HijackThis erstellt ein Backup, Falls bei "Fixen" etwas schief geht, kann man unter "View the list of backups"- die Objekte wiederherstellen

Code:

O4 - HKUS\S-1-5-21-3065023223-3259891288-495664237-1008\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

2.
poste erneut - nach der vorgenommenen Reinigungsaktion:
TrendMicro™ HijackThis™ -Logfile - Keine offenen Fenster, solang bis HijackThis läuft!!
► Rechtsklick auf HijackThis-> "Als administrator ausführen" wählen...

► Besteht dein Problem nach wie vor?

Nachdem ich Punkt 1 abgearbeitet hatte war erstmal mein Netzwerkadapter nicht mehr installiert. Leider hab ich es versäumt die Logfile die ich direkt nach dem neustart gemacht habe zu speichern. (der gefixte Punkt war aber auch weiterhin nicht mehr da)

daraufhin habe ich an meinem Laptop den Treiber geladen und ihn per usb auf meinen Rechner gepackt dann den Treiber manuell kopiert und die .inf installiert.

nach einem weiteren Reboot hab ich dann das Logfile direkt gemacht , der Netwerkadapter ist auch wieder installiert.

nun der log von Hijackthis nach dem 2.reboot :

Code:

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

O17 - HKLM\System\CCS\Services\Tcpip\..\{F361BF14-75DE-494C-AFF6-35A9F4B7A740}: NameServer = 80.69.100.174,80.69.100.206

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: System Explorer Help Service (SystemExplorerHelpService) - Mister Group - C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 8187 bytes

bisher wurde noch nicht umgeleitet aber in keinem meiner Browser funktioniert javascript auf Google, ist also wie gehabt. Das Äußert sich dann so das z.B. Bilder wenn man nach unten scrollt nicht nachgeladen werden in der Bildersuche und die durch JS erstellten Menüs sich nicht öffnen.

Denke mal das wars dann doch noch nicht...

Grüße, Ralf

edit: so ich hab das mal untersucht was das mit dem JS soll. Dabei fand ich heraus das google versucht JS code nachzuladen.

Code:

hxxp://www.google.de/extern_js/f/CgJkZRICZGUrMEU4ACwrMFo4ACwrMA44ACwrMBc4ACwrMDw4ACwrMFE4ACwrMFk4ACwrMAo4AZoCAmNjLCswmAE4ACwrMBY4ACwrMBk4ACwrMCo4ACwrMCs4AJoCC2pzX3JlZGlyZWN0LCswNTgALCswNjgALCswQTgALCswTTgALCswTjgALCswUzgAmgIGc2VhcmNoLCswVDgALCswYjgALCswaTgALCswbDgALCswbjgALCswcDgALCswkAE4ACwrMJIBOAAsKzCXATgALCswtgE4ACwrMHQ4ACwrMH04ACwrMB04ACwrMFw4AJoCBGlnY2MsKzAYOAAsKzAmOAAsgAJfkAJb/jiU9spSK5XE.js

das wurde aber laut firebug "aborted". ich kann die datei auch nicht in einem anderen browser laden...
vllt wird der download verhindert damit eine mögliche JS weiterleitung funktioniert...
ich müsste mal lernen besser mit nem debugger umzugehen ... dann könnte ich die quelle dieser Blockade ausfindigmachen.
nja ist wohl nicht sehr hilfreich aber ich fands grad spannend...

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

So nachdem mein Rechner heute morgen nicht mehr satrten wollte, musste ich das CMOS flashen damit ich weider starten konnte. Ich finde das sehr eigenartig war ewig nicht im BIOS hab kein OC und stabil und kühl ist der Rechner auch. (Und auch noch keine 6Monate alt,die meisten teile wie das mainboard z.B.)

Jedenfalls lief der Rechner wieder und ab heute morgen auch ohne umleitungen mit javascript auf google und angenehm schnellem DNS lookup. Soweit so gut 3 neustarts und einige Stunden benutzung später immernoch alles problemlos, wenn wir davon absehen das natürlich die windows firewall defekt ist. Aber mit einer Routerfirewall bin ich wohl eh besser dran, den Sinn von Software-Firewalls hab ich noch nie verstanden.

Achja:
Ich benutze nun Opera als Standard-Browser. sandboxIE muss ich mir mal ansehen, kommt aber auch noch.

Avast und malwarebytes las ich als free versionen auch mal drauf vllt ist es ja doch besser, auch wenn sie diesen Trojaner nicht finden konnten.

Gibt es noch was, was ich sinnvoll tun kann? Sonst einfach vielen, vielen Dank an dich für deine Hilfe! Damit war ich dann doch alleine etwas überfordert.

Viele Grüße, Ralf