Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei

M-K-D-B · 27.11.2012, 10:08

Servus,

irgendwie bekommen wie die infizierte hosts Datei da nicht weg...

Seit wann genau (Datum) hast du diese Werbeeinblendungen?

Schritt 1
Download dir bitte Hosts-perm.bat auf deinen Desktop.

Starte die Datei mit einem Doppelklick.
Bestätige ggf. die Sicherheitsabfrage.
Warte bis du die Meldung "The Permissions on the HOSTS file have been reset" siehst.
Drücke eine beliebige Taste, um die bat Datei zu beenden.

Schritt 2

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Commands
[resethosts]
[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL.

B29Korn · 27.11.2012, 10:31

Also ich hab das ganze seit dem 24.11 erlebt, kann aber auch schon vorher aufgetreten sein.

OTL:

Code:

ATTFilter

========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272012_102639

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Batchdatei:

Code:

ATTFilter

Zuordnung von Kontennamen und Sicherheitskennung wurden nicht durchgeführt.
Zugriff verweigert -C:\Windows\system32\drivers\etc\hosts
The Permissions on the HOSTS file have been resettet.

M-K-D-B · 27.11.2012, 10:49

Servus,

Starte das Tool RogueKiller.
Warte bis der Prescan abgeschlossen ist.
Klicke auf Hosts reparieren
Schließe das Programm, starte es erneut und klicke nach dem Prescan auf Scannen.
Klicke abschließend auf Bericht und poste mir die Logdatei.

B29Korn · 27.11.2012, 11:02

Code:

ATTFilter

RogueKiller V8.3.1 [Nov 23 2012] durch Tigzy
mail: tigzyRK<at>gmail<dot>com

mail : tigzyRK<at>gmail<dot>com
Kommentare : hxxp://www.geekstogo.com/forum/files/file/413-roguekiller/
Webseite : hxxp://tigzy.geekstogo.com/roguekiller.php
Blog : hxxp://tigzyrk.blogspot.com/

Betriebssystem : Windows 7 (6.1.7600 ) 64 bits version
Gestartet in : Normaler Modus
Benutzer : Chis [Admin Rechte]
Funktion : Scannen -- Datum : 11/27/2012 11:01:41

¤¤¤ Böswillige Prozesse : 0 ¤¤¤

¤¤¤ Registry-Einträge : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> GEFUNDEN
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> GEFUNDEN

¤¤¤ Bestimmte Dateien / Ordner: ¤¤¤

¤¤¤ Treiber : [NICHT GELADEN] ¤¤¤

¤¤¤ Hosts-Datei: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost
66.197.194.232 www.google-analytics.com.
66.197.194.232 ad-emea.doubleclick.net.
66.197.194.232 www.statcounter.com.
66.197.194.232 connect.facebook.net.
93.115.241.27 www.google-analytics.com.
93.115.241.27 ad-emea.doubleclick.net.
93.115.241.27 www.statcounter.com.
93.115.241.27 connect.facebook.net.


¤¤¤ MBR überprüfen: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS ATA Device +++++
--- User ---
[MBR] aabde65b904df61a8f4a882d518a2a56
[BSP] 5ae74f563822d94b622db51fa75c6b64 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 13000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 26626048 | Size: 231966 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 501692416 | Size: 228352 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 969357312 | Size: 3620 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TREK TDMINIG4 USB Device +++++
--- User ---
[MBR] 4652dfee147054531fdcd34cda881224
[BSP] c32d81b864350e013775b0d40f5188db : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 1839 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Abgeschlossen : << RKreport[17]_S_11272012_02d1101.txt >>
RKreport[10]_S_11242012_02d2312.txt ; RKreport[11]_S_11242012_02d2325.txt ; RKreport[12]_S_11242012_02d2340.txt ; RKreport[13]_S_11252012_02d0042.txt ; RKreport[14]_S_11252012_02d0049.txt ; 
RKreport[15]_S_11252012_02d0118.txt ; RKreport[16]_H_11272012_02d1101.txt ; RKreport[17]_S_11272012_02d1101.txt ; RKreport[1]_S_11242012_02d2149.txt ; RKreport[2]_D_11242012_02d2155.txt ; 
RKreport[3]_H_11242012_02d2156.txt ; RKreport[4]_DN_11242012_02d2157.txt ; RKreport[5]_S_11242012_02d2257.txt ; RKreport[6]_H_11242012_02d2257.txt ; RKreport[7]_DN_11242012_02d2258.txt ; 
RKreport[8]_S_11242012_02d2300.txt ; RKreport[9]_S_11242012_02d2312.txt

M-K-D-B · 27.11.2012, 11:12

Servus,

wir werfen von "außen" einen Blick auf das System.

Schritt 1
Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror # 1

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.

Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:

ATTFilter

:filefind
hosts

:reg
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2
Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein.
e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von SystemLook,
die Logdatei von FRST.

B29Korn · 27.11.2012, 11:45

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 11:18 on 27/11/2012 by Chis
Administrator - Elevation successful

========== filefind ==========

Searching for "hosts"
C:\Windows\System32\drivers\etc\hosts	-rahs-- 1473 bytes	[02:34 14/07/2009]	[13:14 24/11/2012] 5C75232E052E2FE25AE3CEA1E3B9A647
C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\hosts	--a---- 824 bytes	[21:00 10/06/2009]	[21:00 10/06/2009] 3688374325B992DEF12793500307566D

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"ICSDomain"="mshome.net"
"SyncDomainWithMembership"= 0x0000000001 (1)
"NV Hostname"="Chris"
"DataBasePath"="%SystemRoot%\System32\drivers\etc"
"ForwardBroadcasts"= 0x0000000000 (0)
"IPEnableRouter"= 0x0000000000 (0)
"Domain"=""
"Hostname"="Chris"
"SearchList"=""
"UseDomainNameDevolution"= 0x0000000001 (1)
"DeadGWDetectDefault"= 0x0000000001 (1)
"DontAddDefaultGatewayDefault"= 0x0000000000 (0)
"EnableWsd"= 0x0000000001 (1)
"QualifyingDestinationThreshold"= 0x0000000003 (3)
"DhcpNameServer"="192.168.0.1"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DNSRegisteredAdapters]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Winsock]


[]
Hive unrecognized.

-= EOF =-

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012
Ran by SYSTEM at 27-11-2012 11:40:09
Running from G:\
Windows 7 Home Premium   (X64) OS Language: German Standard 
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Chis\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5628800 2012-10-16] (SUPERAntiSpyware.com)
HKU\Chis\...\Policies\system: [LogonHoursAction] 2
HKU\Chis\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 ALDITALKVerbindungsassistent_Service; C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe [342984 2011-09-13] ()
3 rpcapd; "C:\Program Files (x86)\WinPcap\rpcapd.exe" -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" [x]

==================== Drivers (Whitelisted) =====================

3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [138752 2012-07-04] (Huawei Technologies Co., Ltd.)
3 ewusbnet; C:\Windows\SysWow64\Drivers\ewusbnet.sys [138752 2012-07-04] (Huawei Technologies Co., Ltd.)
3 ew_hwusbdev; C:\Windows\SysWow64\Drivers\ew_hwusbdev.sys [117248 2012-07-04] (Huawei Technologies Co., Ltd.)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2010-06-25] (CACE Technologies, Inc.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-27 11:20 - 2012-11-27 11:20 - 01461039 ____A (Farbar) C:\Users\Chis\Downloads\FRST64.exe
2012-11-27 11:18 - 2012-11-27 11:19 - 00003262 ____A C:\Users\Chis\Desktop\SystemLook.txt
2012-11-27 11:17 - 2012-11-27 11:17 - 00165376 ____A C:\Users\Chis\Desktop\SystemLook_x64.exe
2012-11-27 11:01 - 2012-11-27 11:01 - 00002819 ____A C:\Users\Chis\Desktop\RKreport[17]_S_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-27 11:01 - 00001906 ____A C:\Users\Chis\Desktop\RKreport[16]_H_11272012_02d1101.txt
2012-11-27 10:26 - 2012-11-27 10:26 - 00001504 ____A C:\Users\Chis\Desktop\beitrag.txt
2012-11-27 10:22 - 2012-11-27 10:22 - 00000194 ____A C:\Users\Chis\Desktop\hosts-perm.bat
2012-11-27 09:52 - 2012-11-27 09:52 - 00000888 ____A C:\Users\Chis\Desktop\11272012_094948.log
2012-11-27 09:27 - 2012-11-27 09:27 - 00012482 ____A C:\ComboFix.txt
2012-11-27 09:17 - 2012-11-27 09:18 - 05007135 ____R (Swearware) C:\Users\Chis\Desktop\ComboFix.exe
2012-11-27 08:21 - 2012-11-27 08:27 - 1234456012 ____A C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
2012-11-26 20:40 - 2012-11-26 20:40 - 00065592 ____A C:\Users\Chis\Downloads\memtest86+-4.20.exe.zip
2012-11-26 20:06 - 2012-11-26 20:07 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-26 20:02 - 2012-11-26 20:02 - 00998456 ____A (Solid State Networks) C:\Users\Chis\Downloads\install_flashplayer11x32_mssd_aih(1).exe
2012-11-26 20:02 - 2012-11-26 20:02 - 00003420 ____A C:\Users\Chis\Desktop\11262012_195807.log
2012-11-26 19:59 - 2012-11-27 09:50 - 00002428 ____A C:\Windows\PFRO.log
2012-11-26 19:58 - 2012-11-26 19:58 - 00000000 ____D C:\_OTL
2012-11-26 19:52 - 2012-11-26 19:52 - 00005142 ____A C:\Users\Chis\Desktop\JRT.txt
2012-11-26 19:46 - 2012-11-26 19:46 - 00000000 ____D C:\Windows\ERUNT
2012-11-26 19:45 - 2012-11-26 19:45 - 00909379 ____A C:\Users\Chis\Desktop\JRT.exe
2012-11-26 19:45 - 2012-11-26 19:45 - 00000000 ____D C:\JRT
2012-11-26 19:44 - 2012-11-26 19:44 - 00001147 ____A C:\AdwCleaner[R3].txt
2012-11-26 19:43 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Desktop\adwcleaner.exe
2012-11-26 16:43 - 2012-11-27 09:58 - 00060852 ____A C:\Users\Chis\Desktop\OTL.Txt
2012-11-26 15:04 - 2012-11-27 09:27 - 00000000 ____D C:\Qoobox
2012-11-26 15:04 - 2012-11-26 15:11 - 00000000 ____D C:\Windows\erdnt
2012-11-26 15:04 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-26 15:04 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-26 15:04 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-26 15:04 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-26 15:03 - 2012-11-26 15:04 - 05006963 ____R (Swearware) C:\Users\Chis\Downloads\ComboFix.exe
2012-11-26 13:22 - 2012-11-26 13:22 - 00685454 ____A C:\Users\Chis\Downloads\win98boot.zip
2012-11-26 13:00 - 2012-11-26 13:00 - 00000000 ____A C:\Users\Chis\Desktop\passbilder....txt
2012-11-26 09:31 - 2012-11-26 09:31 - 00000000 ____D C:\Windows\pss
2012-11-26 09:29 - 2012-11-27 11:32 - 00000672 ____A C:\Windows\setupact.log
2012-11-26 09:29 - 2012-11-26 09:29 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 09:26 - 2012-11-26 09:26 - 00001886 ____A C:\Users\Chis\Desktop\aswMBR.txt
2012-11-26 09:26 - 2012-11-26 09:26 - 00000512 ____A C:\Users\Chis\Desktop\MBR.dat
2012-11-25 17:32 - 2012-11-25 17:32 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3(1).exe
2012-11-25 17:31 - 2012-11-25 17:31 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3.exe
2012-11-25 17:12 - 2012-11-25 17:13 - 04732416 ____A (AVAST Software) C:\Users\Chis\Downloads\aswMBR.exe
2012-11-25 17:11 - 2012-11-25 17:12 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Chis\Downloads\tdsskiller.exe
2012-11-25 11:59 - 2012-11-25 11:59 - 00000000 ____D C:\Users\Chis\Downloads\mbar-1.01.0.1009
2012-11-25 11:58 - 2012-11-25 11:59 - 12961620 ____A C:\Users\Chis\Downloads\mbar-1.01.0.1009.zip
2012-11-25 11:49 - 2012-11-25 11:49 - 00046566 ____A C:\Users\Chis\Downloads\Extras.Txt
2012-11-25 11:48 - 2012-11-25 11:48 - 00068978 ____A C:\Users\Chis\Downloads\OTL.Txt
2012-11-25 11:42 - 2012-11-25 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\Chis\Desktop\OTL.exe
2012-11-25 11:02 - 2012-11-25 11:02 - 01009763 ____A C:\Users\Chis\Downloads\gm692.zip
2012-11-25 01:18 - 2012-11-25 01:18 - 00002814 ____A C:\Users\Chis\Desktop\RKreport[15]_S_11252012_02d0118.txt
2012-11-25 01:08 - 2012-11-25 01:08 - 00001088 ____A C:\AdwCleaner[R2].txt
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner(1).exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00001027 ____A C:\AdwCleaner[R1].txt
2012-11-25 01:01 - 2012-11-25 01:01 - 00000154 ____A C:\Users\Chis\Desktop\es.txt
2012-11-25 00:49 - 2012-11-25 00:49 - 00002776 ____A C:\Users\Chis\Desktop\RKreport[14]_S_11252012_02d0049.txt
2012-11-25 00:42 - 2012-11-25 00:42 - 00002738 ____A C:\Users\Chis\Desktop\RKreport[13]_S_11252012_02d0042.txt
2012-11-25 00:40 - 2012-11-25 00:40 - 00002120 ____A C:\scu.dat
2012-11-25 00:23 - 2012-11-25 00:23 - 00007517 ____A C:\Users\Chis\Desktop\hijackthis.log
2012-11-25 00:07 - 2012-11-25 00:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-25 00:06 - 2012-11-25 00:07 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu(1).exe
2012-11-24 23:45 - 2012-11-24 23:45 - 00637588 ____A C:\Users\Chis\Desktop\dds.pcapng
2012-11-24 23:45 - 2012-11-24 23:45 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Wireshark
2012-11-24 23:43 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-11-24 23:41 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files\Wireshark
2012-11-24 23:40 - 2012-11-24 23:40 - 00002255 ____A C:\Users\Chis\Desktop\RKreport[12]_S_11242012_02d2340.txt
2012-11-24 23:39 - 2012-11-24 23:40 - 01149932 ____A C:\Users\Chis\Downloads\Process1523Explorer.zip
2012-11-24 23:27 - 2012-07-27 03:50 - 00000304 ____A C:\Users\Chis\Downloads\Utilman-System entfernen.reg
2012-11-24 23:27 - 2012-07-27 03:49 - 00000392 ____A C:\Users\Chis\Downloads\Utilman-System.reg
2012-11-24 23:25 - 2012-11-24 23:25 - 00002133 ____A C:\Users\Chis\Desktop\RKreport[11]_S_11242012_02d2325.txt
2012-11-24 23:23 - 2012-11-24 23:24 - 26633976 ____A (Wireshark development team) C:\Users\Chis\Downloads\Wireshark-win64-1.8.3.exe
2012-11-24 23:20 - 2012-11-24 23:20 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-11-24 23:19 - 2012-11-24 23:19 - 01110476 ____A C:\Users\Chis\Downloads\7z920.exe
2012-11-24 23:19 - 2012-11-24 23:19 - 00000414 ____A C:\Users\Chis\Downloads\utilman-cmd-system.7z
2012-11-24 23:12 - 2012-11-24 23:12 - 00002093 ____A C:\Users\Chis\Desktop\RKreport[10]_S_11242012_02d2312.txt
2012-11-24 23:12 - 2012-11-24 23:12 - 00002054 ____A C:\Users\Chis\Desktop\RKreport[9]_S_11242012_02d2312.txt
2012-11-24 23:00 - 2012-11-24 23:00 - 00002017 ____A C:\Users\Chis\Desktop\RKreport[8]_S_11242012_02d2300.txt
2012-11-24 22:58 - 2012-11-24 22:58 - 00001222 ____A C:\Users\Chis\Desktop\RKreport[7]_DN_11242012_02d2258.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00002193 ____A C:\Users\Chis\Desktop\RKreport[5]_S_11242012_02d2257.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00001373 ____A C:\Users\Chis\Desktop\RKreport[6]_H_11242012_02d2257.txt
2012-11-24 21:57 - 2012-11-24 21:57 - 00001164 ____A C:\Users\Chis\Desktop\RKreport[4]_DN_11242012_02d2157.txt
2012-11-24 21:56 - 2012-11-24 21:56 - 00001301 ____A C:\Users\Chis\Desktop\RKreport[3]_H_11242012_02d2156.txt
2012-11-24 21:55 - 2012-11-24 21:55 - 00002485 ____A C:\Users\Chis\Desktop\RKreport[2]_D_11242012_02d2155.txt
2012-11-24 21:49 - 2012-11-24 21:49 - 00002377 ____A C:\Users\Chis\Desktop\RKreport[1]_S_11242012_02d2149.txt
2012-11-24 21:48 - 2012-11-27 11:01 - 00000000 ____D C:\Users\Chis\Desktop\RK_Quarantine
2012-11-24 21:46 - 2012-11-24 21:47 - 00752128 ____A C:\Users\Chis\Downloads\RogueKiller.exe
2012-11-24 21:39 - 2012-11-24 21:39 - 00000000 ____D C:\Users\Chis\AppData\Local\Aeria Games
2012-11-24 21:38 - 2012-11-24 21:38 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-11-24 21:10 - 2012-11-24 21:10 - 00475232 ____A (Aeria Games & Entertainment) C:\Users\Chis\Downloads\lastchaos_us_downloader.exe
2012-11-24 21:10 - 2012-11-24 21:10 - 00000000 ____D C:\Users\Chis\AppData\Local\Akamai
2012-11-24 20:55 - 2012-11-24 20:55 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu.exe
2012-11-24 18:20 - 2012-11-24 18:20 - 00001618 ____A C:\Users\Chis\Desktop\startup.txt
2012-11-24 17:08 - 2012-11-24 17:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 17:06 - 2012-11-24 17:08 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 17:06 - 2012-11-24 17:06 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 17:06 - 2012-11-24 17:06 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 17:05 - 2012-11-24 17:05 - 21139592 ____A (SUPERAntiSpyware.com) C:\Users\Chis\Downloads\SUPERAntiSpyware1012.exe
2012-11-24 17:02 - 2012-11-24 21:45 - 00007502 ____A C:\Users\Chis\Downloads\hijackthis.log
2012-11-24 17:01 - 2012-11-24 17:01 - 00388608 ____A (Trend Micro Inc.) C:\Users\Chis\Downloads\HiJackThis204.exe
2012-11-24 15:53 - 2012-11-24 15:53 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-24 14:24 - 2012-11-24 14:24 - 00000000 ____D C:\Users\Chis\Pc SAFE
2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-11-23 17:38 - 2012-11-23 17:38 - 923795456 ____A C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
2012-11-17 18:19 - 2012-11-27 08:17 - 00000000 ____D C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
2012-11-17 18:19 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\BonezMC
2012-11-04 11:25 - 2012-11-17 17:41 - 00000000 ____D C:\Users\Chis\Documents\StarCraft II
2012-11-04 11:25 - 2012-11-17 17:41 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-11-04 11:25 - 2012-11-04 11:25 - 00001148 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-11-04 11:25 - 2012-11-04 11:25 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-11-04 11:24 - 2012-11-04 11:24 - 00000000 ____D C:\Users\All Users\Battle.net
2012-11-04 11:21 - 2012-11-04 16:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\wargaming.net
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Games


==================== One Month Modified Files and Folders =======

2012-11-27 11:39 - 2012-11-27 11:39 - 00000000 ____D C:\FRST
2012-11-27 11:32 - 2012-11-26 09:29 - 00000672 ____A C:\Windows\setupact.log
2012-11-27 11:32 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-27 11:23 - 2012-08-10 12:52 - 01406321 ____A C:\Windows\WindowsUpdate.log
2012-11-27 11:20 - 2012-11-27 11:20 - 01461039 ____A (Farbar) C:\Users\Chis\Downloads\FRST64.exe
2012-11-27 11:19 - 2012-11-27 11:18 - 00003262 ____A C:\Users\Chis\Desktop\SystemLook.txt
2012-11-27 11:17 - 2012-11-27 11:17 - 00165376 ____A C:\Users\Chis\Desktop\SystemLook_x64.exe
2012-11-27 11:10 - 2012-07-03 14:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-27 11:01 - 2012-11-27 11:01 - 00002819 ____A C:\Users\Chis\Desktop\RKreport[17]_S_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-27 11:01 - 00001906 ____A C:\Users\Chis\Desktop\RKreport[16]_H_11272012_02d1101.txt
2012-11-27 11:01 - 2012-11-24 21:48 - 00000000 ____D C:\Users\Chis\Desktop\RK_Quarantine
2012-11-27 10:35 - 2009-07-14 05:45 - 00013216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-27 10:35 - 2009-07-14 05:45 - 00013216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-27 10:26 - 2012-11-27 10:26 - 00001504 ____A C:\Users\Chis\Desktop\beitrag.txt
2012-11-27 10:22 - 2012-11-27 10:22 - 00000194 ____A C:\Users\Chis\Desktop\hosts-perm.bat
2012-11-27 09:58 - 2012-11-26 16:43 - 00060852 ____A C:\Users\Chis\Desktop\OTL.Txt
2012-11-27 09:52 - 2012-11-27 09:52 - 00000888 ____A C:\Users\Chis\Desktop\11272012_094948.log
2012-11-27 09:50 - 2012-11-26 19:59 - 00002428 ____A C:\Windows\PFRO.log
2012-11-27 09:27 - 2012-11-27 09:27 - 00012482 ____A C:\ComboFix.txt
2012-11-27 09:27 - 2012-11-26 15:04 - 00000000 ____D C:\Qoobox
2012-11-27 09:26 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2012-11-27 09:18 - 2012-11-27 09:17 - 05007135 ____R (Swearware) C:\Users\Chis\Desktop\ComboFix.exe
2012-11-27 08:27 - 2012-11-27 08:21 - 1234456012 ____A C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
2012-11-27 08:17 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
2012-11-26 20:40 - 2012-11-26 20:40 - 00065592 ____A C:\Users\Chis\Downloads\memtest86+-4.20.exe.zip
2012-11-26 20:08 - 2012-07-05 21:19 - 00000000 ____D C:\Program Files (x86)\Steam
2012-11-26 20:07 - 2012-11-26 20:06 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-26 20:06 - 2012-07-03 14:19 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-26 20:06 - 2012-07-03 14:19 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-26 20:02 - 2012-11-26 20:02 - 00998456 ____A (Solid State Networks) C:\Users\Chis\Downloads\install_flashplayer11x32_mssd_aih(1).exe
2012-11-26 20:02 - 2012-11-26 20:02 - 00003420 ____A C:\Users\Chis\Desktop\11262012_195807.log
2012-11-26 19:58 - 2012-11-26 19:58 - 00000000 ____D C:\_OTL
2012-11-26 19:52 - 2012-11-26 19:52 - 00005142 ____A C:\Users\Chis\Desktop\JRT.txt
2012-11-26 19:46 - 2012-11-26 19:46 - 00000000 ____D C:\Windows\ERUNT
2012-11-26 19:45 - 2012-11-26 19:45 - 00909379 ____A C:\Users\Chis\Desktop\JRT.exe
2012-11-26 19:45 - 2012-11-26 19:45 - 00000000 ____D C:\JRT
2012-11-26 19:44 - 2012-11-26 19:44 - 00001147 ____A C:\AdwCleaner[R3].txt
2012-11-26 17:46 - 2012-07-08 23:32 - 00000000 ____D C:\Users\Chis\AppData\Roaming\TS3Client
2012-11-26 15:12 - 2009-07-14 04:20 - 00000000 __RHD C:\users\Default
2012-11-26 15:11 - 2012-11-26 15:04 - 00000000 ____D C:\Windows\erdnt
2012-11-26 15:04 - 2012-11-26 15:03 - 05006963 ____R (Swearware) C:\Users\Chis\Downloads\ComboFix.exe
2012-11-26 13:22 - 2012-11-26 13:22 - 00685454 ____A C:\Users\Chis\Downloads\win98boot.zip
2012-11-26 13:00 - 2012-11-26 13:00 - 00000000 ____A C:\Users\Chis\Desktop\passbilder....txt
2012-11-26 09:31 - 2012-11-26 09:31 - 00000000 ____D C:\Windows\pss
2012-11-26 09:29 - 2012-11-26 09:29 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 09:26 - 2012-11-26 09:26 - 00001886 ____A C:\Users\Chis\Desktop\aswMBR.txt
2012-11-26 09:26 - 2012-11-26 09:26 - 00000512 ____A C:\Users\Chis\Desktop\MBR.dat
2012-11-25 17:32 - 2012-11-25 17:32 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3(1).exe
2012-11-25 17:31 - 2012-11-25 17:31 - 00098304 ____A (Hewlett-Packard Company) C:\Users\Chis\Downloads\HPUSBFW_v2.2.3.exe
2012-11-25 17:13 - 2012-11-25 17:12 - 04732416 ____A (AVAST Software) C:\Users\Chis\Downloads\aswMBR.exe
2012-11-25 17:12 - 2012-11-25 17:11 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Chis\Downloads\tdsskiller.exe
2012-11-25 13:30 - 2009-07-14 18:58 - 00698926 ____A C:\Windows\System32\perfh007.dat
2012-11-25 13:30 - 2009-07-14 18:58 - 00149034 ____A C:\Windows\System32\perfc007.dat
2012-11-25 13:30 - 2009-07-14 06:13 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-25 11:59 - 2012-11-25 11:59 - 00000000 ____D C:\Users\Chis\Downloads\mbar-1.01.0.1009
2012-11-25 11:59 - 2012-11-25 11:58 - 12961620 ____A C:\Users\Chis\Downloads\mbar-1.01.0.1009.zip
2012-11-25 11:49 - 2012-11-25 11:49 - 00046566 ____A C:\Users\Chis\Downloads\Extras.Txt
2012-11-25 11:48 - 2012-11-25 11:48 - 00068978 ____A C:\Users\Chis\Downloads\OTL.Txt
2012-11-25 11:42 - 2012-11-25 11:42 - 00602112 ____A (OldTimer Tools) C:\Users\Chis\Desktop\OTL.exe
2012-11-25 11:02 - 2012-11-25 11:02 - 01009763 ____A C:\Users\Chis\Downloads\gm692.zip
2012-11-25 02:05 - 2012-07-04 19:09 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Skype
2012-11-25 01:18 - 2012-11-25 01:18 - 00002814 ____A C:\Users\Chis\Desktop\RKreport[15]_S_11252012_02d0118.txt
2012-11-25 01:08 - 2012-11-25 01:08 - 00001088 ____A C:\AdwCleaner[R2].txt
2012-11-25 01:06 - 2012-11-26 19:43 - 00480125 ____A C:\Users\Chis\Desktop\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner.exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00480125 ____A C:\Users\Chis\Downloads\adwcleaner(1).exe
2012-11-25 01:06 - 2012-11-25 01:06 - 00001027 ____A C:\AdwCleaner[R1].txt
2012-11-25 01:01 - 2012-11-25 01:01 - 00000154 ____A C:\Users\Chis\Desktop\es.txt
2012-11-25 00:49 - 2012-11-25 00:49 - 00002776 ____A C:\Users\Chis\Desktop\RKreport[14]_S_11252012_02d0049.txt
2012-11-25 00:42 - 2012-11-25 00:42 - 00002738 ____A C:\Users\Chis\Desktop\RKreport[13]_S_11252012_02d0042.txt
2012-11-25 00:40 - 2012-11-25 00:40 - 00002120 ____A C:\scu.dat
2012-11-25 00:23 - 2012-11-25 00:23 - 00007517 ____A C:\Users\Chis\Desktop\hijackthis.log
2012-11-25 00:07 - 2012-11-25 00:07 - 00000000 ____D C:\Program Files (x86)\ESET
2012-11-25 00:07 - 2012-11-25 00:06 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu(1).exe
2012-11-24 23:45 - 2012-11-24 23:45 - 00637588 ____A C:\Users\Chis\Desktop\dds.pcapng
2012-11-24 23:45 - 2012-11-24 23:45 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Wireshark
2012-11-24 23:43 - 2012-11-24 23:43 - 00000000 ____D C:\Program Files (x86)\WinPcap
2012-11-24 23:43 - 2012-11-24 23:41 - 00000000 ____D C:\Program Files\Wireshark
2012-11-24 23:40 - 2012-11-24 23:40 - 00002255 ____A C:\Users\Chis\Desktop\RKreport[12]_S_11242012_02d2340.txt
2012-11-24 23:40 - 2012-11-24 23:39 - 01149932 ____A C:\Users\Chis\Downloads\Process1523Explorer.zip
2012-11-24 23:25 - 2012-11-24 23:25 - 00002133 ____A C:\Users\Chis\Desktop\RKreport[11]_S_11242012_02d2325.txt
2012-11-24 23:24 - 2012-11-24 23:23 - 26633976 ____A (Wireshark development team) C:\Users\Chis\Downloads\Wireshark-win64-1.8.3.exe
2012-11-24 23:20 - 2012-11-24 23:20 - 00000000 ____D C:\Program Files (x86)\7-Zip
2012-11-24 23:19 - 2012-11-24 23:19 - 01110476 ____A C:\Users\Chis\Downloads\7z920.exe
2012-11-24 23:19 - 2012-11-24 23:19 - 00000414 ____A C:\Users\Chis\Downloads\utilman-cmd-system.7z
2012-11-24 23:12 - 2012-11-24 23:12 - 00002093 ____A C:\Users\Chis\Desktop\RKreport[10]_S_11242012_02d2312.txt
2012-11-24 23:12 - 2012-11-24 23:12 - 00002054 ____A C:\Users\Chis\Desktop\RKreport[9]_S_11242012_02d2312.txt
2012-11-24 23:00 - 2012-11-24 23:00 - 00002017 ____A C:\Users\Chis\Desktop\RKreport[8]_S_11242012_02d2300.txt
2012-11-24 22:58 - 2012-11-24 22:58 - 00001222 ____A C:\Users\Chis\Desktop\RKreport[7]_DN_11242012_02d2258.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00002193 ____A C:\Users\Chis\Desktop\RKreport[5]_S_11242012_02d2257.txt
2012-11-24 22:57 - 2012-11-24 22:57 - 00001373 ____A C:\Users\Chis\Desktop\RKreport[6]_H_11242012_02d2257.txt
2012-11-24 21:57 - 2012-11-24 21:57 - 00001164 ____A C:\Users\Chis\Desktop\RKreport[4]_DN_11242012_02d2157.txt
2012-11-24 21:56 - 2012-11-24 21:56 - 00001301 ____A C:\Users\Chis\Desktop\RKreport[3]_H_11242012_02d2156.txt
2012-11-24 21:55 - 2012-11-24 21:55 - 00002485 ____A C:\Users\Chis\Desktop\RKreport[2]_D_11242012_02d2155.txt
2012-11-24 21:49 - 2012-11-24 21:49 - 00002377 ____A C:\Users\Chis\Desktop\RKreport[1]_S_11242012_02d2149.txt
2012-11-24 21:47 - 2012-11-24 21:46 - 00752128 ____A C:\Users\Chis\Downloads\RogueKiller.exe
2012-11-24 21:45 - 2012-11-24 17:02 - 00007502 ____A C:\Users\Chis\Downloads\hijackthis.log
2012-11-24 21:39 - 2012-11-24 21:39 - 00000000 ____D C:\Users\Chis\AppData\Local\Aeria Games
2012-11-24 21:38 - 2012-11-24 21:38 - 00000000 ____D C:\Users\All Users\Aeria Games
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
2012-11-24 21:22 - 2012-11-24 21:22 - 00000000 ____D C:\Program Files (x86)\Aeria Games
2012-11-24 21:10 - 2012-11-24 21:10 - 00475232 ____A (Aeria Games & Entertainment) C:\Users\Chis\Downloads\lastchaos_us_downloader.exe
2012-11-24 21:10 - 2012-11-24 21:10 - 00000000 ____D C:\Users\Chis\AppData\Local\Akamai
2012-11-24 20:55 - 2012-11-24 20:55 - 02322184 ____A (ESET) C:\Users\Chis\Downloads\esetsmartinstaller_deu.exe
2012-11-24 18:20 - 2012-11-24 18:20 - 00001618 ____A C:\Users\Chis\Desktop\startup.txt
2012-11-24 17:08 - 2012-11-24 17:08 - 00000000 ____D C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
2012-11-24 17:08 - 2012-11-24 17:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-11-24 17:06 - 2012-11-24 17:06 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-11-24 17:06 - 2012-11-24 17:06 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-11-24 17:05 - 2012-11-24 17:05 - 21139592 ____A (SUPERAntiSpyware.com) C:\Users\Chis\Downloads\SUPERAntiSpyware1012.exe
2012-11-24 17:01 - 2012-11-24 17:01 - 00388608 ____A (Trend Micro Inc.) C:\Users\Chis\Downloads\HiJackThis204.exe
2012-11-24 17:01 - 2012-07-05 16:07 - 00000000 ____D C:\Users\Public\Darkest of Days
2012-11-24 17:01 - 2012-07-03 14:12 - 00000000 ____D C:\Users\Chis\AppData\Local\VirtualStore
2012-11-24 15:53 - 2012-11-24 15:53 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-24 15:53 - 2012-11-24 15:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-24 14:24 - 2012-11-24 14:24 - 00000000 ____D C:\Users\Chis\Pc SAFE
2012-11-24 14:24 - 2012-07-03 14:12 - 00000000 ____D C:\users\Chis
2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-11-23 22:36 - 2012-08-10 12:55 - 00000000 ____D C:\Users\Chis\AppData\Local\Google
2012-11-23 17:55 - 2012-10-06 14:24 - 00000000 ____D C:\Users\Chis\Desktop\Mugge
2012-11-23 17:55 - 2012-10-06 14:12 - 00000000 ____D C:\Users\Chis\Desktop\Mails
2012-11-23 17:55 - 2012-10-06 13:45 - 00000000 ____D C:\Users\Chis\Desktop\Bewerbungen Christian
2012-11-23 17:55 - 2012-02-15 15:42 - 00000000 ____D C:\Users\Chis\Desktop\bewerb
2012-11-23 17:38 - 2012-11-23 17:38 - 923795456 ____A C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
2012-11-17 18:19 - 2012-11-17 18:19 - 00000000 ____D C:\Users\Chis\Desktop\BonezMC
2012-11-17 17:41 - 2012-11-04 11:25 - 00000000 ____D C:\Users\Chis\Documents\StarCraft II
2012-11-17 17:41 - 2012-11-04 11:25 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2012-11-08 16:07 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2012-11-04 16:08 - 2012-11-04 11:21 - 00000000 ____D C:\Users\Chis\AppData\Roaming\wargaming.net
2012-11-04 11:25 - 2012-11-04 11:25 - 00001148 ____A C:\Users\Public\Desktop\StarCraft II.lnk
2012-11-04 11:25 - 2012-11-04 11:25 - 00000000 ____D C:\Users\All Users\Blizzard Entertainment
2012-11-04 11:24 - 2012-11-04 11:24 - 00000000 ____D C:\Users\All Users\Battle.net
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-11-04 11:20 - 2012-11-04 11:20 - 00000000 ____D C:\Games

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2012-11-23 18:50:26
Restore point made on: 2012-11-24 16:01:35
Restore point made on: 2012-11-24 16:18:22
Restore point made on: 2012-11-24 17:01:18
Restore point made on: 2012-11-26 15:05:12

==================== Memory info =========================== 

Percentage of memory in use: 14%
Total physical RAM: 4092.96 MB
Available physical RAM: 3505.38 MB
Total Pagefile: 4091.11 MB
Available Pagefile: 3488.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:226.53 GB) (Free:148.05 GB) NTFS
3 Drive f: (GRMCHPFRER_DE_DVD) (CDROM) (Total:2.29 GB) (Free:0 GB) UDF
4 Drive g: (BOOT) (Removable) (Total:1.79 GB) (Free:1.79 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:223 GB) (Free:222.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          465 GB      0 B         
  Datentr„ger 1    Online         1840 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r              12 GB  1024 KB
  Partition 2    Prim„r             226 GB    12 GB
  Partition 3    Prim„r             223 GB   239 GB
  Partition 4    OEM               3620 MB   462 GB

==================================================================================

Disk: 0
Partition 1
Typ      : 06
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     D                RAW    Partition     12 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 2
Typ      : 07
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     C                NTFS   Partition    226 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 3
Typ      : 07
Versteckt: Nein
Aktiv    : Ja

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     Y                NTFS   Partition    223 GB  Fehlerfre          

=========================================================

Disk: 0
Partition 4
Typ      : 12
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      NTFS   Partition   3620 MB  Fehlerfre  Versteck

=========================================================

Disk: 0
Partition 4
Typ      : 12
Versteckt: Ja
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 5                      NTFS   Partition   3620 MB  Fehlerfre  Versteck

=========================================================

Partitions of Disk 1:
===============

  Partition ###  Typ               Gr”áe    Offset
  -------------  ----------------  -------  -------
  Partition 1    Prim„r            1839 MB    31 KB

==================================================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   BOOT         FAT32  Wechselmed  1839 MB  Fehlerfre          

=========================================================

Disk: 1
Partition 1
Typ      : 0C
Versteckt: Nein
Aktiv    : Nein

  Volume ###  Bst  Bezeichnung  DS     Typ         Gr”áe    Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 4     G   BOOT         FAT32  Wechselmed  1839 MB  Fehlerfre          

=========================================================

Last Boot: 2012-11-25 14:08

==================== End Of Log =============================

M-K-D-B · 27.11.2012, 12:29

Servus,

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

2012-11-24 14:14 - 2012-11-24 14:14 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
C:\Windows\SysNative\drivers\etc\hosts
C:\Windows\System32\drivers\etc\hosts
Folder: C:\Windows\System32\drivers\etc
Folder: C:\Windows\SysNative\drivers\etc

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

B29Korn · 27.11.2012, 12:46

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-11-27 12:42:52 Run:1
Running from G:\

==============================================

C:\Windows\System32\Drivers\etc\hosts.txt moved successfully.
C:\Windows\SysNative\drivers\etc\hosts not found.
C:\Windows\System32\drivers\etc\hosts moved successfully.

========================= Folder: C:\Windows\System32\drivers\etc ========================

2009-07-14 03:35 - 2009-06-10 22:00 - 0003683 ____A () C:\Windows\System32\drivers\etc\lmhosts.sam
2009-07-14 03:34 - 2009-06-10 22:00 - 0000407 ____A () C:\Windows\System32\drivers\etc\networks
2009-07-14 03:34 - 2009-06-10 22:00 - 0001358 ____A () C:\Windows\System32\drivers\etc\protocol
2009-07-14 03:34 - 2009-06-10 22:00 - 0017463 ____A () C:\Windows\System32\drivers\etc\services

====== End of Folder: ======

========================= Folder: C:\Windows\SysNative\drivers\etc ========================

Directory Not Found

====== End of Folder: ======

==== End of Fixlog ====

M-K-D-B · 27.11.2012, 14:45

Servus,

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

B29Korn · 27.11.2012, 15:10

Code:

ATTFilter

OTL logfile created on: 27.11.2012 15:03:53 - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 63,20% Memory free
7,99 Gb Paging File | 6,13 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 147,87 Gb Free Space | 65,28% Space Free | Partition Type: NTFS
Drive F: | 1,79 Gb Total Space | 1,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe (Adobe Systems, Inc.)
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 AA 3E 11 7A CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.27 07:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.26 20:32:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
Hosts file not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 11:39:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012.11.27 09:51:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.27 09:26:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.27 09:17:44 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.27 14:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 12:51:59 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:51:59 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 12:44:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.27 12:44:41 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.27 11:17:28 | 000,165,376 | ---- | M] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | M] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 09:18:01 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.27 08:27:00 | 1234,456,012 | ---- | M] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | M] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 11:17:27 | 000,165,376 | ---- | C] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | C] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 08:21:16 | 1234,456,012 | ---- | C] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | C] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B · 27.11.2012, 17:47

Servus,

so, jetzt legen wir eine neue hosts Datei an:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Commands
[resethosts]
[reboot]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Bekommst du immer noch unerwünschte Werbung?
Wenn ja, in welchem Browser?

Bitte poste mit deiner nächsten Antwort

die Logdatei des OTL-Fix,
die Logdatei des neuen OTL-Scans,
die Beantwortung der gestellten Fragen.

B29Korn · 29.11.2012, 17:38

Hey, nein ich bekomme keine Werbeeinblendungen mehr! Vielen Dank schonmal!!

Log

Code:

ATTFilter

========== COMMANDS ==========
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11292012_172926

und vom Scan

Code:

ATTFilter

OTL logfile created on: 29.11.2012 17:32:23 - Run 6
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Chis\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,78% Memory free
7,99 Gb Paging File | 6,66 Gb Available in Paging File | 83,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226,53 Gb Total Space | 147,53 Gb Free Space | 65,13% Space Free | Partition Type: NTFS
Drive F: | 1,79 Gb Total Space | 1,79 Gb Free Space | 99,92% Space Free | Partition Type: FAT32
 
Computer Name: CHRIS | User Name: Chis | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Chis\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
PRC - C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Program Files (x86)\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe ()
SRV - (rpcapd) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ewusbnet) -- C:\Windows\SysWOW64\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ew_hwusbdev) -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 AA 3E 11 7A CC CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.24 15:53:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.07.03 14:39:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Extensions
[2012.11.27 07:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\Firefox\Profiles\ha2ube1i.default\extensions
[2012.11.24 16:01:17 | 000,530,519 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.26 20:32:25 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Chis\AppData\Roaming\mozilla\firefox\profiles\ha2ube1i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.24 15:53:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.20 07:17:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.20 08:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.20 08:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.20 08:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.20 08:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.20 08:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.20 08:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chis\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chis\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2012.11.29 17:29:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05218312-76DA-4793-BBF9-3A306F064BE8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8CD4DB1-850C-478E-8029-8CEC3557DAAC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.27 11:39:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012.11.27 09:51:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.11.27 09:26:15 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.11.27 09:17:44 | 005,007,135 | R--- | C] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.26 20:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.11.26 19:58:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.11.26 19:46:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.11.26 19:45:37 | 000,000,000 | ---D | C] -- C:\JRT
[2012.11.26 15:04:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.11.26 15:04:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.11.26 15:04:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.11.26 15:04:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.11.26 15:04:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.11.26 09:31:09 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.11.25 11:42:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 00:07:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.24 23:45:25 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Wireshark
[2012.11.24 23:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012.11.24 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012.11.24 23:41:54 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.11.24 23:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.11.24 21:48:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\RK_Quarantine
[2012.11.24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Aeria Games
[2012.11.24 21:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2012.11.24 21:37:07 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2012.11.24 21:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2012.11.24 21:22:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.11.24 21:10:26 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Local\Akamai
[2012.11.24 17:08:41 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\SUPERAntiSpyware.com
[2012.11.24 17:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.11.24 17:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.11.24 15:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.11.24 15:53:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.24 14:24:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Pc SAFE
[2012.11.17 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\BonezMC
[2012.11.17 18:19:16 | 000,000,000 | ---D | C] -- C:\Users\Chis\Desktop\Imbiss_Bronko-Fettsack_4_Life-DE-2012-VOiCE
[2012.11.04 11:28:46 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Users\Chis\Documents\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012.11.04 11:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012.11.04 11:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012.11.04 11:21:23 | 000,000,000 | ---D | C] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks
[2012.11.04 11:20:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.11.04 11:20:47 | 000,000,000 | ---D | C] -- C:\Games
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.29 17:30:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.29 17:30:18 | 3218,837,504 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.29 17:29:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:29:36 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.29 17:29:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012.11.29 12:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.27 11:17:28 | 000,165,376 | ---- | M] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | M] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 09:18:01 | 005,007,135 | R--- | M] (Swearware) -- C:\Users\Chis\Desktop\ComboFix.exe
[2012.11.27 08:27:00 | 1234,456,012 | ---- | M] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | M] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:30 | 000,909,379 | ---- | M] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 09:26:33 | 000,000,512 | ---- | M] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 13:30:36 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.25 13:30:36 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.25 13:30:36 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.25 13:30:36 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.25 13:30:36 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.25 11:42:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chis\Desktop\OTL.exe
[2012.11.25 11:40:50 | 000,271,101 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.25 11:18:10 | 000,309,424 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.25 01:06:20 | 000,480,125 | ---- | M] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.25 00:40:18 | 001,120,018 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | M] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | M] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 20:06:34 | 000,275,070 | ---- | M] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.23 17:38:24 | 923,795,456 | ---- | M] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:20:03 | 000,262,039 | ---- | M] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | M] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:26 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.27 11:17:27 | 000,165,376 | ---- | C] () -- C:\Users\Chis\Desktop\SystemLook_x64.exe
[2012.11.27 10:22:29 | 000,000,194 | ---- | C] () -- C:\Users\Chis\Desktop\hosts-perm.bat
[2012.11.27 08:21:16 | 1234,456,012 | ---- | C] () -- C:\Users\Chis\Desktop\TeritoriaEP2FullClient.rar
[2012.11.26 20:46:12 | 000,021,080 | ---- | C] () -- C:\Users\Chis\Desktop\rage.png
[2012.11.26 19:45:26 | 000,909,379 | ---- | C] () -- C:\Users\Chis\Desktop\JRT.exe
[2012.11.26 19:43:50 | 000,480,125 | ---- | C] () -- C:\Users\Chis\Desktop\adwcleaner.exe
[2012.11.26 15:04:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.11.26 15:04:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.11.26 15:04:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.11.26 15:04:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.11.26 15:04:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.11.26 12:47:51 | 000,309,424 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0256.JPG
[2012.11.26 12:47:50 | 000,271,101 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0257.JPG
[2012.11.26 09:26:33 | 000,000,512 | ---- | C] () -- C:\Users\Chis\Desktop\MBR.dat
[2012.11.25 00:40:17 | 001,120,018 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt222.png
[2012.11.25 00:40:16 | 000,002,120 | ---- | C] () -- C:\scu.dat
[2012.11.24 23:45:25 | 000,637,588 | ---- | C] () -- C:\Users\Chis\Desktop\dds.pcapng
[2012.11.24 23:42:18 | 000,001,541 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2012.11.24 20:08:05 | 000,275,070 | ---- | C] () -- C:\Users\Chis\Desktop\IMG_0255.JPG
[2012.11.24 17:06:37 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.11.24 15:53:12 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.24 15:53:11 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.11.23 17:38:50 | 923,795,456 | ---- | C] () -- C:\Users\Chis\Desktop\linuxmint-14-cinnamon-dvd-64bit.iso
[2012.11.17 16:19:58 | 000,262,039 | ---- | C] () -- C:\Users\Chis\Desktop\ChristianWUHU.jpg
[2012.11.04 18:33:51 | 002,062,526 | ---- | C] () -- C:\Users\Chis\Desktop\Unbenannt.png
[2012.11.04 11:25:22 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012.09.27 12:31:06 | 001,559,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.08 11:27:19 | 000,000,680 | RHS- | C] () -- C:\Users\Chis\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2009.07.14 02:41:54 | 014,161,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.10 07:28:26 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\.minecraft
[2012.11.24 21:22:41 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Aeria Games & Entertainment
[2012.07.13 08:56:51 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ALDITALKVerbindungsassistent
[2012.08.21 10:54:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\LolClient
[2012.09.10 12:11:50 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\OpenOffice.org
[2012.07.05 16:18:48 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\ProtectDisc
[2012.11.26 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\TS3Client
[2012.11.04 16:08:42 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\wargaming.net
[2012.11.24 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Chis\AppData\Roaming\Wireshark
 
========== Purity Check ==========
 
 

< End of report >

M-K-D-B · 29.11.2012, 19:04

Servus,

Schritt 1

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 04.12.2012, 16:34

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

27.11.2012, 10:49	#18
M-K-D-B /// TB-Ausbilder	Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei Servus, Starte das Tool RogueKiller. Warte bis der Prescan abgeschlossen ist. Klicke auf Hosts reparieren Schließe das Programm, starte es erneut und klicke nach dem Prescan auf Scannen. Klicke abschließend auf Bericht und poste mir die Logdatei. __________________

27.11.2012, 14:45	#24
M-K-D-B /// TB-Ausbilder	Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei Servus, Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread.

Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei

Plagegeister aller Art und deren Bekämpfung: Rootkit? Werbeeinblendungen und Wiederkehrende Änderung der Host-Datei