Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.05.2013, 18:28   #1
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Hallo,
mein Problem ist folgendes: Seit einigen Tagen verhält sich mein Computer beim Starten manchmal sehr merkwürdig. Nachdem ich das Benutzerkonto ausgewählt habe, starten alle Autostartprogramme in der Seitenleiste ganz normal, wenn ich jetzt allerdings versuche ein Programm in der Schnellstartleiste zu starten dann friert diese und das komplette Startmenü komplett ein. Dies bleibt dann ca für 30 Sekunden so. Danach kommt für kurze Zeit der Ladecursor und die Markierung für ein gestartetes Programm in der Taskleiste verschwindet wieder. Wenn ich nun versuche den Taskmanager zu öffnen, dann braucht dieser ebenfalls sehr lange zu laden und nachdem er geöffnet ist braucht er noch weiter sehr lange Zeit um die Prozesse anzuzeigen. Über die gesamte Zeit ist allerdings die cpu-Auslastung im Taskmanager sehr niedrig. Dieser Zustand hält ungefähr 1-5 Minuten an und anschließend funktioniert der Computer wieder einwandfrei. Dies passiert aber nicht bei jedem Start, manchmal kann ich auch direkt Programme ohne Probleme öffnen.
Da ich nichts zu diesem Problem im Internet gefunden habe, bin ich besorgt dass es sich hierbei um ein durch Malware verursachtes Problem handelt.
Ich habe den Computer bereits mit dem Virenscanner von Kaspersky Internet Security und mbam untersucht. Beide Programme haben nichts gefunden.

Nachfolgend sind die OTL-logs:
OTL.txt
Code:
ATTFilter
OTL logfile created on: 08.05.2013 18:51:59 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Normal\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 14,19 Gb Available Physical Memory | 88,93% Memory free
31,92 Gb Paging File | 30,09 Gb Available in Paging File | 94,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,27 Gb Total Space | 41,98 Gb Free Space | 42,72% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 2,89 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive F: | 154,75 Gb Total Space | 8,90 Gb Free Space | 5,75% Space Free | Partition Type: NTFS
Drive G: | 586,91 Gb Total Space | 496,65 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Drive H: | 585,94 Gb Total Space | 581,21 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive J: | 591,80 Gb Total Space | 591,69 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: L-PC | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 18:28:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Normal\Desktop\OTL.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.05 14:38:44 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.02.07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.02.07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.07 18:27:24 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.26 19:40:44 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.25 00:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll
MOD - [2011.04.25 00:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll
MOD - [2011.04.25 00:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll
MOD - [2011.04.25 00:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll
MOD - [2011.04.25 00:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll
MOD - [2011.04.25 00:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll
MOD - [2011.04.20 20:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.05 14:38:44 | 000,206,448 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -- (AVP)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.07 18:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.07 18:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.07 18:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.07 18:27:24 | 000,121,344 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.05 14:47:41 | 000,637,272 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.26 19:39:34 | 000,787,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.01.26 19:39:34 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.01.26 19:39:34 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011.11.29 20:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.09.21 18:56:24 | 000,049,760 | ---- | M] (Asmedia Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\asahci64.sys -- (asahci64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 14:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 14:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.11.02 21:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 94 0D 00 44 EB CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.08 17:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.05 14:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions
[2013.01.05 14:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Firefox\Profiles\pwnmohpf.default\extensions
[2013.01.05 14:58:12 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\L\AppData\Roaming\mozilla\firefox\profiles\pwnmohpf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 17:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDBF6B2A-3B09-4B59-AAB5-EF020D82C77A}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O33 - MountPoints2\{1a8b0755-572d-11e2-b721-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1a8b0755-572d-11e2-b721-806e6f6e6963}\Shell\AutoRun\command - "" = I:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 13:07:28 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\Malwarebytes
[2013.05.08 13:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.26 21:38:06 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.04.23 21:24:56 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\TERA
[2013.04.23 21:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.04.23 14:16:43 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Gameforge4d
[2013.04.23 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Programs
[2013.04.20 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.04.20 17:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.04.20 15:37:19 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.16 14:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 18:49:32 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.05.08 18:49:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 18:48:56 | 4261,769,214 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 18:30:27 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 18:30:27 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 18:27:59 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.08 18:27:59 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.08 18:27:59 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.08 18:27:59 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.08 18:27:59 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.08 17:48:07 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.05.08 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.04.30 16:45:02 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 16:45:02 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.29 15:54:36 | 000,000,594 | ---- | M] () -- C:\Users\L\Desktop\Neverwinter.lnk
[2013.04.26 21:38:14 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.04.26 21:38:06 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.04.23 21:24:45 | 000,000,655 | ---- | M] () -- C:\Users\L\Desktop\TERA.lnk
[2013.04.20 17:17:56 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2013.04.20 15:38:00 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.20 15:38:00 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.20 15:38:00 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.04.10 18:49:46 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.08 17:48:07 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.08 17:48:07 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.30 16:45:02 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 16:45:02 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.29 15:54:36 | 000,000,594 | ---- | C] () -- C:\Users\L\Desktop\Neverwinter.lnk
[2013.04.26 21:38:14 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.04.23 21:24:46 | 000,000,655 | ---- | C] () -- C:\Users\L\Desktop\TERA.lnk
[2013.04.20 17:17:53 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2013.04.20 15:38:00 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.20 15:38:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.20 15:38:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.03.26 14:49:04 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.05 14:35:00 | 000,017,408 | ---- | C] () -- C:\Users\L\AppData\Local\WebpageIcons.db
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.20 17:35:22 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Awesomium
[2013.01.09 00:44:19 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\Notepad++
[2013.04.23 21:24:56 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\TERA
[2013.03.11 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\L\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 08.05.2013 18:30:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Normal\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,93 Gb Available Physical Memory | 87,26% Memory free
31,92 Gb Paging File | 29,77 Gb Available in Paging File | 93,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,27 Gb Total Space | 42,19 Gb Free Space | 42,94% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 2,89 Gb Free Space | 14,80% Space Free | Partition Type: NTFS
Drive F: | 154,75 Gb Total Space | 8,90 Gb Free Space | 5,75% Space Free | Partition Type: NTFS
Drive G: | 586,91 Gb Total Space | 496,65 Gb Free Space | 84,62% Space Free | Partition Type: NTFS
Drive H: | 585,94 Gb Total Space | 581,21 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive J: | 591,80 Gb Total Space | 591,69 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: L-PC | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12BDC005-1A77-46A8-8719-ECF6A3BE3AC2}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe | 
"{139B55BB-DAD7-47C4-9B84-540BFD9085CF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{37666034-483A-44F3-88F6-EB56987626A7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{4FED902C-0C73-4DA6-BD38-68A33E7D3347}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5935306A-496C-4699-AA8E-208794E4B643}" = protocol=6 | dir=in | app=h:\udk\binaries\win64\udk.exe | 
"{5D9A2AEE-CC07-47D2-B79C-3FBBE7A5BA81}" = protocol=6 | dir=in | app=h:\udk\binaries\win32\udk.exe | 
"{74149502-3491-49AF-B91A-13CAF82EC12F}" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"{816AF934-9D8E-4009-85BF-2BED8B9CE398}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{95921710-FD27-49E8-B5F6-DE7656AA2A46}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{A1288144-B82E-4F28-B6D3-D6F37D706455}" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"{A40F01EC-7FC0-41A2-8300-904BB8F47218}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{AC8BD4B4-78B8-4281-B8EB-ADD8C66005E8}" = protocol=17 | dir=in | app=h:\udk\binaries\win32\udk.exe | 
"{B2CF6F0F-1388-47A7-B2E6-8DC606140006}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BE3CDE59-F2AA-4EBD-89E0-97E2F463F45F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{C56A6FE5-0694-44BE-B61F-ABE726A1719C}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe | 
"{D0CA0E8F-DBEC-4A72-90C7-D41085AF0AB8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{DEFDA135-BC17-46C7-B6AE-BBDA381708FF}" = protocol=17 | dir=in | app=h:\udk\binaries\win64\udk.exe | 
"{E0AC2AB8-DA3D-4221-84DD-FEC5A301F482}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{F0A811CA-41CC-4B2C-A081-5F0A3D801DD8}" = protocol=58 | dir=in | app=system | 
"{F8A9B413-3773-49C1-9C6A-0B54F905BB70}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{FBD76034-1E6A-4764-8DF3-5493DA43ADD7}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FEE96AFD-0B47-4A90-A16A-F3175686BD77}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-7b2bcc80-9e8b-4359-81de-ab68dc123bce" = Unreal Development Kit: 2013-02
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Diablo II" = Diablo II
"FlashDevelop" = FlashDevelop 4.3.0
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 105600" = Terraria
"Steam App 230410" = Warframe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2013 04:50:25 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 07:47:29 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 10:01:47 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 12:18:51 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 12:32:14 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 06:48:06 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 06:57:48 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 07:06:29 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 08:04:20 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 12:00:13 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 07.05.2013 07:49:12 | Computer Name = L-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 07.05.2013 10:07:01 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 07.05.2013 10:07:01 | Computer Name = L-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 07.05.2013 12:19:13 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 07.05.2013 12:19:52 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
Error - 07.05.2013 12:20:31 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 07.05.2013 12:20:31 | Computer Name = L-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 07.05.2013 12:28:34 | Computer Name = L-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?07.?05.?2013 um 18:27:23 unerwartet heruntergefahren.
 
Error - 07.05.2013 12:31:22 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
 
Error - 07.05.2013 12:32:02 | Computer Name = L-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft .NET Framework NGEN v4.0.30319_X64 erreicht.
 
 
< End of report >
         
Ich würde mich sehr über eure Hilfe freuen.

Geändert von Trydus (08.05.2013 um 18:55 Uhr)

Alt 08.05.2013, 23:03   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Hallo und

Zitat:
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?


Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 09.05.2013, 00:42   #3
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Zitat:
Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
Ich habe das Betriebssystem über das Dreamspark Programm von Microsoft durch meine Universität kostenlos gekriegt. Dort hatte ich die Auswahl und habe dann die Professional-Version gewählt.

Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Nein die Virenscanner sind niemals fündig geworden. Allerdings kann ich mir das Verhalten nicht erklären und möchte gerne die Möglichkeit der Malwareinfektion ausschließen.
__________________

Alt 09.05.2013, 01:29   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Ok, danke für die Erklärung

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 11:45   #5
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Gmer.log:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-09 12:27:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST2000DM001-1CH164 rev.CC24 1863,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\L\AppData\Local\Temp\pgddapog.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075831465 2 bytes [83, 75]
.text  C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[3560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000758314bb 2 bytes [83, 75]
.text  ...                                                                                                                                      * 2

---- EOF - GMER 2.1 ----
         
Wenn ich bei dem Malwarebytes Anti-Rootkit auf Scan klicke kommt folgende Fehlermeldung:
Code:
ATTFilter
The system volume seems inaccessible or encrypted. Scan can't continue.
         
Und in der system-log.txt steht:
Code:
ATTFilter
<<<2>>>
Can't get device number
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
Can't get device number
The system volume seems inaccessible or encrypted. Scan can't continue.
<<<2>>>
Can't get device number
Can't access volume using primary device, the volume might be encrypted.
<<<2>>>
Can't get device number
The system volume seems inaccessible or encrypted. Scan can't continue.
         


Alt 09.05.2013, 18:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Ist dein System mit truecrypt oder Bitlocker verschlüsselt?
__________________
--> Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens

Alt 09.05.2013, 18:14   #7
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Zitat:
Ist dein System mit truecrypt oder Bitlocker verschlüsselt?
Nein.

Alt 09.05.2013, 19:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Dann kann ich die Meldung von MBAR nicht nachvollziehen

Bitte mach mal ein Log mit combofix:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 19:34   #9
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Combofix:
Code:
ATTFilter
ComboFix 13-05-09.01 - L 09.05.2013  20:25:27.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.16342.14467 [GMT 2:00]
ausgeführt von:: c:\users\Normal\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-09 bis 2013-05-09  ))))))))))))))))))))))))))))))
.
.
2013-05-09 10:17 . 2013-05-09 15:09	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{87D5222F-C462-40D1-BDF4-88F6F3FE727F}\offreg.dll
2013-05-08 11:07 . 2013-05-08 11:07	--------	d-----w-	c:\users\L\AppData\Roaming\Malwarebytes
2013-05-08 11:07 . 2013-05-08 11:07	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-07 08:52 . 2013-04-10 03:46	9317456	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{87D5222F-C462-40D1-BDF4-88F6F3FE727F}\mpengine.dll
2013-04-26 19:38 . 2013-04-26 19:38	235	----a-w-	c:\windows\SysWow64\nxEuUninstall.bat
2013-04-26 19:38 . 2013-04-26 19:38	446464	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2013-04-24 07:40 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 19:24 . 2013-04-23 19:24	--------	d-----w-	c:\users\L\AppData\Roaming\TERA
2013-04-23 12:16 . 2013-04-23 12:16	--------	d-----w-	c:\users\L\AppData\Local\Gameforge4d
2013-04-23 12:16 . 2013-04-23 12:16	--------	d-----w-	c:\users\L\AppData\Local\Programs
2013-04-20 15:17 . 2013-04-20 15:17	--------	d-----w-	c:\program files (x86)\Common Files\Blizzard Entertainment
2013-04-20 13:38 . 2013-04-20 13:38	21840	----a-w-	c:\windows\SysWow64\SIntfNT.dll
2013-04-20 13:38 . 2013-04-20 13:38	17212	----a-w-	c:\windows\SysWow64\SIntf32.dll
2013-04-20 13:38 . 2013-04-20 13:38	12067	----a-w-	c:\windows\SysWow64\SIntf16.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-27 14:24 . 2013-01-05 13:50	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-27 14:24 . 2013-01-05 13:50	691592	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-10 15:03 . 2013-01-05 14:09	72702784	----a-w-	c:\windows\system32\MRT.exe
2013-02-25 22:32 . 2013-02-25 22:32	25256224	----a-w-	c:\windows\system32\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	2505144	----a-w-	c:\windows\SysWow64\nvapi.dll
2013-02-25 22:32 . 2013-02-25 22:32	15129960	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2013-02-25 22:32 . 2013-02-25 22:32	6262608	----a-w-	c:\windows\SysWow64\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	2826040	----a-w-	c:\windows\system32\nvapi64.dll
2013-02-25 22:32 . 2013-02-25 22:32	18055184	----a-w-	c:\windows\system32\nvd3dumx.dll
2013-02-25 22:32 . 2013-02-25 22:32	1107440	----a-w-	c:\windows\system32\nvumdshimx.dll
2013-02-25 22:32 . 2013-01-05 12:09	1814304	----a-w-	c:\windows\system32\nvdispco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	958120	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2013-02-25 22:32 . 2013-02-25 22:32	2720544	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	26929440	----a-w-	c:\windows\system32\nvoglv64.dll
2013-02-25 22:32 . 2013-02-25 22:32	7932256	----a-w-	c:\windows\SysWow64\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	2346784	----a-w-	c:\windows\system32\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	245872	----a-w-	c:\windows\system32\nvinitx.dll
2013-02-25 22:32 . 2013-02-25 22:32	11036448	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2013-02-25 22:32 . 2013-01-05 12:09	1510176	----a-w-	c:\windows\system32\nvdispgenco64.dll
2013-02-25 22:32 . 2013-02-25 22:32	2904352	----a-w-	c:\windows\system32\nvcuvid.dll
2013-02-25 22:32 . 2013-02-25 22:32	20449056	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2013-02-25 22:32 . 2013-02-25 22:32	15053264	----a-w-	c:\windows\system32\nvwgf2umx.dll
2013-02-25 22:32 . 2013-02-25 22:32	17560352	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2013-02-25 22:32 . 2013-02-25 22:32	7564040	----a-w-	c:\windows\system32\nvopencl.dll
2013-02-25 22:32 . 2013-02-25 22:32	1985824	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2013-02-25 22:32 . 2013-02-25 22:32	12641992	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2013-02-25 22:32 . 2013-02-25 22:32	9390760	----a-w-	c:\windows\system32\nvcuda.dll
2013-02-25 22:32 . 2013-02-25 22:32	201576	----a-w-	c:\windows\SysWow64\nvinit.dll
2013-02-12 05:45 . 2013-03-13 08:54	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 08:54	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 08:54	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 08:54	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 08:54	474112	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:54	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-02-12 04:12 . 2013-03-20 20:58	19968	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-26 291608]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2013-01-05 206448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-07 121344]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [2011-09-21 49760]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
2013-05-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\L\AppData\Roaming\Mozilla\Firefox\Profiles\pwnmohpf.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Normal\Desktop\mbar\mbar.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-09  20:29:10
ComboFix-quarantined-files.txt  2013-05-09 18:29
.
Vor Suchlauf: 8 Verzeichnis(se), 44.493.111.296 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 45.207.592.960 Bytes frei
.
- - End Of File - - C3177A28A1F7835B2E8A55A842A1BA6D
         

Alt 09.05.2013, 21:15   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 21:39   #11
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



aswMBR hängt sich direkt nach dem Start des Scans auf.

TDSS-Killer:
Code:
ATTFilter
22:26:55.0173 1996  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:26:55.0340 1996  ============================================================
22:26:55.0340 1996  Current date / time: 2013/05/09 22:26:55.0340
22:26:55.0340 1996  SystemInfo:
22:26:55.0340 1996  
22:26:55.0340 1996  OS Version: 6.1.7601 ServicePack: 1.0
22:26:55.0340 1996  Product type: Workstation
22:26:55.0340 1996  ComputerName: L-PC
22:26:55.0340 1996  UserName: L
22:26:55.0340 1996  Windows directory: C:\Windows
22:26:55.0340 1996  System windows directory: C:\Windows
22:26:55.0340 1996  Running under WOW64
22:26:55.0340 1996  Processor architecture: Intel x64
22:26:55.0340 1996  Number of processors: 4
22:26:55.0340 1996  Page size: 0x1000
22:26:55.0340 1996  Boot type: Normal boot
22:26:55.0340 1996  ============================================================
22:26:56.0256 1996  Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:56.0266 1996  Drive \Device\Harddisk1\DR1 - Size: 0x3A38A25E00 (232.88 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:26:56.0268 1996  ============================================================
22:26:56.0268 1996  \Device\Harddisk0\DR0:
22:26:56.0268 1996  MBR partitions:
22:26:56.0268 1996  \Device\Harddisk1\DR1:
22:26:56.0268 1996  MBR partitions:
22:26:56.0268 1996  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x752F800
22:26:56.0278 1996  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x75304E0, BlocksNum 0x2711637
22:26:56.0289 1996  \Device\Harddisk1\DR1\Partition3: MBR, Type 0x7, StartLBA 0x9C41B56, BlocksNum 0x1357EB6A
22:26:56.0289 1996  ============================================================
22:26:56.0319 1996  D: <-> \Device\Harddisk1\DR1\Partition1
22:26:56.0352 1996  E: <-> \Device\Harddisk1\DR1\Partition2
22:26:56.0385 1996  F: <-> \Device\Harddisk1\DR1\Partition3
22:26:56.0385 1996  ============================================================
22:26:56.0385 1996  Initialize success
22:26:56.0385 1996  ============================================================
22:27:21.0754 3108  ============================================================
22:27:21.0754 3108  Scan started
22:27:21.0754 3108  Mode: Manual; SigCheck; TDLFS; 
22:27:21.0754 3108  ============================================================
22:27:21.0865 3108  ================ Scan system memory ========================
22:27:21.0865 3108  System memory - ok
22:27:21.0865 3108  ================ Scan services =============================
22:27:21.0893 3108  1394ohci - ok
22:27:21.0896 3108  ACPI - ok
22:27:21.0898 3108  AcpiPmi - ok
22:27:21.0911 3108  AdobeARMservice - ok
22:27:21.0915 3108  adp94xx - ok
22:27:21.0918 3108  adpahci - ok
22:27:21.0921 3108  adpu320 - ok
22:27:21.0926 3108  AeLookupSvc - ok
22:27:21.0930 3108  AFD - ok
22:27:21.0933 3108  agp440 - ok
22:27:21.0936 3108  ALG - ok
22:27:21.0939 3108  aliide - ok
22:27:21.0943 3108  amdide - ok
22:27:21.0946 3108  AmdK8 - ok
22:27:21.0948 3108  AmdPPM - ok
22:27:21.0950 3108  amdsata - ok
22:27:21.0952 3108  amdsbs - ok
22:27:21.0954 3108  amdxata - ok
22:27:21.0956 3108  AppID - ok
22:27:21.0958 3108  AppIDSvc - ok
22:27:21.0960 3108  Appinfo - ok
22:27:21.0963 3108  AppMgmt - ok
22:27:21.0965 3108  arc - ok
22:27:21.0966 3108  arcsas - ok
22:27:21.0972 3108  asahci64 - ok
22:27:21.0995 3108  aspnet_state - ok
22:27:21.0997 3108  AsyncMac - ok
22:27:21.0999 3108  atapi - ok
22:27:22.0001 3108  AudioEndpointBuilder - ok
22:27:22.0003 3108  AudioSrv - ok
22:27:22.0005 3108  AVP - ok
22:27:22.0008 3108  AxInstSV - ok
22:27:22.0010 3108  b06bdrv - ok
22:27:22.0012 3108  b57nd60a - ok
22:27:22.0015 3108  BDESVC - ok
22:27:22.0018 3108  Beep - ok
22:27:22.0021 3108  BFE - ok
22:27:22.0023 3108  BITS - ok
22:27:22.0024 3108  blbdrive - ok
22:27:22.0026 3108  bowser - ok
22:27:22.0028 3108  BrFiltLo - ok
22:27:22.0030 3108  BrFiltUp - ok
22:27:22.0039 3108  BridgeMP - ok
22:27:22.0042 3108  Browser - ok
22:27:22.0048 3108  Brserid - ok
22:27:22.0051 3108  BrSerWdm - ok
22:27:22.0053 3108  BrUsbMdm - ok
22:27:22.0054 3108  BrUsbSer - ok
22:27:22.0056 3108  BTHMODEM - ok
22:27:22.0060 3108  bthserv - ok
22:27:22.0063 3108  catchme - ok
22:27:22.0064 3108  cdfs - ok
22:27:22.0067 3108  cdrom - ok
22:27:22.0076 3108  CertPropSvc - ok
22:27:22.0078 3108  circlass - ok
22:27:22.0080 3108  CLFS - ok
22:27:22.0082 3108  clr_optimization_v2.0.50727_32 - ok
22:27:22.0085 3108  clr_optimization_v2.0.50727_64 - ok
22:27:22.0088 3108  clr_optimization_v4.0.30319_32 - ok
22:27:22.0090 3108  clr_optimization_v4.0.30319_64 - ok
22:27:22.0092 3108  CmBatt - ok
22:27:22.0094 3108  cmdide - ok
22:27:22.0096 3108  CNG - ok
22:27:22.0099 3108  Compbatt - ok
22:27:22.0101 3108  CompositeBus - ok
22:27:22.0110 3108  COMSysApp - ok
22:27:22.0113 3108  crcdisk - ok
22:27:22.0116 3108  CryptSvc - ok
22:27:22.0118 3108  CSC - ok
22:27:22.0120 3108  CscService - ok
22:27:22.0123 3108  DcomLaunch - ok
22:27:22.0125 3108  defragsvc - ok
22:27:22.0127 3108  DfsC - ok
22:27:22.0129 3108  Dhcp - ok
22:27:22.0131 3108  discache - ok
22:27:22.0134 3108  Disk - ok
22:27:22.0136 3108  dmvsc - ok
22:27:22.0138 3108  Dnscache - ok
22:27:22.0140 3108  dot3svc - ok
22:27:22.0142 3108  DPS - ok
22:27:22.0148 3108  drmkaud - ok
22:27:22.0149 3108  DXGKrnl - ok
22:27:22.0151 3108  EagleX64 - ok
22:27:22.0153 3108  EapHost - ok
22:27:22.0155 3108  ebdrv - ok
22:27:22.0157 3108  EFS - ok
22:27:22.0159 3108  ehRecvr - ok
22:27:22.0160 3108  ehSched - ok
22:27:22.0163 3108  elxstor - ok
22:27:22.0164 3108  ErrDev - ok
22:27:22.0168 3108  EventSystem - ok
22:27:22.0170 3108  exfat - ok
22:27:22.0172 3108  fastfat - ok
22:27:22.0174 3108  Fax - ok
22:27:22.0176 3108  fdc - ok
22:27:22.0178 3108  fdPHost - ok
22:27:22.0180 3108  FDResPub - ok
22:27:22.0182 3108  FileInfo - ok
22:27:22.0184 3108  Filetrace - ok
22:27:22.0185 3108  flpydisk - ok
22:27:22.0187 3108  FltMgr - ok
22:27:22.0189 3108  FontCache - ok
22:27:22.0191 3108  FontCache3.0.0.0 - ok
22:27:22.0193 3108  FsDepends - ok
22:27:22.0195 3108  Fs_Rec - ok
22:27:22.0198 3108  fvevol - ok
22:27:22.0201 3108  gagp30kx - ok
22:27:22.0203 3108  gpsvc - ok
22:27:22.0205 3108  hamachi - ok
22:27:22.0206 3108  hcw85cir - ok
22:27:22.0209 3108  HdAudAddService - ok
22:27:22.0212 3108  HDAudBus - ok
22:27:22.0214 3108  HidBatt - ok
22:27:22.0216 3108  HidBth - ok
22:27:22.0218 3108  HidIr - ok
22:27:22.0219 3108  hidserv - ok
22:27:22.0222 3108  HidUsb - ok
22:27:22.0224 3108  hkmsvc - ok
22:27:22.0227 3108  HomeGroupListener - ok
22:27:22.0229 3108  HomeGroupProvider - ok
22:27:22.0231 3108  HpSAMD - ok
22:27:22.0233 3108  HTTP - ok
22:27:22.0235 3108  hwpolicy - ok
22:27:22.0237 3108  i8042prt - ok
22:27:22.0239 3108  iaStor - ok
22:27:22.0242 3108  iaStorV - ok
22:27:22.0244 3108  idsvc - ok
22:27:22.0245 3108  iirsp - ok
22:27:22.0247 3108  IKEEXT - ok
22:27:22.0250 3108  IntcAzAudAddService - ok
22:27:22.0252 3108  Intel(R) Capability Licensing Service Interface - ok
22:27:22.0254 3108  Intel(R) ME Service - ok
22:27:22.0256 3108  intelide - ok
22:27:22.0258 3108  intelppm - ok
22:27:22.0260 3108  IPBusEnum - ok
22:27:22.0262 3108  IpFilterDriver - ok
22:27:22.0264 3108  iphlpsvc - ok
22:27:22.0266 3108  IPMIDRV - ok
22:27:22.0268 3108  IPNAT - ok
22:27:22.0270 3108  IRENUM - ok
22:27:22.0272 3108  isapnp - ok
22:27:22.0274 3108  iScsiPrt - ok
22:27:22.0277 3108  iusb3hcs - ok
22:27:22.0279 3108  iusb3hub - ok
22:27:22.0280 3108  iusb3xhc - ok
22:27:22.0282 3108  jhi_service - ok
22:27:22.0284 3108  kbdclass - ok
22:27:22.0287 3108  kbdhid - ok
22:27:22.0289 3108  KeyIso - ok
22:27:22.0291 3108  KL1 - ok
22:27:22.0293 3108  kl2 - ok
22:27:22.0295 3108  KLIF - ok
22:27:22.0296 3108  KLIM6 - ok
22:27:22.0298 3108  klmouflt - ok
22:27:22.0300 3108  KSecDD - ok
22:27:22.0302 3108  KSecPkg - ok
22:27:22.0304 3108  ksthunk - ok
22:27:22.0305 3108  KtmRm - ok
22:27:22.0307 3108  LanmanServer - ok
22:27:22.0310 3108  LanmanWorkstation - ok
22:27:22.0314 3108  lltdio - ok
22:27:22.0316 3108  lltdsvc - ok
22:27:22.0318 3108  lmhosts - ok
22:27:22.0320 3108  LMS - ok
22:27:22.0323 3108  LSI_FC - ok
22:27:22.0325 3108  LSI_SAS - ok
22:27:22.0327 3108  LSI_SAS2 - ok
22:27:22.0330 3108  LSI_SCSI - ok
22:27:22.0332 3108  luafv - ok
22:27:22.0334 3108  MBfilt - ok
22:27:22.0335 3108  Mcx2Svc - ok
22:27:22.0337 3108  megasas - ok
22:27:22.0340 3108  MegaSR - ok
22:27:22.0342 3108  MEIx64 - ok
22:27:22.0344 3108  MMCSS - ok
22:27:22.0346 3108  Modem - ok
22:27:22.0348 3108  monitor - ok
22:27:22.0366 3108  mouclass - ok
22:27:22.0369 3108  mouhid - ok
22:27:22.0379 3108  mountmgr - ok
22:27:22.0382 3108  MozillaMaintenance - ok
22:27:22.0384 3108  mpio - ok
22:27:22.0385 3108  mpsdrv - ok
22:27:22.0387 3108  MpsSvc - ok
22:27:22.0389 3108  MRxDAV - ok
22:27:22.0391 3108  mrxsmb - ok
22:27:22.0392 3108  mrxsmb10 - ok
22:27:22.0394 3108  mrxsmb20 - ok
22:27:22.0396 3108  msahci - ok
22:27:22.0398 3108  msdsm - ok
22:27:22.0400 3108  MSDTC - ok
22:27:22.0403 3108  Msfs - ok
22:27:22.0405 3108  mshidkmdf - ok
22:27:22.0407 3108  msisadrv - ok
22:27:22.0409 3108  MSiSCSI - ok
22:27:22.0411 3108  msiserver - ok
22:27:22.0412 3108  MSKSSRV - ok
22:27:22.0414 3108  MSPCLOCK - ok
22:27:22.0416 3108  MSPQM - ok
22:27:22.0418 3108  MsRPC - ok
22:27:22.0420 3108  mssmbios - ok
22:27:22.0422 3108  MSTEE - ok
22:27:22.0424 3108  MTConfig - ok
22:27:22.0426 3108  Mup - ok
22:27:22.0428 3108  napagent - ok
22:27:22.0429 3108  NativeWifiP - ok
22:27:22.0436 3108  NDIS - ok
22:27:22.0438 3108  NdisCap - ok
22:27:22.0440 3108  NdisTapi - ok
22:27:22.0442 3108  Ndisuio - ok
22:27:22.0444 3108  NdisWan - ok
22:27:22.0446 3108  NDProxy - ok
22:27:22.0448 3108  NetBIOS - ok
22:27:22.0450 3108  NetBT - ok
22:27:22.0451 3108  Netlogon - ok
22:27:22.0453 3108  Netman - ok
22:27:22.0455 3108  NetMsmqActivator - ok
22:27:22.0458 3108  NetPipeActivator - ok
22:27:22.0460 3108  netprofm - ok
22:27:22.0462 3108  NetTcpActivator - ok
22:27:22.0464 3108  NetTcpPortSharing - ok
22:27:22.0466 3108  nfrd960 - ok
22:27:22.0476 3108  NlaSvc - ok
22:27:22.0477 3108  Npfs - ok
22:27:22.0479 3108  nsi - ok
22:27:22.0481 3108  nsiproxy - ok
22:27:22.0483 3108  Ntfs - ok
22:27:22.0485 3108  Null - ok
22:27:22.0488 3108  NVHDA - ok
22:27:22.0490 3108  nvlddmkm - ok
22:27:22.0493 3108  nvraid - ok
22:27:22.0495 3108  nvstor - ok
22:27:22.0496 3108  nvsvc - ok
22:27:22.0498 3108  nvUpdatusService - ok
22:27:22.0500 3108  nv_agp - ok
22:27:22.0502 3108  ohci1394 - ok
22:27:22.0504 3108  p2pimsvc - ok
22:27:22.0505 3108  p2psvc - ok
22:27:22.0507 3108  Parport - ok
22:27:22.0509 3108  partmgr - ok
22:27:22.0511 3108  PcaSvc - ok
22:27:22.0512 3108  pci - ok
22:27:22.0514 3108  pciide - ok
22:27:22.0516 3108  pcmcia - ok
22:27:22.0518 3108  pcw - ok
22:27:22.0519 3108  PEAUTH - ok
22:27:22.0521 3108  PeerDistSvc - ok
22:27:22.0524 3108  PerfHost - ok
22:27:22.0528 3108  pla - ok
22:27:22.0530 3108  PlugPlay - ok
22:27:22.0531 3108  PNRPAutoReg - ok
22:27:22.0533 3108  PNRPsvc - ok
22:27:22.0535 3108  PolicyAgent - ok
22:27:22.0537 3108  Power - ok
22:27:22.0540 3108  PptpMiniport - ok
22:27:22.0541 3108  Processor - ok
22:27:22.0543 3108  ProfSvc - ok
22:27:22.0545 3108  ProtectedStorage - ok
22:27:22.0547 3108  Psched - ok
22:27:22.0549 3108  ql2300 - ok
22:27:22.0550 3108  ql40xx - ok
22:27:22.0552 3108  QWAVE - ok
22:27:22.0554 3108  QWAVEdrv - ok
22:27:22.0556 3108  RasAcd - ok
22:27:22.0558 3108  RasAgileVpn - ok
22:27:22.0562 3108  RasAuto - ok
22:27:22.0563 3108  Rasl2tp - ok
22:27:22.0565 3108  RasMan - ok
22:27:22.0567 3108  RasPppoe - ok
22:27:22.0569 3108  RasSstp - ok
22:27:22.0571 3108  rdbss - ok
22:27:22.0573 3108  rdpbus - ok
22:27:22.0575 3108  RDPCDD - ok
22:27:22.0577 3108  RDPDR - ok
22:27:22.0579 3108  RDPENCDD - ok
22:27:22.0582 3108  RDPREFMP - ok
22:27:22.0584 3108  RDPWD - ok
22:27:22.0585 3108  rdyboost - ok
22:27:22.0587 3108  RemoteAccess - ok
22:27:22.0589 3108  RemoteRegistry - ok
22:27:22.0590 3108  RpcEptMapper - ok
22:27:22.0592 3108  RpcLocator - ok
22:27:22.0594 3108  RpcSs - ok
22:27:22.0596 3108  rspndr - ok
22:27:22.0598 3108  RTL8167 - ok
22:27:22.0600 3108  s3cap - ok
22:27:22.0602 3108  SamSs - ok
22:27:22.0603 3108  sbp2port - ok
22:27:22.0605 3108  SCardSvr - ok
22:27:22.0607 3108  scfilter - ok
22:27:22.0609 3108  Schedule - ok
22:27:22.0610 3108  SCPolicySvc - ok
22:27:22.0612 3108  SDRSVC - ok
22:27:22.0614 3108  secdrv - ok
22:27:22.0616 3108  seclogon - ok
22:27:22.0618 3108  SENS - ok
22:27:22.0619 3108  SensrSvc - ok
22:27:22.0621 3108  Serenum - ok
22:27:22.0623 3108  Serial - ok
22:27:22.0625 3108  sermouse - ok
22:27:22.0630 3108  SessionEnv - ok
22:27:22.0631 3108  sffdisk - ok
22:27:22.0633 3108  sffp_mmc - ok
22:27:22.0635 3108  sffp_sd - ok
22:27:22.0637 3108  sfloppy - ok
22:27:22.0639 3108  SharedAccess - ok
22:27:22.0640 3108  ShellHWDetection - ok
22:27:22.0642 3108  SiSRaid2 - ok
22:27:22.0644 3108  SiSRaid4 - ok
22:27:22.0646 3108  Smb - ok
22:27:22.0650 3108  SNMPTRAP - ok
22:27:22.0652 3108  spldr - ok
22:27:22.0654 3108  Spooler - ok
22:27:22.0655 3108  sppsvc - ok
22:27:22.0657 3108  sppuinotify - ok
22:27:22.0659 3108  srv - ok
22:27:22.0661 3108  srv2 - ok
22:27:22.0663 3108  srvnet - ok
22:27:22.0665 3108  SSDPSRV - ok
22:27:22.0666 3108  SstpSvc - ok
22:27:22.0669 3108  Steam Client Service - ok
22:27:22.0672 3108  Stereo Service - ok
22:27:22.0674 3108  stexstor - ok
22:27:22.0676 3108  stisvc - ok
22:27:22.0678 3108  storflt - ok
22:27:22.0679 3108  StorSvc - ok
22:27:22.0681 3108  storvsc - ok
22:27:22.0683 3108  swenum - ok
22:27:22.0685 3108  swprv - ok
22:27:22.0687 3108  SysMain - ok
22:27:22.0689 3108  TabletInputService - ok
22:27:22.0690 3108  TapiSrv - ok
22:27:22.0692 3108  TBS - ok
22:27:22.0694 3108  Tcpip - ok
22:27:22.0696 3108  TCPIP6 - ok
22:27:22.0698 3108  tcpipreg - ok
22:27:22.0701 3108  TDPIPE - ok
22:27:22.0703 3108  TDTCP - ok
22:27:22.0704 3108  tdx - ok
22:27:22.0706 3108  TermDD - ok
22:27:22.0708 3108  TermService - ok
22:27:22.0710 3108  Themes - ok
22:27:22.0712 3108  THREADORDER - ok
22:27:22.0714 3108  TrkWks - ok
22:27:22.0715 3108  TrustedInstaller - ok
22:27:22.0718 3108  tssecsrv - ok
22:27:22.0720 3108  TsUsbFlt - ok
22:27:22.0722 3108  TsUsbGD - ok
22:27:22.0725 3108  tunnel - ok
22:27:22.0726 3108  uagp35 - ok
22:27:22.0728 3108  udfs - ok
22:27:22.0732 3108  UI0Detect - ok
22:27:22.0733 3108  uliagpkx - ok
22:27:22.0736 3108  umbus - ok
22:27:22.0738 3108  UmPass - ok
22:27:22.0740 3108  UmRdpService - ok
22:27:22.0742 3108  UNS - ok
22:27:22.0744 3108  upnphost - ok
22:27:22.0748 3108  usbccgp - ok
22:27:22.0750 3108  usbcir - ok
22:27:22.0752 3108  usbehci - ok
22:27:22.0768 3108  usbhub - ok
22:27:22.0770 3108  usbohci - ok
22:27:22.0772 3108  usbprint - ok
22:27:22.0773 3108  USBSTOR - ok
22:27:22.0776 3108  usbuhci - ok
22:27:22.0777 3108  UxSms - ok
22:27:22.0779 3108  VaultSvc - ok
22:27:22.0781 3108  vdrvroot - ok
22:27:22.0783 3108  vds - ok
22:27:22.0785 3108  vga - ok
22:27:22.0787 3108  VgaSave - ok
22:27:22.0788 3108  vhdmp - ok
22:27:22.0790 3108  viaide - ok
22:27:22.0792 3108  vmbus - ok
22:27:22.0794 3108  VMBusHID - ok
22:27:22.0796 3108  volmgr - ok
22:27:22.0798 3108  volmgrx - ok
22:27:22.0800 3108  volsnap - ok
22:27:22.0802 3108  vsmraid - ok
22:27:22.0804 3108  VSS - ok
22:27:22.0806 3108  vwifibus - ok
22:27:22.0812 3108  W32Time - ok
22:27:22.0814 3108  WacomPen - ok
22:27:22.0817 3108  WANARP - ok
22:27:22.0819 3108  Wanarpv6 - ok
22:27:22.0821 3108  wbengine - ok
22:27:22.0822 3108  WbioSrvc - ok
22:27:22.0824 3108  wcncsvc - ok
22:27:22.0826 3108  WcsPlugInService - ok
22:27:22.0828 3108  Wd - ok
22:27:22.0830 3108  Wdf01000 - ok
22:27:22.0831 3108  WdiServiceHost - ok
22:27:22.0833 3108  WdiSystemHost - ok
22:27:22.0835 3108  WebClient - ok
22:27:22.0837 3108  Wecsvc - ok
22:27:22.0838 3108  wercplsupport - ok
22:27:22.0841 3108  WerSvc - ok
22:27:22.0843 3108  WfpLwf - ok
22:27:22.0844 3108  WIMMount - ok
22:27:22.0846 3108  WinDefend - ok
22:27:22.0854 3108  WinHttpAutoProxySvc - ok
22:27:22.0856 3108  Winmgmt - ok
22:27:22.0857 3108  WinRM - ok
22:27:22.0861 3108  Wlansvc - ok
22:27:22.0863 3108  WmiAcpi - ok
22:27:22.0865 3108  wmiApSrv - ok
22:27:22.0867 3108  WMPNetworkSvc - ok
22:27:22.0869 3108  WPCSvc - ok
22:27:22.0871 3108  WPDBusEnum - ok
22:27:22.0872 3108  ws2ifsl - ok
22:27:22.0874 3108  wscsvc - ok
22:27:22.0876 3108  WSearch - ok
22:27:22.0879 3108  wuauserv - ok
22:27:22.0881 3108  WudfPf - ok
22:27:22.0884 3108  WUDFRd - ok
22:27:22.0886 3108  wudfsvc - ok
22:27:22.0888 3108  WwanSvc - ok
22:27:22.0890 3108  ================ Scan global ===============================
22:27:22.0891 3108  [Global] - ok
22:27:22.0892 3108  ================ Scan MBR ==================================
22:27:22.0893 3108  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:27:23.0103 3108  \Device\Harddisk0\DR0 - ok
22:27:23.0122 3108  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
22:27:23.0232 3108  \Device\Harddisk1\DR1 - ok
22:27:23.0232 3108  ================ Scan VBR ==================================
22:27:23.0235 3108  [ 77CAEE3A92F16C2D3A79A70BEBC26E8E ] \Device\Harddisk1\DR1\Partition1
22:27:23.0236 3108  \Device\Harddisk1\DR1\Partition1 - ok
22:27:23.0259 3108  [ 287C82281F15200405007527DF395E0A ] \Device\Harddisk1\DR1\Partition2
22:27:23.0261 3108  \Device\Harddisk1\DR1\Partition2 - ok
22:27:23.0278 3108  [ B491E917956FC8E4D21CE9DBAEC0802A ] \Device\Harddisk1\DR1\Partition3
22:27:23.0280 3108  \Device\Harddisk1\DR1\Partition3 - ok
22:27:23.0280 3108  ============================================================
22:27:23.0280 3108  Scan finished
22:27:23.0280 3108  ============================================================
22:27:23.0289 3204  Detected object count: 0
22:27:23.0289 3204  Actual detected object count: 0
22:27:36.0128 1720  Deinitialize success
         
Ich hätte noch eine Vermutung dafür dass Malwarebytes Anti-Rootkit nicht funktioniert:
Ich habe damals die Partitionen der Festplatten über die Systemsteuerung von Windows erstellt. Hierbei habe ich ausversehen bei einer Partition zugestimmt, dass es in ein dynamisches Laufwerk umgewandelt werden soll. Daraufhin wurden alle Partitionen umgewandelt. Kann es sein das Malwarebytes Anti-Rootkit nicht mit den dynamischen Laufwerken zurecht kommt?

Alt 09.05.2013, 21:57   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Kann sein, das MBAR dynamische Volumes noch nicht mag. MBAR ist leider noch im Beta-Stadium aber oft sehr hilfreich.

Was ist mit aswMBR?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 22:01   #13
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Ich starte aswMBR lade die Definitionen herunter, drücke auf Scan. Dann werden die Partitionen aufgelistet und anschließend reagiert das Programm nicht mehr und ich werde gefragt ob ich es beenden möchte. AV Scan (none) bringt auch nichts.

Alt 09.05.2013, 22:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



Es kann sein, dass weder MBAR noch aswMBR dynamische Volumes mag.
Ich hab diese Tools noch nie auf ein Windows mit dynamischen Volumes gelassen, allgemein lass ich von diesen dynamischen Volumes auch auf Grund anderer Inkompatibilitäten die Finger, die haben auch kaum Vorteile bzw solche die für Heimanwender eigentlich nicht interessant sind => Was sind Basisdatenträger und dynamische Datenträger? (das mit den dyn. Datenträgern und Partitionen entspricht in etwa LVM wie man es von Unix/Linux kennt)

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Danach eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in CODE-Tags hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.05.2013, 23:04   #15
Trydus
 
Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Standard

Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens



jrt:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by L on 09.05.2013 at 23:42:49,33
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.05.2013 at 23:48:17,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
adwcleaner:
Code:
ATTFilter
# AdwCleaner v2.300 - Datei am 09/05/2013 um 23:54:04 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : L - L-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Normal\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\L\AppData\Roaming\MoziLLa\Firefox\Profiles\pwnmohpf.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [715 octets] - [09/05/2013 23:54:04]

########## EOF - \AdwCleaner[S1].txt - [774 octets] ##########
         
otl.txt:
Code:
ATTFilter
OTL logfile created on: 09.05.2013 23:59:04 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Normal\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,99 Gb Available Physical Memory | 87,64% Memory free
31,92 Gb Paging File | 29,78 Gb Available in Paging File | 93,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,27 Gb Total Space | 43,69 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 3,10 Gb Free Space | 15,86% Space Free | Partition Type: NTFS
Drive F: | 154,75 Gb Total Space | 10,12 Gb Free Space | 6,54% Space Free | Partition Type: NTFS
Drive G: | 586,91 Gb Total Space | 501,76 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive H: | 585,94 Gb Total Space | 581,21 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive J: | 591,80 Gb Total Space | 591,69 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: L-PC | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Normal\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MBfilt) -- C:\Windows\SysNative\drivers\MBfilt64.sys (Creative Technology Ltd.)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 54 94 0D 00 44 EB CD 01  [binary data]
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3807919450-2642718585-2368976298-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2013.01.05 14:47:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.08 17:48:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.05 14:57:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Extensions
[2013.01.05 14:58:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\L\AppData\Roaming\mozilla\Firefox\Profiles\pwnmohpf.default\extensions
[2013.01.05 14:58:12 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\L\AppData\Roaming\mozilla\firefox\profiles\pwnmohpf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.05.08 17:48:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.09 20:28:15 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000..\RunOnce: [Report] \AdwCleaner[S1].txt ()
O4 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3807919450-2642718585-2368976298-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDBF6B2A-3B09-4B59-AAB5-EF020D82C77A}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 23:42:48 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.09 23:42:26 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.09 20:30:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.09 20:29:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.09 20:29:11 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\temp
[2013.05.09 20:24:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.09 20:24:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.09 20:24:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.09 20:24:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.09 20:24:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.08 13:07:28 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\Malwarebytes
[2013.05.08 13:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.30 16:45:02 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.30 16:45:02 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.30 16:45:02 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.30 16:45:02 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.30 16:45:02 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.30 16:45:02 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.30 16:45:02 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.30 16:45:02 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.30 16:45:02 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.30 16:45:02 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.30 16:45:02 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.30 16:45:02 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.30 16:45:02 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.30 16:45:02 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.30 16:45:02 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.30 16:45:02 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.30 16:45:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.30 16:45:02 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.30 16:45:02 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.30 16:45:02 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.30 16:45:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.30 16:45:02 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.30 16:45:02 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.30 16:45:02 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.30 16:45:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.30 16:45:02 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.30 16:45:02 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.30 16:45:02 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.30 16:45:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.30 16:45:02 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.30 16:45:02 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.30 16:45:02 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.30 16:45:02 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.30 16:45:02 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.30 16:45:02 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.30 16:45:02 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.30 16:45:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.30 16:45:02 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.30 16:45:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.30 16:45:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.30 16:45:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.30 16:45:02 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.30 16:45:02 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.30 16:45:02 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.30 16:45:02 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.30 16:45:02 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.30 16:45:02 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.30 16:45:02 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.30 16:45:02 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.30 16:45:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.30 16:45:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.30 16:45:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.30 16:45:02 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.30 16:45:02 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.30 16:45:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.30 16:45:02 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.30 16:45:02 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.30 16:45:02 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.30 16:45:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.30 16:45:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.30 16:45:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.30 16:45:02 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.30 16:45:02 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.30 16:45:02 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.30 16:45:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.30 16:45:02 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.30 16:45:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.30 16:45:02 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.26 21:38:06 | 000,446,464 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.04.23 21:24:56 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\TERA
[2013.04.23 21:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.04.23 14:16:43 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Gameforge4d
[2013.04.23 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Local\Programs
[2013.04.20 17:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2013.04.20 17:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013.04.20 15:37:19 | 000,000,000 | ---D | C] -- C:\Users\L\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.04.16 14:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Development Kit
[2013.04.10 16:12:33 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 16:12:33 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 16:12:33 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 16:12:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 16:12:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 16:12:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 16:12:31 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 16:12:31 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 16:12:31 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 16:12:31 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 16:12:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 16:12:31 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 23:55:21 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.05.09 23:55:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.09 23:55:04 | 4261,769,214 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.09 23:54:42 | 000,682,290 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 23:54:42 | 000,647,898 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 23:54:42 | 000,143,610 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 23:54:42 | 000,117,022 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 23:54:36 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 23:54:36 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 20:28:15 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.09 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.05.09 12:58:47 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.08 17:48:07 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.30 16:45:02 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.30 16:45:02 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.30 16:45:02 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.30 16:45:02 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.30 16:45:02 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.30 16:45:02 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.30 16:45:02 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.30 16:45:02 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.30 16:45:02 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.30 16:45:02 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.30 16:45:02 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.30 16:45:02 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.30 16:45:02 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.30 16:45:02 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.30 16:45:02 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.30 16:45:02 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.30 16:45:02 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.30 16:45:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.30 16:45:02 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.30 16:45:02 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.30 16:45:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.30 16:45:02 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.30 16:45:02 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.30 16:45:02 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.30 16:45:02 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.30 16:45:02 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.30 16:45:02 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.30 16:45:02 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.30 16:45:02 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.30 16:45:02 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.30 16:45:02 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.30 16:45:02 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.30 16:45:02 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.30 16:45:02 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.30 16:45:02 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.30 16:45:02 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.30 16:45:02 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.30 16:45:02 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.30 16:45:02 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.30 16:45:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.30 16:45:02 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.30 16:45:02 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.30 16:45:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.30 16:45:02 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.30 16:45:02 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.30 16:45:02 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.30 16:45:02 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.30 16:45:02 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.30 16:45:02 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.30 16:45:02 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.30 16:45:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.30 16:45:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.30 16:45:02 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.30 16:45:02 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.30 16:45:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.30 16:45:02 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.30 16:45:02 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.30 16:45:02 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.30 16:45:02 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.30 16:45:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.30 16:45:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.30 16:45:02 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.30 16:45:02 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.30 16:45:02 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.30 16:45:02 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 16:45:02 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.30 16:45:02 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.30 16:45:02 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.30 16:45:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.30 16:45:02 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.29 15:54:36 | 000,000,594 | ---- | M] () -- C:\Users\L\Desktop\Neverwinter.lnk
[2013.04.27 16:24:51 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.27 16:24:51 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.26 21:38:14 | 000,000,235 | ---- | M] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.04.26 21:38:06 | 000,446,464 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[2013.04.23 21:24:45 | 000,000,655 | ---- | M] () -- C:\Users\L\Desktop\TERA.lnk
[2013.04.20 17:17:56 | 000,000,682 | ---- | M] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2013.04.20 15:38:00 | 000,021,840 | ---- | M] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.20 15:38:00 | 000,017,212 | ---- | M] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.20 15:38:00 | 000,012,067 | ---- | M] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.04.10 18:49:46 | 000,275,856 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.09 20:24:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.09 20:24:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.09 20:24:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.09 20:24:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.09 20:24:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.08 17:48:07 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.05.08 17:48:07 | 000,001,157 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.30 16:45:02 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 16:45:02 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.29 15:54:36 | 000,000,594 | ---- | C] () -- C:\Users\L\Desktop\Neverwinter.lnk
[2013.04.26 21:38:14 | 000,000,235 | ---- | C] () -- C:\Windows\SysWow64\nxEuUninstall.bat
[2013.04.23 21:24:46 | 000,000,655 | ---- | C] () -- C:\Users\L\Desktop\TERA.lnk
[2013.04.20 17:17:53 | 000,000,682 | ---- | C] () -- C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk
[2013.04.20 15:38:00 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.04.20 15:38:00 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.04.20 15:38:00 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.03.26 14:49:04 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.05 14:35:00 | 000,017,408 | ---- | C] () -- C:\Users\L\AppData\Local\WebpageIcons.db
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 09.05.2013 23:59:04 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Normal\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,96 Gb Total Physical Memory | 13,99 Gb Available Physical Memory | 87,64% Memory free
31,92 Gb Paging File | 29,78 Gb Available in Paging File | 93,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,27 Gb Total Space | 43,69 Gb Free Space | 44,46% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 58,50 Gb Free Space | 99,85% Space Free | Partition Type: NTFS
Drive E: | 19,53 Gb Total Space | 3,10 Gb Free Space | 15,86% Space Free | Partition Type: NTFS
Drive F: | 154,75 Gb Total Space | 10,12 Gb Free Space | 6,54% Space Free | Partition Type: NTFS
Drive G: | 586,91 Gb Total Space | 501,76 Gb Free Space | 85,49% Space Free | Partition Type: NTFS
Drive H: | 585,94 Gb Total Space | 581,21 Gb Free Space | 99,19% Space Free | Partition Type: NTFS
Drive J: | 591,80 Gb Total Space | 591,69 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
 
Computer Name: L-PC | User Name: L | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3807919450-2642718585-2368976298-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12BDC005-1A77-46A8-8719-ECF6A3BE3AC2}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe | 
"{139B55BB-DAD7-47C4-9B84-540BFD9085CF}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{37666034-483A-44F3-88F6-EB56987626A7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{4FED902C-0C73-4DA6-BD38-68A33E7D3347}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{5935306A-496C-4699-AA8E-208794E4B643}" = protocol=6 | dir=in | app=h:\udk\binaries\win64\udk.exe | 
"{5D9A2AEE-CC07-47D2-B79C-3FBBE7A5BA81}" = protocol=6 | dir=in | app=h:\udk\binaries\win32\udk.exe | 
"{74149502-3491-49AF-B91A-13CAF82EC12F}" = protocol=17 | dir=in | app=f:\steam\steam.exe | 
"{816AF934-9D8E-4009-85BF-2BED8B9CE398}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{95921710-FD27-49E8-B5F6-DE7656AA2A46}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{A1288144-B82E-4F28-B6D3-D6F37D706455}" = protocol=6 | dir=in | app=f:\steam\steam.exe | 
"{A40F01EC-7FC0-41A2-8300-904BB8F47218}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{AC8BD4B4-78B8-4281-B8EB-ADD8C66005E8}" = protocol=17 | dir=in | app=h:\udk\binaries\win32\udk.exe | 
"{B2CF6F0F-1388-47A7-B2E6-8DC606140006}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{BE3CDE59-F2AA-4EBD-89E0-97E2F463F45F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\terraria\terraria.exe | 
"{C56A6FE5-0694-44BE-B61F-ABE726A1719C}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe | 
"{D0CA0E8F-DBEC-4A72-90C7-D41085AF0AB8}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{DEFDA135-BC17-46C7-B6AE-BBDA381708FF}" = protocol=17 | dir=in | app=h:\udk\binaries\win64\udk.exe | 
"{F8A9B413-3773-49C1-9C6A-0B54F905BB70}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\warframe\tools\launcher.exe | 
"{FBD76034-1E6A-4764-8DF3-5493DA43ADD7}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{FEE96AFD-0B47-4A90-A16A-F3175686BD77}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UDK-7b2bcc80-9e8b-4359-81de-ab68dc123bce" = Unreal Development Kit: 2013-02
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Diablo II" = Diablo II
"FlashDevelop" = FlashDevelop 4.3.0
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 105600" = Terraria
"Steam App 230410" = Warframe
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2013 17:51:50 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2013 17:56:56 | Computer Name = L-PC | Source = WinMgmt | ID = 10
Description = 
 
 
< End of report >
         

Antwort

Themen zu Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens
adobe reader xi, bho, black, computer, error, firefox, flash player, homepage, iexplore.exe, install.exe, kaspersky, logfile, malware, mozilla, problem, realtek, registry, scan, security, sekunden, software, starten, taskmanager, tastatur, teamspeak, usb, win64, windows



Ähnliche Themen: Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens


  1. Vermutung auf Malware, was tun?
    Plagegeister aller Art und deren Bekämpfung - 19.10.2014 (11)
  2. Vermutung: AppRound.us Virus nach Installation einer Freeware - VBates Funde
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (9)
  3. Vermutung auf Viren
    Log-Analyse und Auswertung - 07.03.2014 (12)
  4. Vermutung auf Virus
    Log-Analyse und Auswertung - 07.01.2014 (15)
  5. Auf seltsamen Link geklickt
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (23)
  6. Malwareinfektion, was tun?
    Alles rund um Windows - 17.01.2013 (2)
  7. Malwareinfektion Live Security Platinum
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (3)
  8. Aufforderung einer Zahlung von 50euro aufgrund des Polizeivirus(Trojaner)
    Log-Analyse und Auswertung - 16.04.2012 (2)
  9. Trojaner Vermutung
    Log-Analyse und Auswertung - 01.10.2010 (8)
  10. Trojaner-Vermutung
    Log-Analyse und Auswertung - 18.05.2009 (76)
  11. Virus vermutung
    Log-Analyse und Auswertung - 19.09.2008 (17)
  12. PC spielt unregelmäßig seltsamen Sound ab
    Log-Analyse und Auswertung - 16.09.2008 (2)
  13. HJT-Log mit seltsamen Prozessen
    Log-Analyse und Auswertung - 12.08.2005 (7)
  14. Frage zu seltsamen Portscan - bitte um Rat!
    Antiviren-, Firewall- und andere Schutzprogramme - 15.06.2005 (4)
  15. backdoor vermutung
    Plagegeister aller Art und deren Bekämpfung - 02.03.2005 (15)
  16. Hilfe, habe seltsamen Effekt
    Plagegeister aller Art und deren Bekämpfung - 09.02.2005 (4)
  17. Problem mit seltsamen Popup-Fenstern, Hilfe
    Log-Analyse und Auswertung - 01.07.2004 (3)

Zum Thema Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens - Hallo, mein Problem ist folgendes: Seit einigen Tagen verhält sich mein Computer beim Starten manchmal sehr merkwürdig. Nachdem ich das Benutzerkonto ausgewählt habe, starten alle Autostartprogramme in der Seitenleiste ganz - Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens...
Archiv
Du betrachtest: Vermutung einer Malwareinfektion aufgrund seltsamen Startverhaltens auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.