Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   DNS Changer oder anderes Problem (https://www.trojaner-board.de/106852-dns-changer-anderes-problem.html)

Ninimiel1976 25.12.2011 04:26
DNS Changer oder anderes Problem
 
Hallo
Seid einigen Tagen läßt sich mein Rechner nich richtig hochfahren, er stürzt noch vor der Passwort Eingabe mit EINEM lauten Klack ab.
Nach 3-10 Versuchen startet der dann und seid 2 Tagen kommt hinzu das er auch mal mittendrin abstürzt.

Dazu kommt das ich auf goggel Seiten vor einiger Zeit umgeleitet wurde, diese Problem hatte aber ein Bekannter gehoben, sicher bin ich aber nicht. Das System ist irgendwie langsamer als sonst gerade wenn ich im I Net bin.

Am schlimmsten sind aber die Anläufe bis der Rechner mal startet, event sind Datein beschätigt?

Nun dachte ich mir das ich halt Win 7 neu draufspiele, kam aber gar nicht erst in Bios um die Bootreihenfolge zu ändern, nach einigen Versuchen war ich dann drin, geändert aber er installiert nicht neu. Immer wenn ich auf installieren klicke sagt er "ein erforderlicher installationsordner konnte nicht erstellt werden"
Die cd ist in Ordnung, da sie bei meinem Bruder funktioniert.

Ich habe auch schon eine neues Netzteil gekauft weil ich dachte daher kommen die Startprobleme, die Grafikkarte ist auch erst einen Monat alt und alle Kabel wurden mit dem Netzteil neu ersetzt weil ich dachte es könnte dadran liegen. Hat aber auch nichts gebracht.
Nur wird es von Tag zu Tag schlechter mit dem starten des PC´s, er braucht immer mehr Anläufe.
Reparaturen schlagen fehl.

Könnte jemand mir einem Tip geben oder mein System mal durchschauen ob es vielleicht an der Software liegt oder Maleware (Malewarbyts und Kaspersky finden nicht)?

------------------------------------------

Ich Poste gleich noch die erforderlichen Daten von defrogger usw hinterher

Grüße Ninimiel

cosinus 26.12.2011 00:52
Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.
Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort normal läuft.

Ninimiel1976 26.12.2011 00:59
OTL Logfile:
Code:
OTL logfile created on: 26.12.2011 00:10:29 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\---\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,04% Memory free
6,00 Gb Paging File | 4,98 Gb Available in Paging File | 83,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 80,61 Gb Free Space | 54,08% Space Free | Partition Type: NTFS
Drive D: | 4,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: --- | User Name: --- | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\---\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Programme\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_xrc_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxbase28u_xml_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_html_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_adv_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxmsw28u_core_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\wxbase28u_vc_rny.dll ()
MOD - C:\Programme\Rainlendar2\lfs.dll ()
MOD - C:\Programme\Rainlendar2\lua51.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (FSORSPClient) --  File not found
SRV - (FSMA) --  File not found
SRV - (F-Secure Gatekeeper Handler Starter) --  File not found
SRV - (FSDFWD) --  File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (FSFW) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (FSES) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (fsbts) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (PfFilter) -- C:\Programme\IObit\Protected Folder\pffilter.sys (IObit Information Technology)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdW73.sys (Advanced Micro Devices)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 52 1C 37 9B DA CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.type: 4
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Unitymedia\Sicherheitspaket\NRS\litmus-ff@f-secure.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.22 07:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.24 19:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.25 13:57:38 | 000,000,000 | ---D | M]
 
[2011.04.05 15:27:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Extensions
[2011.03.04 23:34:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.26 00:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions
[2011.09.06 12:46:34 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Ninimiel\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.20 11:26:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{cf0fa468-70e0-44e0-a0a3-9332709cf0fc}
[2011.12.16 13:03:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.07.11 18:31:47 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\---\AppData\Roaming\Mozilla\Firefox\Profiles\wxuh4muh.default\extensions\battlefieldheroespatcher@ea.com
[2011.12.26 00:01:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.30 11:13:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.05 02:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.10 19:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.08 12:29:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.25 12:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.09.07 02:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.09.07 02:29:12 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2011.11.30 11:13:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.03.05 02:04:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.04.10 19:35:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.08 12:29:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.12.25 12:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.09.07 02:29:14 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\KAVANTIBANNER@KASPERSKY.RU
[2011.09.07 02:29:12 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\LINKFILTER@KASPERSKY.RU
[2011.11.27 05:57:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.22 07:30:19 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.22 07:30:19 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.05 02:02:47 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.12.22 07:30:19 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.22 07:30:19 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.22 07:30:19 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.20 16:22:00 | 000,431,138 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14840 more lines...
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [Rainlendar2] C:\Programme\Rainlendar2\Rainlendar2.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Ninimiel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\---\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3F2B64E-66E6-4CEC-9A31-98D32D58F79F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) -C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -C:\Programme\Kaspersky Lab\Kaspersky Security Suite CBE 11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.12.24 15:46:01 | 000,000,088 | R--- | M] () - D:\auto irgendwas.txt -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^---^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: BCSSync - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: EA Core - hkey= - key= -  File not found
MsConfig - StartUpReg: F-Secure Manager - hkey= - key= -  File not found
MsConfig - StartUpReg: F-Secure TNB - hkey= - key= -  File not found
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.26 00:08:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ninimiel\Desktop\OTL.exe
[2011.12.22 18:30:41 | 000,000,000 | ---D | C] -- C:\Users\---\Pavark
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Tools
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Mods
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-UserName
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-SP
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-ServerMod
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Server
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Portable
[2011.12.22 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\MineCraft-Games
[2011.12.22 08:21:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\java
[2011.12.22 08:21:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\Extras
[2011.12.22 08:21:52 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\.minecraft server
[2011.12.22 07:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.22 07:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.12.21 00:54:59 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Roaming\.minecraft
[2011.12.20 19:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.20 19:09:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.20 15:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011.12.20 15:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.12.20 04:31:21 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2011.12.20 04:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011.12.20 01:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2011.12.17 20:16:52 | 000,000,000 | ---D | C] -- C:\Users\---\Neuer Ordner
[2011.12.16 13:02:46 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Local\eSupport.com
[2011.12.09 04:17:12 | 000,000,000 | ---D | C] -- C:\Users\---\.rainlendar2
[2011.12.07 20:49:18 | 000,000,000 | ---D | C] -- C:\Users\---\AppData\Local\PMB Files
[2011.12.07 20:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011.12.07 17:12:20 | 000,101,416 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.12.06 14:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainlendar2
[2011.12.06 14:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\Rainlendar2
[2011.12.06 13:08:38 | 000,000,000 | ---D | C] -- C:\Users\Ninimiel\Documents\Freekalender2012
[2011.11.30 11:13:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.26 00:11:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:11:23 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:08:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\---\Desktop\OTL.exe
[2011.12.25 23:50:47 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.25 23:50:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.22 07:45:35 | 000,000,032 | ---- | M] () -- C:\Windows\CD_Start.INI
[2011.12.22 07:32:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.20 23:57:30 | 000,001,871 | ---- | M] () -- C:\Users\---\Desktop\MineCraft.lnk
[2011.12.20 22:54:33 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.20 19:09:23 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 18:10:50 | 000,000,752 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.12.20 16:46:07 | 001,396,436 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011.12.20 16:22:00 | 000,431,138 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.20 15:52:57 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.20 00:04:32 | 000,000,057 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011.12.17 22:22:44 | 003,653,904 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.17 22:22:44 | 001,065,404 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.17 22:22:44 | 000,309,630 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.17 22:22:44 | 000,042,208 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.17 19:53:18 | 000,004,314 | ---- | M] () -- C:\bie786129g.mds
[2011.12.17 19:53:16 | 2593,587,200 | ---- | M] () -- C:\bie786129g.iso
[2011.12.15 22:41:00 | 000,408,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.13 09:35:52 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011.12.13 09:29:24 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011.12.13 09:29:16 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011.12.07 17:12:20 | 000,101,416 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2011.12.06 13:14:22 | 000,000,018 | ---- | M] () -- C:\Windows\xkalFREE2012.dat
[2011.11.30 11:13:06 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.11.28 10:16:58 | 000,000,331 | ---- | M] () -- C:\Windows\SIERRA.INI
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.22 08:22:13 | 000,000,185 | ---- | C] () -- C:\Users\---\AppData\Roaming\MineCraftDownloads.url
[2011.12.22 08:22:13 | 000,000,160 | ---- | C] () -- C:\Users\---\AppData\Roaming\MineCraft.url
[2011.12.20 23:57:32 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.12.20 23:56:43 | 000,001,871 | ---- | C] () -- C:\Users\---\Desktop\MineCraft.lnk
[2011.12.20 19:09:23 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.20 18:10:17 | 000,000,752 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011.12.20 16:45:00 | 001,396,436 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011.12.20 15:52:57 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011.12.17 19:53:18 | 000,004,314 | ---- | C] () -- C:\bie786129g.mds
[2011.12.17 19:47:18 | 2593,587,200 | ---- | C] () -- C:\bie786129g.iso
[2011.12.06 13:14:22 | 000,000,018 | ---- | C] () -- C:\Windows\xkalFREE2012.dat
[2011.11.18 18:57:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.11.18 18:57:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.10.22 19:41:29 | 000,153,088 | ---- | C] () -- C:\Windows\System32\fldlckun.exe
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.09.23 21:30:21 | 000,001,478 | ---- | C] () -- C:\Users\---\AppData\Local\RecConfig.xml
[2011.09.14 10:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.09.07 02:29:02 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2011.09.07 02:29:02 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.08.25 12:53:32 | 000,017,408 | ---- | C] () -- C:\Users\---\AppData\Local\WebpageIcons.db
[2011.08.21 21:40:17 | 000,042,672 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2011.07.11 18:38:06 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.07.11 18:38:05 | 000,138,056 | ---- | C] () -- C:\Users\----\AppData\Roaming\PnkBstrK.sys
[2011.07.11 18:37:39 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.07.11 18:37:36 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.07.08 09:43:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.07.08 09:41:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.22 23:02:43 | 000,001,663 | ---- | C] () -- C:\Windows\wininit.ini
[2011.05.22 22:59:04 | 000,000,331 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011.04.24 17:11:39 | 000,005,115 | ---- | C] () -- C:\ProgramData\mtbjfghn.xbe
[2011.04.02 11:55:57 | 000,000,000 | ---- | C] () -- C:\Users\----\AppData\Local\prvlcl.dat
[2011.03.06 17:19:43 | 000,007,609 | ---- | C] () -- C:\Users\---\AppData\Local\resmon.resmoncfg
[2011.03.06 07:26:00 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.03.05 03:36:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.04 23:34:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.04 21:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.13 04:03:18 | 000,003,155 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2009.09.30 04:56:14 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2009.07.14 09:47:43 | 003,653,904 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 001,065,404 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,408,752 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,309,630 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,042,208 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.04.23 22:29:16 | 000,189,051 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.01.10 06:44:26 | 001,457,024 | R--- | C] () -- C:\Windows\System32\SSCProt.dll
 
========== LOP Check ==========
 
[2011.12.24 19:04:10 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\.minecraft
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---l\AppData\Roaming\.minecraft server
[2011.09.23 22:55:51 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Audacity
[2011.04.03 13:36:34 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\AVG10
[2011.03.05 20:00:55 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\AVG9
[2011.04.24 17:11:40 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Carambis
[2011.07.22 20:57:33 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DAEMON Tools Lite
[2011.10.24 10:25:38 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DVDVideoSoft
[2011.10.24 10:25:31 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.09 21:18:15 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\ESET
[2011.12.22 08:21:59 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Extras
[2011.08.21 22:26:16 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Firestorm
[2011.10.23 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\FRITZ!
[2011.10.17 21:31:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\GetRightToGo
[2011.12.22 08:22:00 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\java
[2011.11.16 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Kalypso Media
[2011.07.11 16:48:35 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\LolClient
[2011.11.05 17:20:18 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Marine Aquarium 3
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Games
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Portable
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-Server
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\MineCraft-ServerMod
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-SP
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\MineCraft-UserName
[2011.12.24 19:04:06 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Mods
[2011.08.20 13:44:18 | 000,000,000 | ---D | M] -- C:\Users\----\AppData\Roaming\Origin
[2011.09.03 00:37:56 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\PloppSL
[2011.04.14 00:47:05 | 000,000,000 | ---D | M] -- C:\Users\--\AppData\Roaming\SecondLife
[2011.06.24 05:38:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\temp
[2011.03.04 23:34:52 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Tools
[2011.12.25 12:52:06 | 000,000,000 | ---D | M] -- C:\Users----\AppData\Roaming\TS3Client
[2011.03.05 01:03:23 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\TuneUp Software
[2011.11.18 18:59:22 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Ubisoft
[2011.07.13 17:19:57 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\wargaming.net
[2011.09.10 12:19:09 | 000,000,000 | ---D | M] -- C:\Users\---\AppData\Roaming\Wise Disk Cleaner
[2011.12.20 21:40:18 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.24 10:51:20 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.09 06:51:52 | 000,000,000 | ---D | M] -- C:\20a5838adb674a6f18
[2011.03.04 21:52:48 | 000,000,000 | ---D | M] -- C:\ATI
[2011.12.24 21:59:04 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.12.22 07:49:54 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.04 19:21:41 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.24 16:15:44 | 000,000,000 | ---D | M] -- C:\dx 9.26
[2011.07.08 10:37:06 | 000,000,000 | ---D | M] -- C:\e3d9b46ae30f3b9da2837871
[2011.03.05 05:11:47 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.03.04 19:45:34 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.24 19:04:08 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.20 18:25:56 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.04 19:21:41 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.04 19:21:42 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.12.20 22:24:51 | 000,000,000 | ---D | M] -- C:\sh4ldr
[2011.04.18 03:17:59 | 000,000,000 | ---D | M] -- C:\Spiele
[2011.10.19 14:34:34 | 000,000,000 | ---D | M] -- C:\stdtsa
[2011.12.26 00:13:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.09 14:12:14 | 000,000,000 | ---D | M] -- C:\Users
[2011.12.25 12:52:06 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-25 11:56:48
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:8BCF4DE2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
--- --- ---




So hier die Daten von OTL der Rest kommt

Ninimiel1976 26.12.2011 01:46
Hallo
Hier der GMER Log

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-26 01:41:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006c MDT_MD16 rev.08.0
Running: 6dluv4h7.exe; Driver: C:\Users\---\AppData\Local\Temp\axdiikod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAdjustPrivilegesToken [0x9323ADAA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcConnectPort [0x9323CFE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcCreatePort [0x9323D262]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwAlpcSendWaitReceivePort [0x9323D4D8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwClose [0x9323B6BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwConnectPort [0x9323C4F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateEvent [0x9323CA3C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateFile [0x9323B99A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateMutant [0x9323C922]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateNamedPipeFile [0x9323A998]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreatePort [0x9323C7F6]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSection [0x9323AB40]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateSemaphore [0x9323CB5C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThread [0x9323B344]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateThreadEx [0x9323B442]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateUserProcess [0x9323D722]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwCreateWaitablePort [0x9323C88C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDebugActiveProcess [0x9323E24A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDeviceIoControlFile [0x9323BE1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwDuplicateObject [0x9323F458]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwFsControlFile [0x9323BC2A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwLoadDriver [0x9323E33C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwMapViewOfSection [0x9323EAA4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenEvent [0x9323CAD2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenFile [0x9323B740]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenMutant [0x9323C9B2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenProcess [0x9323AFE8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSection [0x9323E83E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenSemaphore [0x9323CBF2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwOpenThread [0x9323AED8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueryDirectoryObject [0x9323D7DC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQuerySection [0x9323EDDE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwQueueApcThread [0x9323E6D0]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplaceKey [0x93239652]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyPort [0x9323CF56]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwReplyWaitReceivePort [0x9323CE1C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRequestWaitReplyPort [0x9323DFE4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwRestoreKey [0x932399CA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwResumeThread [0x9323F2FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSaveKey [0x932395EA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSecureConnectPort [0x9323C238]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetContextThread [0x9323B560]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetInformationToken [0x9323D87E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSecurityObject [0x9323E4DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSetSystemInformation [0x9323EF2E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendProcess [0x9323F020]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSuspendThread [0x9323F15A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwSystemDebugControl [0x9323E16E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateProcess [0x9323B18E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwTerminateThread [0x9323B0E4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwUnmapViewOfSection [0x9323EC82]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)  ZwWriteVirtualMemory [0x9323B27A]

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                          83488369 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                834C1D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10D7                                                    834C8D8C 4 Bytes  [AA, AD, 23, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 10FF                                                    834C8DB4 8 Bytes  CALL E5DFB188
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1143                                                    834C8DF8 4 Bytes  [D8, D4, 23, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 116F                                                    834C8E24 4 Bytes  [BE, B6, 23, 93]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1193                                                    834C8E48 4 Bytes  [F2, C4, 23, 93]
.text          ...                                                                                   
.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                section is writeable [0x8316A300, 0x3B6D8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                section is writeable [0x831AD300, 0x1BEE, 0xE8000020]
PAGE            peauth.sys                                                                            9F818BEC 104 Bytes  JMP A9C46686

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                pffilter.sys
AttachedDevice  \Driver\tdx \Device\Tcp                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

Device          \Driver\ACPI_HAL \Device\00000057                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\tdx \Device\RawIp                                                              kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                 
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC7.00.00.01PROSTATION        A1F9123AB7B9F4AC77F0A2783BDF4417DF360E64C453554EFC9070E08B48035D5F505353D78FDE789F7B349C07FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933BA7FD869164D6794D0D5367B91249CD4FE9231D965C0D21095C5D36DA3C8502F6C47E4FD2B14C18D4353C80589F239E41D66FA4F2CAEB04835621064975799FC0489504B31E973204DC35B0B1C3C0397C43B609023BD8DDAC1C3655AB288A302FE909A6D614509AE70BEC12D0DD59540A22FA96C875943D6ADAC2CE4CBFD2EA73BE4CBEA491C3EA11433D7FC442C4FE3C4B31FA23905F07F53B34014DAEC370E7962F23D9BF7161681DFF883CB3DD0BAA00F12E5BAD1FA4B6CC200687D9D8489DFB89D522F79545BE75A883A511E02348C59D35E35EA88639C1BD055736F1CA0F76B628DFACF03F5D90B6B90A9F30C70C202BA28730A832866CC98C52351CA102E535A4320C36F20CDAF8B69CAFB5DC5E44A2254E6809CAA32404396944AA245D31A21BDDDADA9451DD7D69CCF84273DF448E7E5213246B14DAEC217F473F4E520C0573C1C7D870587693E75F6F0E094DAE4EFD4DC983738E629880E15795CC82A1BA16FE3B42236AD9C38B0243944BDE15F1F0D74BEE9EC94900C33691DB378F1D1A8FD626A565F187E3
Reg            HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL  F29EEFB36EE3A7EAC71627BBBFD71D0C1A4F7C0AE9964138948219B4FA758F93068D0444806386CA7830EDD2A08C395954198EFA4CCEF3231BBF891CFD016BDBA995EFE7060582C292FE4442692D9C2882A0167550707DC5377C342D87EDBC68855ED9CE0B444A697096061127B37F74CE0A4CF2A3113FA2058946780790ADE0C5058ABEE1D16F2AEC02B6D92CCBF90FE66B8A83B97B7B0FA12B16A130EDC93F191C6E119C10E445E93F7A490E550B1E7BCF50CAC6AB5AB5B0989AE1F8C181D3B3A696B3139787CECC409DA324669618C236BF7FC6546693D77E6E831CF9A9BF4E9EB7A5E232112EFBEA0CBD8DC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5CA6A0AC4980AC7933BA7FD869164D6794E95D7D1D1E9C7BFB67492E2E869856A15CA896B2C92A111FEE877D940197A7836D16109584EF17EA4B1EF98BBF23FB2336CF0B72057D3F22B5D6EFC3F6DBD6476340F2230A451573A6BBDADD0749826A0B9CC8342EACD089A33337F7586FD8CA787777F83897A71A8F82D041A2D89D78FAD221A0667D9B747DE795883E2CC468BB2A703C42F4C8947EA5E0C9F935C701070BE8D770C5B9B27192524163FD742EA29B35047DFC34D0D12C94FA1D54BCED96337AEB32F189CA8C25B66229E308DF846

---- Files - GMER 1.0.15 ----

File            C:\ProgramData\IObit\Protected Folder\config.ini                                      88 bytes
File            C:\ProgramData\IObit\Protected Folder\drawposs.db                                      21 bytes
File            C:\ProgramData\IObit\Protected Folder\fstile.cds                                      82 bytes
File            C:\Users\---\Desktop\Danny                                                        0 bytes


---- EOF - GMER 1.0.15 ----
--- --- ---


-------------------------
Ich kann so gut wie keine Sachen runterladen also zum mind keine großeren Datein, er läd dann einfach nicht die Seite zuende.

Leider kenne ich mich auch nicht aus mit Linux und wüßte nicht wie ich es testen soll.

Ich habe in allen Logeinträgen den Username mit --- ausgetauscht, also nicht wundern.


Grüße Ninimiel1976

cosinus 26.12.2011 01:57
Zitat:
Leider kenne ich mich auch nicht aus mit Linux und wüßte nicht wie ich es testen soll.
Einfach davon booten. Wenn es klappt einfach mal so "banale" Sachen wie Surfen, LibreOffice starten usw. mal machen. Dir wird schon was einfallen was so unter Windows nicht (mehr) ging

Ninimiel1976 26.12.2011 02:02
Ok aber gibt es auch die Möglichkeit das ganze ohne zu brennen zu testen, ich habe nämlich keinen Brenner^^
Also vorher lief das System einwandfrei.

Grüße Ninimiel

cosinus 26.12.2011 02:12
Zitat:
Ok aber gibt es auch die Möglichkeit das ganze ohne zu brennen zu testen, ich habe nämlich keinen Brenner^^
Dann musst du einen USB-Stick betanken und zwar so, dass man von diesem ein Linux booten kann. => Live-USB

Ninimiel1976 26.12.2011 02:17
ok also Ubuntu heißt das ja?
Muß ich dann Treiber instalieren oder macht er das wie bei win7 von alleine?

Grüße Ninimiel

Ninimiel1976 26.12.2011 02:19
Naja ich kann es nicht runterladen der Balken läd nur bis zur hälfte, wie bei allen großen Downloads seid neustem.
Kleine Datein gehen ohne Probleme


Grüße

cosinus 26.12.2011 03:57
Na, dann musste wohl oder übel von einem anderen Rechner der ggf. sogar an einem anderen Internetanschluss hängt das Image runterladen. Wir wissen nciht ob es an deinem Rechner liegt oder sogar dein Internetanschluss eine Macke hat. Das sehen wir erst so "richtig" beim Test mit der Live-CD.
Such dir dann einen Rechner der am besten einen Brenner har, eine ISO auf CD brennen ist IMHO unkomplizierter als das betanken eines USB-Sticks.

Ninimiel 26.12.2011 17:21
Hallo
Also bei ubonto kam es zur Fehlermeldung "indows backend object has no attribute iso path"

was bedeutet das^^

Grüße

cosinus 26.12.2011 19:21
Du fummelst mit WUBI rum und genau DAS SOLLTEST DU NICHT machen.
Bitte richtig lesen was ich schreibe.
Lade das Image mit einem Rechner runter, der einen Brenner hat. Dann wird dieses ISO-Image auf CD gebrannt. Von dieser CD wird der Computer gebootet und nicht einfach was unter Windows ausgeführt!


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:10 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131