| |
| |||||||
Log-Analyse und Auswertung: Internet wird langsamerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
14.02.2010, 11:05
| #1 |
| |  Internet wird langsamer Hi! Ich habe das Problem, dass mein Internet die ganeze Zeit langsamer wird. Ich hab schon mehrere Virenscanner laufen lassen. Die haben auch ein paar Viren gelöscht. Ich habe aber immer noch das Problem das mein Internet langsam ist Ich hab hier mal ein HijackThis log gemacht. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:45:06, on 14.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Free Download Manager\fdm.exe C:\PROGRA~1\ICQ6.5\ICQ.exe C:\WINDOWS\System32\svchost.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\D-Link AirPlus\AIRPLUS.EXE C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\iTunes\iTunes.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_8\TrayServer.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: D-Link AirPlus Utility.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 8140 bytes  Jidokwan |
|
14.02.2010, 11:21
| #2 | |
 | Internet wird langsamerZitat:
lg. |
|
14.02.2010, 13:30
| #3 |
| | Internet wird langsamer So das hat jetzt ein bisschen gedauert
__________________Code:
ATTFilter Malwarebytes' Anti-Malware 1.44
Datenbank Version: 3737
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
14.02.2010 13:22:25
mbam-log-2010-02-14 (13-22-25).txt
Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 339702
Laufzeit: 1 hour(s), 54 minute(s), 38 second(s)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\David\Anwendungsdaten\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\WINDOWS\system\logg.dat (Backdoor.Bifrose) -> Quarantined and deleted successfully.
|
|
14.02.2010, 13:52
| #4 |
 | Internet wird langsamer Sorry das ich mich einmische ist nur kurz: Bitte folgenden Eintrag im HijackThis fixen: O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Und bitte Internet Explorer 8 herunterladen. Du hast noch den Internet Explorer 6.
__________________ Gruß, sunn  |
|
14.02.2010, 14:59
| #5 |
| | Internet wird langsamer okay hab ich gemacht. warum muss ich da den 8er installieren ? ich benutze Firefox. muss ich ihn trozdem updaten ? |
|
14.02.2010, 15:02
| #6 |
| | Internet wird langsamer Nein musst du nicht aber es wäre besser. Denn einige Programme gehen auch über den Internet Explorer ins Netz ( So ist es bei mir ) obwohl man Firefox als Standart Browser hat. Und in dem Internet Explorer 6 kannst du schnell Viren bekommen. Aber es ist nur ein Tipp! Du kannst es natürlich auch so lassen.
__________________ --> Internet wird langsamer |
|
14.02.2010, 15:18
| #7 | |
| | Internet wird langsamerZitat:
> Bitte ein RSIT log posten und GMER Log. @ sunn. Diese "Fixerei" mit HijackThis ist Quatsch. Hier tut das nichts zur Sache. lg. |
|
14.02.2010, 15:34
| #8 | |
| | Internet wird langsamer Ausserdem: > Suche mal mit der "Windows Suche" nach diesem Begriff: Bifrost. Fünde posten. > Lade dir dieses Tool runter: http://jpshortstuff.247fixes.com/SystemLook.exe Doppelklick auf die exe Datei und kopiere diesen Code in das Fenster: Zitat:
Poste das Log. |
|
14.02.2010, 16:03
| #9 | |
| | Internet wird langsamerZitat:
So und jetzt mische ich mich nicht mehr ein das stört ja nur SORRY
__________________ Gruß, sunn |
|
14.02.2010, 16:12
| #10 | |
| /// Selecta Jahrusso   | OtZitat:
Wer nicht weiß was fixen macht, sollte es auch nicht anweisen bzw wer nicht weis was er da überhaupt fixt, sollte hier mal gar nichts sagen. Wie wärs einfach mal mit ausführlichen Scans und Temp Entleerung? Lange sehe ich nicht mehr zu 
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
14.02.2010, 16:19
| #11 |
| | Internet wird langsamer Ok aber das der Virus den ich hatte bei mir weg war nach dem ich gefixt habe mit HijackThis das stimmt aber.
__________________ Gruß, sunn |
|
14.02.2010, 16:45
| #12 |
| /// Selecta Jahrusso | Internet wird langsamer Du weist nicht was fixen macht oder ? Ich kann dir soviel dazu sagen. Es löscht keine Datein. Diskussion ende
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
14.02.2010, 18:01
| #13 | |
| | Internet wird langsamerZitat:
|
|
14.02.2010, 18:59
| #14 |
| | Internet wird langsamer soooo das hat aber jetzt ewig gedauert des GMER log: Code:
ATTFilter GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2010-02-14 18:53:30
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB42F4C5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB42F4B16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB42F50CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB42F4FF4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB42F46EC]
SSDT spaa.sys ZwEnumerateKey [0xBA6CDDA4]
SSDT spaa.sys ZwEnumerateValueKey [0xBA6CE132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB42F4BF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB42F462C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB42F4690]
SSDT spaa.sys ZwQueryKey [0xBA6CE20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB42F4D10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB42F5198]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB42F4CD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB42F4E50]
INT 0x62 ? 8A256BF8
INT 0x73 ? 89FB8BF8
INT 0x73 ? 89FB8BF8
INT 0x73 ? 89FB8BF8
INT 0x83 ? 8A256BF8
INT 0xB4 ? 89FB8BF8
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB43014FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB4301322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB430145C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP B4301460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP B4301326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP B42FD4BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP B42FE972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP B4301502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? spaa.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B98878AC 5 Bytes JMP 89FB81D8
.text as6djtn6.SYS B912F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text as6djtn6.SYS B912F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text as6djtn6.SYS B912F3C4 3 Bytes [00, 80, 02]
.text as6djtn6.SYS B912F3C9 1 Byte [30]
.text as6djtn6.SYS B912F3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6B6042] spaa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6B613E] spaa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6B60C0] spaa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6B6800] spaa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6B66D6] spaa.sys
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\as6djtn6.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1076] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[1076] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A2551F8
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
Device \FileSystem\Udfs \UdfsCdRom 89CF3500
Device \FileSystem\Udfs \UdfsDisk 89CF3500
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\usbohci \Device\USBPDO-0 89D93500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A1E41F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A1E41F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A1E41F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A1E41F8
Device \Driver\usbehci \Device\USBPDO-1 89D18500
Device \Driver\usbohci \Device\USBPDO-2 89D93500
Device \Driver\usbehci \Device\USBPDO-3 89D18500
Device \Driver\PCI_PNP6028 \Device\00000055 spaa.sys
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{020B9650-5775-4D7E-9AF2-E780C7955230} 89EB9500
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A2571F8
Device \Driver\Cdrom \Device\CdRom0 89E04500
Device \Driver\Cdrom \Device\CdRom1 89E04500
Device \Driver\NetBT \Device\NetBT_Tcpip_{ECE4527D-92CA-44B2-824A-319B52034488} 89EB9500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89EB9500
Device \Driver\NetBT \Device\NetbiosSmb 89EB9500
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
Device \Driver\NetBT \Device\NetBT_Tcpip_{91B314C7-128B-4F55-A4CA-F89178ADB5CE} 89EB9500
Device \Driver\usbohci \Device\USBFDO-0 89D93500
Device \Driver\sptd \Device\2315917278 spaa.sys
Device \Driver\usbehci \Device\USBFDO-1 89D18500
Device \Driver\NetBT \Device\NetBT_Tcpip_{826A3E2A-3E53-40E9-ABA5-827AC03EC29F} 89EB9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89DFB500
Device \Driver\usbohci \Device\USBFDO-2 89D93500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89DFB500
Device \Driver\usbehci \Device\USBFDO-3 89D18500
Device \Driver\Ftdisk \Device\FtControl 8A2571F8
Device \Driver\as6djtn6 \Device\Scsi\as6djtn61 89F031F8
Device \Driver\as6djtn6 \Device\Scsi\as6djtn61Port4Path0Target0Lun0 89F031F8
Device \FileSystem\Cdfs \Cdfs 89E8F1F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x98 0x95 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xFB 0x77 0x15 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0x54 0x6A 0x81 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4D 0x98 0x95 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xBB 0xFB 0x77 0x15 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5E 0x54 0x6A 0x81 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Logfile of random's system information tool 1.06 (written by random/random) Run by David at 2010-02-14 15:31:38 Microsoft Windows XP Professional Service Pack 3 System drive C: has 38 GB (16%) free of 238 GB Total RAM: 1790 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:58, on 14.02.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\Free Download Manager\fdm.exe C:\PROGRA~1\ICQ6.5\ICQ.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\LogMeIn Hamachi\hamachi-2.exe C:\Programme\ICQ6Toolbar\ICQ Service.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\D-Link AirPlus\AIRPLUS.EXE C:\Programme\iPod\bin\iPodService.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\DOKUME~1\David\LOKALE~1\Temp\Blizzard Installer Bootstrap - 005fc025\Installer.exe C:\Dokumente und Einstellungen\David\Desktop\RSIT.exe C:\Programme\Trend Micro\HijackThis\David.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [TrayServer] C:\Programme\MAGIX\Filme_auf_DVD_8\TrayServer.exe O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: D-Link AirPlus Utility.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Programme\LogMeIn Hamachi\hamachi-2.exe O23 - Service: ICQ Service - Unknown owner - C:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 8075 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\GlaryInitialize.job C:\WINDOWS\tasks\Norton Security Scan for David.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] Octh Class - C:\Programme\Orbitdownloader\orbitcth.dll [2009-12-21 240912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}] Winamp Toolbar Loader - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Programme\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Programme\Winamp Toolbar\winamptb.dll [2009-02-19 1262888] {32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [2009-10-30 1019336] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2008-10-25 13574144] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2008-10-25 86016] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "LogitechVideoRepair"=C:\Programme\Logitech\Video\ISStart.exe [2004-02-12 188416] "TrayServer"=C:\Programme\MAGIX\Filme_auf_DVD_8\TrayServer.exe [2008-01-17 90112] "RivaTunerStartupDaemon"=C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe [2009-08-22 2781184] "avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488] "iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-01-22 141608] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Free Download Manager"=C:\Programme\Free Download Manager\fdm.exe [2009-09-14 3698735] "ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe [2009-11-16 172792] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-06-26 25604904] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClamWin] C:\Programme\ClamWin\bin\ClamTray.exe [2009-11-03 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Orbit.lnk] C:\PROGRA~1\ORBITD~1\orbitdm.exe [2009-12-21 1719568] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart D-Link AirPlus Utility.lnk - C:\Programme\D-Link AirPlus\AIRPLUS.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDriveAutorun"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\AVG\AVG8\avgemc.exe"="C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Programme\AVG\AVG8\avgupd.exe"="C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Programme\AVG\AVG8\avgnsx.exe"="C:\Programme\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\World of Warcraft\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe"="C:\Programme\World of Warcraft\WoW-3.0.1-to-3.0.2-deDE-Win-Update-downloader.exe:*:Enabled:Blizzard Downloader" "C:\Programme\World of Warcraft\Launcher.exe"="C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher" "C:\Programme\ICQ6.5\ICQ.exe"="C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\Internet Explorer\iexplore.exe"="C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\Programme\Java\jre6\bin\javaw.exe"="C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Novo's Easy WoW Server\0.2.6\udrive\usr\local\mysql\bin\mysqld-opt.exe"="C:\Programme\Novo's Easy WoW Server\0.2.6\udrive\usr\local\mysql\bin\mysqld-opt.exe:*:Enabled:mysqld-opt" "C:\Programme\Novo's Easy WoW Server\0.2.6\udrive\usr\local\apache2\bin\Apache_16.exe"="C:\Programme\Novo's Easy WoW Server\0.2.6\udrive\usr\local\apache2\bin\Apache_16.exe:*:Enabled:Apache HTTP Server" "C:\Programme\Novo's Easy WoW Server\0.2.6\mangosd.exe"="C:\Programme\Novo's Easy WoW Server\0.2.6\mangosd.exe:*:Enabled:mangosd" "C:\Programme\Mozilla Thunderbird\thunderbird.exe"="C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird" "C:\Programme\eclipse\eclipse.exe"="C:\Programme\eclipse\eclipse.exe:*:Enabled:eclipse" "C:\Programme\Free Download Manager\fdm.exe"="C:\Programme\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager" "C:\Programme\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="C:\Programme\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine" "C:\Programme\Zattoo\zattood.exe"="C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Dokumente und Einstellungen\David\Desktop\racer\racer.exe"="C:\Dokumente und Einstellungen\David\Desktop\racer\racer.exe:*:Enabled:racer" "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32" "C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\UrbanTerror1\ioUrbanTerror.exe"="C:\Programme\UrbanTerror1\ioUrbanTerror.exe:*:Enabled:ioUrbanTerror" "C:\Programme\openarena-0.8.1\openarena.exe"="C:\Programme\openarena-0.8.1\openarena.exe:*:Enabled:openarena" "C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager" "C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi" "C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin" "C:\Programme\Microsoft Games\Age of Empires III\age3.exe"="C:\Programme\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III" "C:\Programme\Orbitdownloader\orbitdm.exe"="C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit" "C:\Programme\Orbitdownloader\orbitnet.exe"="C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit" "C:\Programme\uTorrent\uTorrent.exe"="C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Programme\DNA\btdna.exe"="C:\Programme\DNA\btdna.exe:*:Enabled:DNA" "C:\Dokumente und Einstellungen\David\Eigene Dateien\eclipse\eclipse.exe"="C:\Dokumente und Einstellungen\David\Eigene Dateien\eclipse\eclipse.exe:*:Enabled:eclipse" "C:\Programme\Wolfenstein - Enemy Territory\ET.exe"="C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Programme\Runes of Magic\launcher.exe"="C:\Programme\Runes of Magic\launcher.exe:*:Enabled:BaseUpda Application" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2010-02-14 15:31:38 ----D---- C:\rsit 2010-02-14 11:26:07 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Malwarebytes 2010-02-14 11:26:02 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-02-14 11:26:02 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-02-14 10:44:47 ----D---- C:\Programme\Trend Micro 2010-02-13 23:47:50 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan 2010-02-13 23:47:42 ----D---- C:\Programme\Security Task Manager 2010-02-13 19:56:21 ----A---- C:\WINDOWS\system32\MRT.exe 2010-02-13 11:04:36 ----SHD---- C:\found.001 2010-02-09 18:07:01 ----D---- C:\Programme\Drakensang 2010-02-07 18:39:39 ----A---- C:\WINDOWS\client.config.ini 2010-02-07 14:21:45 ----D---- C:\workspace 2010-02-06 15:09:01 ----D---- C:\Programme\iPod 2010-02-06 15:08:56 ----D---- C:\Programme\iTunes 2010-02-06 11:43:39 ----D---- C:\GAMIGO 2010-01-29 23:57:41 ----A---- C:\WINDOWS\system32\aswBoot.exe 2010-01-29 23:57:25 ----D---- C:\Programme\Alwil Software 2010-01-29 23:57:25 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software 2010-01-23 14:09:37 ----D---- C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2010-01-23 10:18:35 ----D---- C:\Fiaa 2010-01-22 19:53:29 ----D---- C:\Programme\Wolfenstein - Enemy Territory 2010-01-18 15:53:48 ----D---- C:\WINDOWS\pss 2010-01-17 13:04:01 ----D---- C:\Programme\Mozilla Firefox 2010-01-17 12:47:39 ----D---- C:\Programme\VS Revo Group 2010-01-16 12:09:46 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\.clamwin 2010-01-16 12:09:39 ----D---- C:\Programme\ClamWin 2010-01-16 12:03:52 ----D---- C:\Programme\Gemeinsame Dateien\Symantec Shared 2010-01-16 11:59:48 ----D---- C:\Programme\Norton Security Scan 2010-01-16 11:59:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Symantec 2010-01-16 11:59:48 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton 2010-01-16 11:59:44 ----D---- C:\Programme\NortonInstaller 2010-01-16 11:59:44 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NortonInstaller ======List of files/folders modified in the last 1 months====== 2010-02-14 15:31:38 ----D---- C:\WINDOWS\Prefetch 2010-02-14 15:29:27 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Skype 2010-02-14 15:29:21 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Free Download Manager 2010-02-14 15:25:45 ----D---- C:\Programme\Gemeinsame Dateien\Akamai 2010-02-14 15:10:32 ----D---- C:\Programme\World of Warcraft 2010-02-14 15:10:29 ----D---- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment 2010-02-14 14:56:48 ----D---- C:\WINDOWS\system32\CatRoot2 2010-02-14 13:47:11 ----D---- C:\Programme\Mozilla Thunderbird 2010-02-14 13:29:51 ----D---- C:\WINDOWS\system32 2010-02-14 13:29:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-02-14 13:26:13 ----D---- C:\WINDOWS\Temp 2010-02-14 13:24:33 ----D---- C:\WINDOWS\system32\drivers 2010-02-14 13:23:45 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-02-14 13:22:25 ----D---- C:\WINDOWS\system 2010-02-14 13:22:25 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Desktopicon 2010-02-14 11:39:33 ----D---- C:\downloads 2010-02-14 11:26:02 ----D---- C:\Programme 2010-02-14 10:36:50 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\skypePM 2010-02-14 10:17:00 ----D---- C:\WINDOWS 2010-02-14 10:16:20 ----D---- C:\WINDOWS\system32\LogFiles 2010-02-13 19:56:25 ----D---- C:\WINDOWS\Debug 2010-02-13 11:08:07 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\ICQ 2010-02-12 23:59:18 ----D---- C:\DVDVideoSoft 2010-02-12 16:54:42 ----D---- C:\Programme\Runes of Magic 2010-02-12 16:47:03 ----D---- C:\WINDOWS\Minidump 2010-02-11 16:02:10 ----HD---- C:\WINDOWS\inf 2010-02-11 16:02:07 ----HD---- C:\WINDOWS\$hf_mig$ 2010-02-11 16:02:05 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-02-09 18:43:32 ----D---- C:\WINDOWS\system32\DirectX 2010-02-09 18:42:54 ----RSD---- C:\WINDOWS\assembly 2010-02-09 18:20:23 ----HD---- C:\Programme\InstallShield Installation Information 2010-02-06 15:10:40 ----SHD---- C:\WINDOWS\Installer 2010-02-06 15:09:00 ----D---- C:\Programme\Gemeinsame Dateien\Apple 2010-02-05 18:28:38 ----D---- C:\Programme\Gameforge4D 2010-01-30 16:21:57 ----D---- C:\Programme\Gothic III 2010-01-29 23:57:51 ----D---- C:\WINDOWS\WinSxS 2010-01-29 23:52:17 ----SD---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Microsoft 2010-01-26 19:36:58 ----A---- C:\WINDOWS\Goya.INI 2010-01-24 12:24:24 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-23 15:41:46 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Xfire 2010-01-23 15:04:13 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\DNA 2010-01-23 11:16:49 ----D---- C:\Programme\DNA 2010-01-23 11:05:54 ----D---- C:\Programme\Glary Utilities 2010-01-23 10:33:46 ----SD---- C:\WINDOWS\Tasks 2010-01-23 10:23:24 ----D---- C:\Programme\Xfire 2010-01-23 10:10:01 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-01-18 15:53:32 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Orbit 2010-01-18 15:43:49 ----D---- C:\Programme\ICQ6.5 2010-01-17 13:04:19 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\Mozilla 2010-01-17 11:46:46 ----D---- C:\Programme\Microsoft Silverlight 2010-01-16 16:51:11 ----D---- C:\Dokumente und Einstellungen\David\Anwendungsdaten\codeblocks 2010-01-16 14:33:06 ----D---- C:\Programme\openarena-0.8.1 2010-01-16 12:03:52 ----D---- C:\Programme\Gemeinsame Dateien ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-02-11 28880] R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-02-11 162512] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-02-11 46672] R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2009-10-28 116368] R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2009-10-28 41424] R1 WmiAcpi;Microsoft Windows-Verwaltungsschnittstelle für ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 acedrv10;acedrv10; \??\C:\WINDOWS\system32\drivers\acedrv10.sys [] R2 acehlp10;acehlp10; \??\C:\WINDOWS\system32\drivers\acehlp10.sys [] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-02-11 19024] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-02-11 100432] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-30 281760] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-11-28 25888] R3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\System32\DRIVERS\airplus.sys [2002-05-16 64342] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-02-11 23376] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176] R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2008-10-25 6133856] R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\PROGRA~1\D-LINK~1\PCANDIS5.SYS [] R3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys [] R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2007-10-03 102656] R3 usbaudio;USB-Audiotreiber (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2009-10-28 95376] R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [2009-10-28 103888] S3 a3im0dil;a3im0dil; C:\WINDOWS\system32\drivers\a3im0dil.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\DScaler\DSDrv4.sys [] S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys [] S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys [] S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-07-09 15104] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2004-01-21 5915] S3 PID_08A0;Labtec WebCam Pro(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2004-01-21 271360] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 USB28xxBGA;USB 2861 Device; C:\WINDOWS\system32\DRIVERS\emBDA.sys [2008-03-06 530944] S3 USB28xxOEM;USB 28xx OEM Filter; C:\WINDOWS\system32\DRIVERS\emOEM.sys [2007-04-25 45696] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R2 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Programme\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568] R2 ICQ Service;ICQ Service; C:\Programme\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2008-10-25 163908] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-28 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-01-23 214816] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384] R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-01-22 545576] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Programme\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-09-21 3474384] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Code:
ATTFilter SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 15:46 on 14/02/2010 by David (Administrator - Elevation successful)
========== filefind ==========
Searching for "server.exe"
No files found.
Searching for "system.exe "
No files found.
-=End Of File=-
jidokwan |
|
| Themen zu Internet wird langsamer |
| adobe, antivirus, avast, avast!, bho, bonjour, dll, einstellungen, explorer, firefox, free download, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, internet, internet explorer, internet langsam, log, magix, mozilla, mozilla thunderbird, nvidia, plug-in, problem, programme, rundll, scan, software, system, windows, windows xp |
Linear-Darstellung
