Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verdacht auf Botnet/Zombie PC

Verdacht auf Botnet/Zombie PC


Log-Analyse und Auswertung: Verdacht auf Botnet/Zombie PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 07.08.2010, 12:03   #1
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Hallo Com ,

Ich habe einen Verdacht das ich in einem Botnetz bin , da meine I-net Geschwindigkeit langsamer geworden ist.
Ich habe schon Kaspersky 2010 durchlaufen lassen 0 Befunde bezüglich eines Botnetz!

Ich habe schon ein HijackThis Logfile erstellt , und würde mich sehr freuen , wenn Ihr mir sagen könntet , ob mein PC infiziert /Oder in einem Botnetz ist

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:42, on 07.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\avmwlanstick\FRITZWLANMini.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\mobsync.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O13 - Gopher Prefix: 
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,avgrsstx.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

--
End of file - 5890 bytes
--- --- ---


MFG

THX im vorraus =D

Alt 07.08.2010, 13:56   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Hallo und


Code:
ATTFilter
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
AVG und KAV vertragen sich nicht zusammen. Ich würde vorschlagen Du deinstallierst AVG und behälst nur Kaspersky.

Bitte danach routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 07.08.2010, 16:19   #3
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Jo Hier ist Malwarebytes
OTL dauert noch etwas!


Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4402

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

07.08.2010 17:05:17
mbam-log-2010-08-07 (17-05-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 302756
Laufzeit: 1 Stunde(n), 44 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Jean-Luc\Downloads\Keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
__________________
Alt 07.08.2010, 16:30   #4
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Hier OTL Extras
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.08.2010 17:26:00 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jean-Luc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,86 Gb Total Space | 38,06 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
Drive D: | 131,93 Gb Total Space | 101,48 Gb Free Space | 76,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHOWIT
Current User Name: Jean-Luc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033942B2-AC8B-4F16-AD0A-9844C99185D9}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{071C84BC-1B80-4045-AE64-36F6FE53C2CA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1BA4A310-34C3-499D-B57D-9538CA1B58E1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{35BDE75F-01AD-4771-8EDA-603EF1510810}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{394778A9-F8A7-4536-875A-DD422EDB1E42}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{6D9309E7-A544-45ED-AE82-C906015A2A74}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{71A8D1F5-45D8-484F-84CB-8F569D1AEFF6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{91F0CD2D-2819-4673-ADF8-E56326860F15}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{A99CAB74-FAAE-4194-B034-B06597793CCF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AAC6F60A-2451-456D-96A6-DB3F5F4399CC}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{D190BC03-7A12-4A62-AB64-B7428DA8A3CB}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{DDC00FA2-95BE-4C7A-B955-ED12B32ACDB1}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{0AA62389-BD17-4CB1-8118-C09F58F86810}C:\users\jean-luc\desktop\universe_mt2\universe_mt2.exe" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\universe_mt2\universe_mt2.exe | 
"TCP Query User{0C4B6EEF-15F2-4E28-BA36-54B6E57C6FCA}D:\metin2de\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\metin2de\metin2\metin2client.bin | 
"TCP Query User{0CBFBD12-89E9-4576-98EF-BDFF16B03153}C:\program files\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"TCP Query User{232E5A57-D44C-497D-9936-0BF27FA42C18}D:\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\metin2\metin2.bin | 
"TCP Query User{29D601C2-D407-4E96-8DE7-F0845F65A5FF}D:\runes of magic\client.exe" = protocol=6 | dir=in | app=d:\runes of magic\client.exe | 
"TCP Query User{2B9C26E5-968E-4489-8DCA-FF09DF8D41C9}D:\imetin\metin23.exe" = protocol=6 | dir=in | app=d:\imetin\metin23.exe | 
"TCP Query User{2ED35CE5-DB70-4D00-9A4D-4D65639E73BC}D:\client_by_profizocker94\metin2.bin" = protocol=6 | dir=in | app=d:\client_by_profizocker94\metin2.bin | 
"TCP Query User{31DC13EE-2A54-4EBE-89CE-5A8C0825EBB3}C:\users\jean-luc\desktop\neuer ordner\metin2client.exe" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\neuer ordner\metin2client.exe | 
"TCP Query User{32F26E63-63C7-455C-B6E0-1E05C37CFD8E}C:\users\jean-luc\desktop\metin2\metin2mod.bin" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\metin2\metin2mod.bin | 
"TCP Query User{411CB047-E6CC-432F-8554-8EC8B2A0C036}D:\cvmt2\metin2client.bin" = protocol=6 | dir=in | app=d:\cvmt2\metin2client.bin | 
"TCP Query User{41B485DE-5567-4B34-9CB9-CD085B16AB50}C:\program files\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files\metin2\metin2.bin | 
"TCP Query User{49CC15FF-2655-4B52-8F1F-3D047914D86A}C:\users\jean-luc\desktop\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\teeworlds_srv.exe | 
"TCP Query User{4B26646A-CC6E-470F-B88E-B4606238C0D1}D:\chengju2\chengju2\mc.exe" = protocol=6 | dir=in | app=d:\chengju2\chengju2\mc.exe | 
"TCP Query User{5D87BC77-F9D2-4976-93A9-5D4D586E34FD}C:\program files\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"TCP Query User{5F995BB4-8815-4809-B632-9C5B1F9E7F35}D:\metin2\metin2client.bin" = protocol=6 | dir=in | app=d:\metin2\metin2client.bin | 
"TCP Query User{68999106-6FA5-47B3-A26D-96BF8D2B279E}D:\mt2sg\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\mt2sg\metin2\metin2.bin | 
"TCP Query User{693B8920-BE59-4B01-98C8-26FE0C44CBA2}D:\imetin\metin2.bin" = protocol=6 | dir=in | app=d:\imetin\metin2.bin | 
"TCP Query User{6B543B2F-19BF-4792-87E5-8AD6D6108984}C:\users\jean-luc\desktop\neuer ordner\metin2client.bin" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\neuer ordner\metin2client.bin | 
"TCP Query User{72A10C45-B88C-46F5-9621-07126AEEE779}D:\cvmt2\mc.exe" = protocol=6 | dir=in | app=d:\cvmt2\mc.exe | 
"TCP Query User{791B05DD-3BBE-4AAD-AB89-F7ECF1D85C95}D:\edgmt2\edgmt2.exe" = protocol=6 | dir=in | app=d:\edgmt2\edgmt2.exe | 
"TCP Query User{890086EF-59D4-466D-B05C-2B7CB9EA7771}C:\users\jean-luc\desktop\funhousemt2\funhousemetin2.exe" = protocol=6 | dir=in | app=c:\users\jean-luc\desktop\funhousemt2\funhousemetin2.exe | 
"TCP Query User{94159CA6-D1C0-4678-90AD-8F6CB139404B}D:\edgmt2\mc.exe" = protocol=6 | dir=in | app=d:\edgmt2\mc.exe | 
"TCP Query User{942BA331-7C77-4D02-BB1F-71B235A503B7}D:\metin2de\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\metin2de\metin2\metin2.bin | 
"TCP Query User{AA2D0488-12C2-4E4B-A9AE-4B3305C8B862}D:\newworld2\metin2\mc.exe" = protocol=6 | dir=in | app=d:\newworld2\metin2\mc.exe | 
"TCP Query User{B329B954-CC74-49D8-9661-CFE9293DD509}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{BE5A82CE-073E-4A69-8DB3-C6DDB7E111EF}D:\daun\metin2\metin2mod.bin" = protocol=6 | dir=in | app=d:\daun\metin2\metin2mod.bin | 
"TCP Query User{C7F2F228-E712-44C5-A087-AB9CFD7AB1D0}D:\newworld2\metin2\metin2.bin" = protocol=6 | dir=in | app=d:\newworld2\metin2\metin2.bin | 
"TCP Query User{C9EA04DC-EFA5-4147-945D-6FE89CE30519}D:\newworld2\metin2\metin.exe" = protocol=6 | dir=in | app=d:\newworld2\metin2\metin.exe | 
"TCP Query User{E4AE91A0-B268-4405-B03E-B3D7875DF2BD}D:\chengju2\chengju2\chengju2.exe" = protocol=6 | dir=in | app=d:\chengju2\chengju2\chengju2.exe | 
"TCP Query User{FEF23231-86D3-42C1-B7D6-428417096354}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{05AD4461-DB1A-4AD4-9057-89AC54AE934B}D:\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\metin2\metin2client.bin | 
"UDP Query User{07FE956E-1C38-4FC1-BE23-66A89EA09009}D:\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\metin2\metin2.bin | 
"UDP Query User{0DAD927C-F0B7-4F82-AA33-5A394035F978}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{176A0A14-958C-4E17-AED5-8B0442D5CC91}C:\users\jean-luc\desktop\universe_mt2\universe_mt2.exe" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\universe_mt2\universe_mt2.exe | 
"UDP Query User{245C758A-9FD5-426D-BADC-6D40088D3F8F}D:\mt2sg\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\mt2sg\metin2\metin2.bin | 
"UDP Query User{31665AC9-0354-4154-A467-8081325A4A0C}D:\edgmt2\mc.exe" = protocol=17 | dir=in | app=d:\edgmt2\mc.exe | 
"UDP Query User{37061551-B9E1-4839-B86D-211F933C8F27}D:\imetin\metin23.exe" = protocol=17 | dir=in | app=d:\imetin\metin23.exe | 
"UDP Query User{53818BA1-214B-47E6-B982-0859BD4910C7}C:\program files\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files\tmnationsforever\tmforever.exe | 
"UDP Query User{5C2ED1FE-4E4F-4529-9760-D1E8320D8454}D:\imetin\metin2.bin" = protocol=17 | dir=in | app=d:\imetin\metin2.bin | 
"UDP Query User{5E3976F5-D0B8-4F43-8CEF-5FA4579F6541}C:\program files\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2.bin | 
"UDP Query User{63749A81-72BF-4F2A-861F-E99E396B922C}D:\chengju2\chengju2\mc.exe" = protocol=17 | dir=in | app=d:\chengju2\chengju2\mc.exe | 
"UDP Query User{67526C23-8839-4DD7-B5E4-6885D05A06F8}C:\program files\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files\metin2\metin2client.bin | 
"UDP Query User{67BAE7DC-4687-4146-B858-DD258E92B99E}C:\users\jean-luc\desktop\neuer ordner\metin2client.bin" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\neuer ordner\metin2client.bin | 
"UDP Query User{69AF5411-B333-488A-9054-3BF9FFB8CC77}C:\users\jean-luc\desktop\neuer ordner\metin2client.exe" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\neuer ordner\metin2client.exe | 
"UDP Query User{74BA3E1A-625A-4E3C-BE6E-79326578C399}D:\newworld2\metin2\metin.exe" = protocol=17 | dir=in | app=d:\newworld2\metin2\metin.exe | 
"UDP Query User{78209781-6280-435C-95D3-31F70FC8A553}D:\cvmt2\mc.exe" = protocol=17 | dir=in | app=d:\cvmt2\mc.exe | 
"UDP Query User{7D53FB64-1E29-4C7B-9561-56F035E7F04C}C:\users\jean-luc\desktop\funhousemt2\funhousemetin2.exe" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\funhousemt2\funhousemetin2.exe | 
"UDP Query User{7F1CE4F7-3711-4E34-B65F-98805D125907}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 
"UDP Query User{808E0A56-2188-4A48-8410-D0901219C214}D:\chengju2\chengju2\chengju2.exe" = protocol=17 | dir=in | app=d:\chengju2\chengju2\chengju2.exe | 
"UDP Query User{8E4A23E8-E8C2-4787-8282-72F69F421F40}D:\newworld2\metin2\mc.exe" = protocol=17 | dir=in | app=d:\newworld2\metin2\mc.exe | 
"UDP Query User{94C392CC-C048-4BC6-87C1-DC247EF3E525}C:\users\jean-luc\desktop\metin2\metin2mod.bin" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\metin2\metin2mod.bin | 
"UDP Query User{B7B4F46C-E42F-4EB4-8516-1E759EC175A8}D:\client_by_profizocker94\metin2.bin" = protocol=17 | dir=in | app=d:\client_by_profizocker94\metin2.bin | 
"UDP Query User{C45B44CE-4932-4079-9A8D-3D592FA42D77}D:\cvmt2\metin2client.bin" = protocol=17 | dir=in | app=d:\cvmt2\metin2client.bin | 
"UDP Query User{D9CE9A4B-AEBB-4878-BA02-4B52658B88B9}D:\metin2de\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\metin2de\metin2\metin2.bin | 
"UDP Query User{DF0CB9D4-0EEC-4EF7-8FD1-FFE6062CFE22}D:\metin2de\metin2\metin2client.bin" = protocol=17 | dir=in | app=d:\metin2de\metin2\metin2client.bin | 
"UDP Query User{DF97745C-6567-41BE-B1FD-E7A733E53E25}C:\users\jean-luc\desktop\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\jean-luc\desktop\teeworlds_srv.exe | 
"UDP Query User{EBB95BA3-1B93-4BE2-AFE6-E428E2F9442D}D:\edgmt2\edgmt2.exe" = protocol=17 | dir=in | app=d:\edgmt2\edgmt2.exe | 
"UDP Query User{EF7B4482-2B4B-479E-AAB0-4C3CE31646CB}D:\daun\metin2\metin2mod.bin" = protocol=17 | dir=in | app=d:\daun\metin2\metin2mod.bin | 
"UDP Query User{FD4FA6FD-86E5-4235-8F95-9411311BB0DA}D:\runes of magic\client.exe" = protocol=17 | dir=in | app=d:\runes of magic\client.exe | 
"UDP Query User{FDC98BEF-EB07-4DA2-9594-818847345C0C}D:\newworld2\metin2\metin2.bin" = protocol=17 | dir=in | app=d:\newworld2\metin2\metin2.bin | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0524D62A-72D6-4D01-B4E8-546BA5B0B9EC}_is1" = eDgMt2 Client 1.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{1F0A73B4-6187-3CE7-B07A-807BC8F28B4F}" = ccc-utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2212E17D-2931-5F26-9213-00EEC82C7EF0}" = ccc-core-static
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{503231D1-3A81-69DC-A95D-5273AB7A1CCC}" = Catalyst Control Center Graphics Previews Vista
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EA5CBF8-DFF4-5C69-9434-F87F8C21293C}" = Catalyst Control Center Graphics Previews Common
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1E480F4-805E-AE2D-5F83-FC7618F47046}" = Catalyst Control Center InstallProxy
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{B883FC57-818A-2C84-34CF-917B3C56C85B}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FD423BBD-8095-D342-F496-59D7C22FD581}" = ATI Catalyst Install Manager
"7-Zip" = 7-Zip 9.15 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 3.0
"GhostMouse 2.0" = GhostMouse 2.0
"HijackThis" = HijackThis 2.0.2
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA Drivers" = NVIDIA Drivers
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 9.0
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Software Informer_is1" = Software Informer 1.0 BETA
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FileZilla Client" = FileZilla Client 3.3.2.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.08.2010 14:50:23 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.08.2010 17:24:09 | Computer Name = Showit | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows.old.000\Program
 Files\Sony\Vegas Pro 9.0\CreateMinidumpx64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.08.2010 17:24:12 | Computer Name = Showit | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows.old.000\Program
 Files\Sony\Vegas Pro 9.0\ErrorReportClient.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.08.2010 17:24:13 | Computer Name = Showit | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows.old.000\Windows\regedit.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.08.2010 17:24:41 | Computer Name = Showit | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows.old.000\Program
 Files\Sony\Vegas Pro 9.0\ApplicationRegistration.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.08.2010 18:09:49 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2010 03:30:21 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2010 07:52:55 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2010 09:02:19 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.08.2010 09:08:43 | Computer Name = Showit | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 05.08.2010 12:47:26 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:47:35 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:47:44 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:47:53 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:48:02 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:48:11 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:48:20 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 05.08.2010 12:48:28 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 06.08.2010 06:09:58 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 06.08.2010 06:10:00 | Computer Name = Showit | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
 
< End of report >
--- --- ---
Alt 07.08.2010, 16:31   #5
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Und hier OTL.txt Text

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.08.2010 17:26:00 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Jean-Luc\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,86 Gb Total Space | 38,06 Gb Free Space | 37,73% Space Free | Partition Type: NTFS
Drive D: | 131,93 Gb Total Space | 101,48 Gb Free Space | 76,92% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SHOWIT
Current User Name: Jean-Luc
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jean-Luc\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jean-Luc\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "youtube.com"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.24 22:46:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.24 22:46:56 | 000,000,000 | ---D | M]
 
[2010.07.02 16:16:44 | 000,000,000 | ---D | M] -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Extensions
[2010.08.06 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Firefox\Profiles\f5qn1jyz.default\extensions
[2010.07.15 15:40:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Firefox\Profiles\f5qn1jyz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.06 13:43:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Firefox\Profiles\f5qn1jyz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.07.24 16:54:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Firefox\Profiles\f5qn1jyz.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.25 11:35:10 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Jean-Luc\AppData\Roaming\mozilla\Firefox\Profiles\f5qn1jyz.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.07.25 11:46:42 | 000,001,819 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Roaming\Mozilla\FireFox\Profiles\f5qn1jyz.default\searchplugins\bing.xml
[2010.07.24 16:54:37 | 000,000,168 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Roaming\Mozilla\FireFox\Profiles\f5qn1jyz.default\searchplugins\icqplugin.gif
[2010.07.24 16:54:37 | 000,000,618 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Roaming\Mozilla\FireFox\Profiles\f5qn1jyz.default\searchplugins\icqplugin.src
[2010.07.31 23:23:15 | 000,001,056 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Roaming\Mozilla\FireFox\Profiles\f5qn1jyz.default\searchplugins\icqplugin.xml
[2010.08.06 22:25:17 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.25 11:38:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.07.06 13:42:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.24 22:46:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.24 22:46:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.24 22:46:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.24 22:46:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.24 22:46:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [fsm]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jean-Luc\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{be9f5254-85e1-11df-8f32-c1326b189de3}\Shell - "" = AutoRun
O33 - MountPoints2\{be9f5254-85e1-11df-8f32-c1326b189de3}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.07 17:20:07 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Jean-Luc\Desktop\OTL.exe
[2010.08.07 15:10:56 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Malwarebytes
[2010.08.07 15:10:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.07 15:10:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.07 15:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.07 15:10:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.07 12:52:49 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.06 22:36:00 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.08.06 22:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010.08.06 22:23:31 | 000,000,000 | ---D | C] -- C:\Programme\AVG
[2010.08.06 18:28:47 | 000,000,000 | ---D | C] -- C:\Programme\Windows Portable Devices
[2010.08.05 07:34:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.08.05 07:34:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.08.05 07:34:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.08.05 07:07:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.08.01 22:35:37 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Documents\ICQ
[2010.07.31 22:32:29 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Metin2
[2010.07.31 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\YangBuggerMuhaxD
[2010.07.31 21:53:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.07.31 21:31:44 | 000,000,000 | ---D | C] -- C:\FR
[2010.07.31 19:53:50 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\FunHouseMt2
[2010.07.31 16:59:16 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Testberichte
[2010.07.31 15:42:47 | 000,000,000 | ---D | C] -- C:\GMouse20
[2010.07.31 15:42:43 | 000,283,648 | ---- | C] (Stirling Technologies, Inc.) -- C:\Windows\uninst.exe
[2010.07.31 15:42:31 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\GhostMouse
[2010.07.31 11:37:23 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.07.31 11:16:22 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\TS3Client
[2010.07.30 20:46:04 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\DivX
[2010.07.30 20:45:54 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.07.30 20:42:34 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.07.30 20:42:14 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.07.28 21:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.07.28 21:04:38 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Documents\TrackMania
[2010.07.28 21:02:33 | 000,000,000 | ---D | C] -- C:\Programme\TmNationsForever
[2010.07.28 18:49:01 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.07.27 13:51:50 | 000,000,000 | -H-D | C] -- C:\Users\Jean-Luc\Documents\Runes of Magic
[2010.07.25 17:07:21 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Software Informer
[2010.07.25 17:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Software Informer
[2010.07.25 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Free Download Manager
[2010.07.25 17:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2010.07.25 17:07:18 | 000,000,000 | ---D | C] -- C:\Programme\Free Download Manager
[2010.07.25 15:50:27 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.07.25 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Neuer Ordner
[2010.07.25 11:36:19 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2010.07.25 11:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.07.25 11:36:08 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.07.25 11:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.07.25 11:35:12 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.07.25 11:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.07.25 11:30:00 | 073,297,904 | ---- | C] (Kaspersky Lab) -- C:\Users\Jean-Luc\Desktop\kav2010_9.0.0.736DE.exe
[2010.07.25 11:22:45 | 000,000,000 | R-SD | C] -- C:\Users\Jean-Luc\Documents\My Stationery
[2010.07.25 11:20:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.07.25 11:20:48 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.07.25 11:20:43 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.07.25 11:20:34 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.07.25 11:20:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.07.25 11:16:16 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.07.25 11:01:53 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Universe_Mt2
[2010.07.24 21:15:27 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Chinazeug
[2010.07.24 18:55:24 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Publish Providers
[2010.07.24 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Sony
[2010.07.24 18:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Local\Sony
[2010.07.24 18:51:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.07.24 18:50:45 | 000,000,000 | ---D | C] -- C:\Programme\Sony
[2010.07.24 16:54:38 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar
[2010.07.24 16:54:37 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2010.07.24 16:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.07.24 16:54:17 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.07.24 14:31:23 | 000,000,000 | ---D | C] -- C:\Programme\teci
[2010.07.24 13:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\Metin2SG_Antiblock_v2
[2010.07.23 19:09:59 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\AppData\Roaming\Teeworlds
[2010.07.23 19:09:16 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\data
[2010.07.23 19:08:15 | 000,000,000 | ---D | C] -- C:\Users\Jean-Luc\Desktop\teeworlds-0.5.2-win32
[2010.07.10 07:37:47 | 000,000,000 | ---D | C] -- C:\Programme\Metin2
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.07 17:28:53 | 001,835,008 | -HS- | M] () -- C:\Users\Jean-Luc\NTUSER.DAT
[2010.08.07 17:20:13 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Jean-Luc\Desktop\OTL.exe
[2010.08.07 17:07:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.07 17:07:10 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.07 17:06:16 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\hbtlxhue.sys
[2010.08.07 16:16:42 | 000,587,654 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.07 16:16:42 | 000,101,726 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.07 16:16:41 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.07 16:16:41 | 000,619,880 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.07 16:16:41 | 000,123,352 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.07 15:07:12 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.07 15:07:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.07 15:07:05 | 3220,402,176 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.07 15:06:08 | 000,065,536 | -HS- | M] () -- C:\Users\Jean-Luc\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.07 15:06:07 | 000,524,288 | -HS- | M] () -- C:\Users\Jean-Luc\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.07 15:05:59 | 002,402,288 | -H-- | M] () -- C:\Users\Jean-Luc\AppData\Local\IconCache.db
[2010.08.07 12:52:51 | 000,001,882 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\HijackThis.lnk
[2010.08.06 23:51:50 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.08.06 23:51:50 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.08.06 18:28:27 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.06 11:21:13 | 000,000,600 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Local\PUTTY.RND
[2010.08.05 07:37:44 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.03 18:10:58 | 000,000,065 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\ErstesPHP.php
[2010.08.02 22:16:59 | 000,000,456 | ---- | M] () -- C:\Users\Public\Desktop\eDgMt2.lnk
[2010.08.01 01:25:24 | 000,010,241 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\uicommon (2).py
[2010.07.31 23:09:39 | 000,000,548 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\AutoF7 - Verknüpfung.lnk
[2010.07.31 20:03:22 | 000,096,309 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\8.JPG
[2010.07.31 20:02:15 | 000,028,170 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Starter.JPG
[2010.07.31 19:25:05 | 000,000,110 | ---- | M] () -- C:\Windows\GMouse.ini
[2010.07.31 17:12:35 | 000,197,064 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\sovielesindonXD.JPG
[2010.07.31 16:57:22 | 000,027,712 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Aufzeichnen.JPG
[2010.07.31 16:46:36 | 000,226,451 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\HüteJuhu.gms
[2010.07.31 11:37:24 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.07.30 20:46:18 | 000,001,405 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\DivX Movies.lnk
[2010.07.29 19:07:22 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.29 19:07:22 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.28 21:04:02 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.07.27 13:50:18 | 000,000,702 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Runes of Magic.lnk
[2010.07.25 21:37:03 | 000,005,120 | ---- | M] () -- C:\Users\Jean-Luc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.25 17:07:20 | 000,000,794 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Free Download Manager.lnk
[2010.07.25 15:50:27 | 000,000,526 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Fraps.lnk
[2010.07.25 11:36:08 | 000,311,312 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.07.25 11:35:02 | 002,696,192 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\softonic-Deutsch.exe
[2010.07.25 11:34:51 | 073,297,904 | ---- | M] (Kaspersky Lab) -- C:\Users\Jean-Luc\Desktop\kav2010_9.0.0.736DE.exe
[2010.07.24 19:49:37 | 014,602,654 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\sq98wkl1rsrf.gif
[2010.07.24 18:55:08 | 000,002,528 | ---- | M] () -- C:\Users\Jean-Luc\Documents\Vegas Pro registrieren.htm
[2010.07.24 18:51:17 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.07.24 17:03:55 | 000,356,205 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\icqnummer.jpg
[2010.07.24 16:54:55 | 000,001,617 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.07.24 14:51:17 | 000,000,566 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Metin2.lnk
[2010.07.18 17:55:38 | 000,000,046 | ---- | M] () -- C:\Users\Jean-Luc\jagex_runescape_preferences.dat
[2010.07.18 17:40:24 | 000,000,099 | ---- | M] () -- C:\Users\Jean-Luc\jagex_runescape_preferences2.dat
[2010.07.18 15:52:23 | 000,386,605 | ---- | M] () -- C:\Users\Jean-Luc\Desktop\Unbenannt.jpg
 
========== Files Created - No Company Name ==========
 
[2010.08.07 17:06:16 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\hbtlxhue.sys
[2010.08.07 12:52:51 | 000,001,882 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\HijackThis.lnk
[2010.08.06 23:51:31 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2010.08.06 23:51:31 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2010.08.06 18:28:27 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010.08.03 18:10:16 | 000,000,065 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\ErstesPHP.php
[2010.08.02 22:16:59 | 000,000,456 | ---- | C] () -- C:\Users\Public\Desktop\eDgMt2.lnk
[2010.08.01 01:22:45 | 000,010,241 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\uicommon (2).py
[2010.07.31 23:09:39 | 000,000,548 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\AutoF7 - Verknüpfung.lnk
[2010.07.31 21:25:56 | 000,002,546 | ---- | C] () -- C:\Metin2 Enptacker Source.au3
[2010.07.31 21:24:52 | 000,282,387 | ---- | C] () -- C:\Metin2 Enptacker.exe
[2010.07.31 20:03:20 | 000,096,309 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\8.JPG
[2010.07.31 20:02:13 | 000,028,170 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Starter.JPG
[2010.07.31 17:12:33 | 000,197,064 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\sovielesindonXD.JPG
[2010.07.31 16:57:19 | 000,027,712 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Aufzeichnen.JPG
[2010.07.31 16:46:36 | 000,226,451 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\HüteJuhu.gms
[2010.07.31 15:43:32 | 000,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.07.31 11:37:24 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.07.30 20:46:18 | 000,001,405 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\DivX Movies.lnk
[2010.07.28 21:04:02 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk
[2010.07.27 13:50:18 | 000,000,702 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Runes of Magic.lnk
[2010.07.25 17:07:20 | 000,000,794 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Free Download Manager.lnk
[2010.07.25 15:50:27 | 000,000,526 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Fraps.lnk
[2010.07.25 11:37:12 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.25 11:37:12 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.25 11:30:00 | 002,696,192 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\softonic-Deutsch.exe
[2010.07.24 19:49:36 | 014,602,654 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\sq98wkl1rsrf.gif
[2010.07.24 18:55:07 | 000,002,528 | ---- | C] () -- C:\Users\Jean-Luc\Documents\Vegas Pro registrieren.htm
[2010.07.24 18:51:17 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\Vegas Pro 9.0.lnk
[2010.07.24 17:03:55 | 000,356,205 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\icqnummer.jpg
[2010.07.24 16:54:55 | 000,001,617 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2010.07.24 14:51:17 | 000,000,566 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Metin2.lnk
[2010.07.23 19:09:16 | 000,664,576 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\teeworlds.exe
[2010.07.23 19:09:16 | 000,401,920 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\teeworlds_srv.exe
[2010.07.23 19:09:16 | 000,321,536 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\SDL.dll
[2010.07.23 19:09:16 | 000,000,036 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\config_directory.bat
[2010.07.18 15:52:23 | 000,386,605 | ---- | C] () -- C:\Users\Jean-Luc\Desktop\Unbenannt.jpg
[2010.07.04 09:31:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.07.02 23:47:27 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2007.07.17 10:22:02 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
--- --- ---


MFG und ein THX im vorraus für die nette Hilfe!


Alt 07.08.2010, 16:36   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Zitat:
C:\Users\Jean-Luc\Downloads\Keygen.exe
Was ist Deine Ausrede für keygen.exe?
__________________
--> Verdacht auf Botnet/Zombie PC

Alt 07.08.2010, 16:39   #7
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Gibt es keine Ausrede , muss ja schließlich ehrlich sein HIER

Alt 07.08.2010, 16:41   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Dann tut es mir sehr Leid, aber wir haben unsere Richtlinien!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.08.2010, 16:47   #9
Showit
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Ok , trotzdem Vielen Dank .

PS : War es nur dieser KeyGen?

Alt 07.08.2010, 16:51   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verdacht auf Botnet/Zombie PC - Standard

Verdacht auf Botnet/Zombie PC


Was keygen.exe, crack.exe und so heißt sind in 99% aller Fälle gefährliche Schädlinge. Es mag Ausnahmen geben, aber die meisten verrichten das was der User will (illegal ein Spiel modifizieren, Kopierschutz umgehen oder illegal einen Key zu generieren) und im Hintergrund findet weder sichtbar noch nachvollziehbar für den Benutzer was anderes statt. Die Möglichkeiten sind fast unbegrenzt. Es kann eine Hintertür installiert werden (für Botnetze), ein Spamrelais oder Keylogger. Dann wundern sich viele warum nach nem crack oder keygen, der Rechner nicht mehr so läuft und Konten "gehackt" wurden, dabei haben sie selbst Schuld
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Verdacht auf Botnet/Zombie PC
0 bytes, avg, avg free, bho, bot, defender, download, e-mail, explorer, firefox, free download, hijack, hijackthis, hijackthis logfile, infiziert, internet, internet explorer, kaspersky, logfile, microsoft, mozilla, pc infiziert, rundll, software, stick, system, tastatur, vista, windows


« PC friert ohne sichtbare Grund ein | Hijack-Logfile auswerten »


Ähnliche Themen: Verdacht auf Botnet/Zombie PC


  1. Zombie news
    Plagegeister aller Art und deren Bekämpfung - 23.03.2015 (7)
  2. Zombie News
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (8)
  3. Windows 7 - Verdacht auf Botnet/Sinkhole Kontakt
    Log-Analyse und Auswertung - 11.01.2015 (24)
  4. Win7 Home Premium - Verdacht Rootkit - Nutzung für Bitcoin-Botnet?
    Log-Analyse und Auswertung - 14.02.2014 (9)
  5. Rmnet.12 - Neues BotNet
    Nachrichten - 21.04.2012 (0)
  6. Botnetz zombie ?
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (35)
  7. Botnet, wie überprüfe ich meinen PC?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (20)
  8. Bin ich ein Zombie in einem Botnet?
    Log-Analyse und Auswertung - 25.02.2011 (8)
  9. BotNet Opfer?
    Plagegeister aller Art und deren Bekämpfung - 11.02.2011 (3)
  10. Das Zombie-Cookie
    Nachrichten - 23.09.2010 (0)
  11. Twitter und der XSS-Zombie
    Nachrichten - 22.09.2010 (0)
  12. Botnet greift SSH-Server an
    Nachrichten - 12.08.2010 (0)
  13. Zombie Rechner ?
    Mülltonne - 31.12.2008 (0)
  14. zombie?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2008 (1)
  15. Glaub hab 'n Zombie-Pc
    Plagegeister aller Art und deren Bekämpfung - 23.10.2007 (1)
  16. Zombie in der Domain?
    Überwachung, Datenschutz und Spam - 16.05.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verdacht auf Botnet/Zombie PC - Hallo Com , Ich habe einen Verdacht das ich in einem Botnetz bin , da meine I-net Geschwindigkeit langsamer geworden ist. Ich habe schon Kaspersky 2010 durchlaufen lassen 0 Befunde - Verdacht auf Botnet/Zombie PC...
Archiv
Du betrachtest: Verdacht auf Botnet/Zombie PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130