| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wlan UnterbrechungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.11.2010, 22:08
| #1 |
| |  Wlan Unterbrechungen Hallo liebe Community, seit ca. 4 Tagen habe ich große Internet Probleme. Am Anfang dachte ich, dass es am Router/Provider liegt. Aber andere in meiner WG haben keine Probleme. Es ist so, dass ich zwar connecten kann, aber es keinen Internetzugriff gibt. Dazwischen habe ich dann wieder für ca 5 Minuten Internet. Ich wollte erst auf einen Wiederherstellungspunkt resetten, aber das lies Windows nicht zu (angeblich sei ein Antivirenprogramm dafür verantwortlich und ich solle das deaktivieren- hat aber nichts genützt.) Mein System: Sony Vaio VGN-FW4 Laptop Windows 7 Ultimate Antivir Windows Firewall Ich hatte Antivir schon einen Systemscan machen lassen - nichts. Ich habe Load runtergeladen und die Anweisungen befolgt. Bei Gmer, gab es jedoch ein Problem. Kurz nachdem ich den Scan gestartet habe: "Gmer.exe funktioniert nicht mehr bla bla" (Appcrash) - und mein erster Bluescreen, der war zu schnell weg, als dass ich da was lesen konnte. Auch bei meinem zweiten Versuch ein crash, aber kein Bluescreen. Die anderen Tools hab ich drüber laufen lassen. Den Beitrag musste ich jetzt sogar von einem anderen PC aus posten,weil einfach gar nichts mehr funktionierte. Vielen Dank im Voraus. Hier die Logs: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5016 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 01.11.2010 20:39:51 mbam-log-2010-11-01 (20-39-51).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 136791 Laufzeit: 6 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) defogger_disable by jpshortstuff (23.02.10.1) Log created at 20:41 on 01/11/2010 (****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. HKCU  AEMON Tools Lite -> RemovedChecking for services/drivers... Unable to read sptd.sys SPTD -> Disabled (Service running -> reboot required) -=E.O.F=- OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.11.2010 21:04:22 - Run 1
Code:
ATTFilter OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Public\Desktop\MFtools Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 198,44 Gb Total Space | 15,26 Gb Free Space | 7,69% Space Free | Partition Type: NTFS Drive D: | 86,74 Gb Total Space | 7,41 Gb Free Space | 8,55% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: **** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [COLOR=navy]========== Processes (SafeList) ========== PRC - [2010.11.01 20:25:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2010.10.06 09:05:23 | 002,969,496 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.08 14:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.10.22 12:09:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2009.10.22 12:09:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.11.21 12:17:02 | 000,017,408 | ---- | M] () -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ========== Modules (SafeList) ========== MOD - [2010.11.01 20:25:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010.09.08 05:28:01 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll ========== Win32 Services (SafeList) ========== SRV - [2010.10.07 09:47:04 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.08 14:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.10.22 12:09:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007.11.21 12:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3) ========== Driver Services (SafeList) ========== DRV - [2010.06.18 17:09:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.05.06 12:58:46 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi) DRV - [2010.05.06 12:58:42 | 000,135,168 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk) DRV - [2010.05.06 12:58:38 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK) DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.10.22 13:55:16 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.10.22 12:09:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.09.21 14:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92) DRV - [2009.07.13 23:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac) DRV - [2009.07.13 23:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA) DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.08.03 04:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP) DRV - [2007.02.16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 50 B5 B9 09 0B CB 01 [binary data] IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {4217f6d7-406e-4b66-856d-d1a373e4f41a}:2.6.42 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 18:39:07 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 18:39:07 | 000,000,000 | ---D | M] [2010.06.14 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.10.31 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions [2010.06.28 16:27:42 | 000,000,000 | ---D | M] (StOgame) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a} [2010.07.01 15:24:39 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.08.27 23:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.01 15:45:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.08.15 16:36:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.15 16:36:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [Steam] c:\spiele\steam\steam.exe (Valve Corporation) O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f0f4aa78-7af3-11df-be1f-002433724ed8}\Shell - "" = AutoRun O33 - MountPoints2\{f0f4aa78-7af3-11df-be1f-002433724ed8}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 0 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010.11.01 20:32:50 | 000,000,000 | ---D | C] -- C:\01.11.2010 [2010.11.01 20:31:38 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.11.01 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.11.01 20:26:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.01 20:26:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.01 20:26:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.01 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.01 20:24:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.10.31 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\INT LAW [2010.10.30 10:37:56 | 000,000,000 | ---D | C] -- C:\Programme\Steinberg [2010.10.24 20:17:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Logitech [2010.10.24 20:17:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Leadertech [2010.10.24 20:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.10.24 20:14:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd [2010.10.24 20:14:43 | 000,000,000 | ---D | C] -- C:\Programme\Logitech [2010.10.24 20:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2010.10.24 15:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive [2010.10.24 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive [2010.10.24 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Sports Interactive [2010.10.24 15:23:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sports Interactive [2010.10.21 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\OneNote-Notizbücher [2010.10.21 03:04:52 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft [2010.10.21 03:04:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment [2010.10.21 03:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment [2010.10.20 11:03:20 | 000,000,000 | ---D | C] -- C:\Games [2010.10.20 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\FIFA 10 [2010.10.19 18:59:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics [2010.10.17 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Sachen von **** [2010.10.17 13:47:46 | 000,000,000 | ---D | C] -- C:\AMD [2010.10.17 01:40:09 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client [2010.10.17 01:11:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Ventrilo [2010.10.17 01:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo [2010.10.16 21:54:23 | 000,348,160 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe [2010.10.16 21:54:23 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe [2010.10.16 21:54:23 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll [2010.10.16 21:54:23 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll [2010.10.16 21:26:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive [2010.10.16 21:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE [2010.10.16 21:23:59 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Eidos [2010.10.16 21:10:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2010.10.08 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Bioshock [2010.10.08 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Bioshock [2010.10.08 19:41:19 | 000,000,000 | RH-D | C] -- C:\Users\****\AppData\Roaming\SecuROM [2010.10.08 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Bioshock [2010.10.06 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\The Lord of the Rings Online [2010.10.06 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\The Lord of the Rings Online [2010.10.06 21:15:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Turbine [2010.10.06 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Turbine [2010.10.06 19:15:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ApplicationHistory [2010.10.06 19:12:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP [2010.10.06 18:42:26 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters [2010.10.06 09:05:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\PMB Files [2010.10.06 09:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2010.10.06 09:05:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks ========== Files - Modified Within 30 Days ========== [2010.11.01 21:03:07 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.11.01 21:03:07 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.11.01 20:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.11.01 20:50:39 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys [2010.11.01 20:41:43 | 000,000,176 | ---- | M] () -- C:\Users\****\defogger_reenable [2010.11.01 20:31:38 | 000,000,894 | ---- | M] () -- C:\Users\****\Desktop\NTREGOPT.lnk [2010.11.01 20:31:38 | 000,000,875 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk [2010.11.01 20:26:19 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.01 20:24:14 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\defogger.exe [2010.11.01 20:24:13 | 000,286,404 | ---- | M] () -- C:\Users\****\Desktop\Gmer.zip [2010.11.01 20:21:30 | 000,471,642 | ---- | M] () -- C:\Users\****\Desktop\Load.exe [2010.10.31 23:19:25 | 000,694,806 | ---- | M] () -- C:\Windows\System32\perfh00C.dat [2010.10.31 23:19:25 | 000,693,840 | ---- | M] () -- C:\Windows\System32\perfh00A.dat [2010.10.31 23:19:25 | 000,691,458 | ---- | M] () -- C:\Windows\System32\perfh013.dat [2010.10.31 23:19:25 | 000,690,234 | ---- | M] () -- C:\Windows\System32\perfh010.dat [2010.10.31 23:19:25 | 000,675,896 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2010.10.31 23:19:25 | 000,654,334 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.10.31 23:19:25 | 000,615,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.10.31 23:19:25 | 000,139,278 | ---- | M] () -- C:\Windows\System32\perfc00A.dat [2010.10.31 23:19:25 | 000,134,528 | ---- | M] () -- C:\Windows\System32\perfc013.dat [2010.10.31 23:19:25 | 000,133,672 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2010.10.31 23:19:25 | 000,131,932 | ---- | M] () -- C:\Windows\System32\perfc00C.dat [2010.10.31 23:19:25 | 000,131,158 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.10.31 23:19:25 | 000,129,054 | ---- | M] () -- C:\Windows\System32\perfc010.dat [2010.10.31 23:19:25 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.10.31 16:47:25 | 000,030,766 | ---- | M] () -- C:\Users\****\Desktop\wow_eu_cd_key_tbc_61178283_JNHCRMLU.jpg [2010.10.31 15:28:15 | 000,434,262 | ---- | M] () -- C:\Users\****\Desktop\Funky.wav.asd [2010.10.31 15:24:59 | 066,546,616 | ---- | M] () -- C:\Users\****\Desktop\Funky.wav [2010.10.26 13:29:32 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.10.25 11:31:34 | 000,700,327 | ---- | M] () -- C:\Users\****\Desktop\201009 Front Office Manual.pdf [2010.10.24 20:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2010.10.24 20:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.10.24 20:16:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf [2010.10.22 19:38:23 | 000,025,136 | ---- | M] () -- C:\Users\****\Desktop\wow_eu_cd_key_36669695_YZMLSCPP.jpg [2010.10.22 17:55:09 | 000,010,613 | ---- | M] () -- C:\Users\****\Desktop\Philosophischer Ansatz zur Spaßsucht.docx [2010.10.21 20:37:37 | 000,941,701 | ---- | M] () -- C:\Users\****\Desktop\*****_1011_M1_MA_*******-****-*****.docx [2010.10.21 18:10:05 | 000,939,923 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment finally !!!!!.docx [2010.10.21 18:05:41 | 000,000,162 | -H-- | M] () -- C:\Users\****\Desktop\~$dule Assignment finally !!!!!.docx [2010.10.21 17:37:38 | 000,951,914 | ---- | M] () -- C:\Users\****\Desktop\Module Assignmentfinal.docx [2010.10.21 17:33:17 | 000,934,983 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment !!!!!.docx [2010.10.20 20:29:56 | 000,595,628 | ---- | M] () -- C:\Users\****\Desktop\Everything.wav.asd [2010.10.20 17:30:33 | 000,937,591 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment.docx [2010.10.20 16:59:55 | 003,994,624 | ---- | M] () -- C:\Users\****\Desktop\Module Ssinment.doc [2010.10.20 16:56:20 | 000,024,586 | ---- | M] () -- C:\Users\****\Desktop\Borislav Modul Assl.docx [2010.10.20 16:48:42 | 009,433,875 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt.psd [2010.10.20 15:47:23 | 034,799,416 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt copy.bmp [2010.10.19 21:15:13 | 000,546,924 | ---- | M] () -- C:\Users\****\Desktop\Lody Module Ass.docx [2010.10.19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Users\****\Desktop\gmer.exe [2010.10.17 17:57:34 | 000,054,784 | ---- | M] () -- C:\Users\****\Desktop\a lack of debt available in the market.doc [2010.10.17 17:57:27 | 000,112,640 | ---- | M] () -- C:\Users\****\Desktop\New Benchmark Options.doc [2010.10.17 16:39:17 | 000,571,844 | ---- | M] () -- C:\Users\****\Desktop\Girls eat cake.wav.asd [2010.10.17 12:00:03 | 000,046,592 | ---- | M] () -- C:\Users\****\Desktop\Necessary steps for a new Housekeeping Plan.doc [2010.10.17 01:10:43 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.07 18:34:14 | 000,017,768 | ---- | M] () -- C:\Users\****\Desktop\Cleaning Plan.docx [2010.10.07 18:20:01 | 000,010,423 | ---- | M] () -- C:\Users\****\Documents\Module Assignment Front Page.docx [2010.10.07 16:53:42 | 002,159,104 | ---- | M] () -- C:\Users\****\Desktop\Types of hotels2 18.06.doc [2010.10.06 19:15:13 | 000,000,094 | ---- | M] () -- C:\Users\****\AppData\Local\fusioncache.dat ========== Files Created - No Company Name ========== [2010.11.01 20:46:29 | 000,294,912 | ---- | C] () -- C:\Users\****\Desktop\gmer.exe [2010.11.01 20:41:34 | 000,000,176 | ---- | C] () -- C:\Users\****\defogger_reenable [2010.11.01 20:31:38 | 000,000,894 | ---- | C] () -- C:\Users\****\Desktop\NTREGOPT.lnk [2010.11.01 20:31:38 | 000,000,875 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk [2010.11.01 20:26:19 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.01 20:24:14 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\defogger.exe [2010.11.01 20:24:08 | 000,286,404 | ---- | C] () -- C:\Users\****\Desktop\Gmer.zip [2010.11.01 20:21:29 | 000,471,642 | ---- | C] () -- C:\Users\****\Desktop\Load.exe [2010.11.01 18:51:12 | 000,001,339 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2010.10.31 16:47:24 | 000,030,766 | ---- | C] () -- C:\Users\****\Desktop\wow_eu_cd_key_tbc_61178283_JNHCRMLU.jpg [2010.10.31 15:28:15 | 000,434,262 | ---- | C] () -- C:\Users\****\Desktop\Funky.wav.asd [2010.10.31 15:24:58 | 066,546,616 | ---- | C] () -- C:\Users\****\Desktop\Funky.wav [2010.10.24 20:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf [2010.10.24 20:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf [2010.10.24 20:16:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf [2010.10.23 16:07:42 | 000,700,327 | ---- | C] () -- C:\Users\****\Desktop\201009 Front Office Manual.pdf [2010.10.22 19:38:21 | 000,025,136 | ---- | C] () -- C:\Users\****\Desktop\wow_eu_cd_key_36669695_YZMLSCPP.jpg [2010.10.22 17:49:59 | 000,010,613 | ---- | C] () -- C:\Users\****\Desktop\Philosophischer Ansatz zur Spaßsucht.docx [2010.10.21 20:37:37 | 000,941,701 | ---- | C] () -- C:\Users\****\Desktop\*****_1011_M1_MA_*******-*****-*****.docx [2010.10.21 18:05:41 | 000,000,162 | -H-- | C] () -- C:\Users\****\Desktop\~$dule Assignment finally !!!!!.docx [2010.10.21 17:33:33 | 000,939,923 | ---- | C] () -- C:\Users\****\Desktop\Module Assignment finally !!!!!.docx [2010.10.21 16:50:17 | 000,934,983 | ---- | C] () -- C:\Users\****\Desktop\Module Assignment !!!!!.docx [2010.10.21 16:22:12 | 000,951,914 | ---- | C] () -- C:\Users\****\Desktop\Module Assignmentfinal.docx [2010.10.20 20:29:56 | 000,595,628 | ---- | C] () -- C:\Users\****\Desktop\Everything.wav.asd [2010.10.20 16:50:25 | 000,024,586 | ---- | C] () -- C:\Users\****\Desktop\Borislav Modul Assl.docx [2010.10.20 15:47:17 | 034,799,416 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt copy.bmp [2010.10.20 14:53:58 | 009,433,875 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt.psd [2010.10.19 19:04:26 | 000,546,924 | ---- | C] () -- C:\Users\****\Desktop\Lody Module Ass.docx [2010.10.17 17:57:18 | 000,054,784 | ---- | C] () -- C:\Users\****\Desktop\a lack of debt available in the market.doc [2010.10.17 17:57:06 | 000,112,640 | ---- | C] () -- C:\Users\****\Desktop\New Benchmark Options.doc [2010.10.17 16:39:17 | 000,571,844 | ---- | C] () -- C:\Users\****\Desktop\Girls eat cake.wav.asd [2010.10.17 12:00:02 | 000,046,592 | ---- | C] () -- C:\Users\****\Desktop\Necessary steps for a new Housekeeping Plan.doc [2010.10.17 01:10:35 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2010.10.16 21:54:23 | 000,018,432 | ---- | C] () -- C:\Windows\atiogl.xml [2010.10.07 18:19:05 | 000,017,768 | ---- | C] () -- C:\Users\****\Desktop\Cleaning Plan.docx [2010.10.07 18:18:55 | 003,994,624 | ---- | C] () -- C:\Users\****\Desktop\Module Ssinment.doc [2010.10.07 16:52:58 | 002,159,104 | ---- | C] () -- C:\Users\****\Desktop\Types of hotels2 18.06.doc [2010.10.07 15:35:11 | 000,010,423 | ---- | C] () -- C:\Users\****\Documents\Module Assignment Front Page.docx [2010.10.06 19:15:13 | 000,000,094 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat [2010.08.15 16:43:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2010.06.15 18:46:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ableton [2010.10.20 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity [2010.10.09 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock [2010.06.18 17:13:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite [2010.08.27 23:08:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers [2010.09.20 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HandBrake [2010.10.15 18:40:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ [2010.10.24 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech [2010.06.26 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien [2010.06.13 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera [2010.10.24 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sports Interactive [2010.10.06 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Turbine [2010.10.16 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent [2010.09.24 19:26:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010.06.14 01:05:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.02.24 20:22:32 | 000,000,750 | ---- | M] () -- C:\deltaStartup.log [2010.11.01 20:50:39 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys [2010.11.01 20:55:13 | 3186,647,040 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009.07.14 02:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2010.04.17 00:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-26 12:25:40 < End of report > Jetzt kann ich doch noch einen log posten, aber nur weil ich GMER manuell gestoppt hat. Das tool bleibt immer bei C:/***/Shadowcopy (vielleicht heißt es auch geringfügig anders) hängen. Also wahrscheinlich hätte das tool noch mehr gefunden, aber weiter kann ich es nicht laufen lassen, sonst crasht das tool oder das ganze system. GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-02 12:17:32
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\uxryqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C57599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C7BF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9183B000, 0x2D556C, 0xE8000020]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A4A3A000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A4A3A123 629 Bytes [55, A3, A4, FE, 05, 34, 55, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A4A3A399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A4A3A3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B A4A3A4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[2916] kernel32.dll!SetUnhandledExceptionFilter 76053162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- EOF - GMER 1.0.15 ----
Es wäre so nett, wenn jemand Hilfe wüsste! |
|
02.11.2010, 15:39
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Wlan Unterbrechungen Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten.
__________________
__________________ |
|
02.11.2010, 16:59
| #3 |
| | Wlan Unterbrechungen Es gibt nur die eine Logdatei. Gefunden im Reiter Logdateien, und sie öffnet sich ja automatisch nach einen scan. Ich habe sicherheitshalber nochmal einen gemacht:
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5016 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.11.2010 16:56:05 mbam-log-2010-11-02 (16-56-05).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 137218 Laufzeit: 6 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
02.11.2010, 17:44
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wlan UnterbrechungenZitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.11.2010, 20:52
| #5 |
| | Wlan Unterbrechungen Bitte :Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 5016 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 02.11.2010 20:48:09 mbam-log-2010-11-02 (20-48-09).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 417260 Laufzeit: 1 Stunde(n), 38 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
03.11.2010, 12:40
| #6 |
| | Wlan Unterbrechungen Hi, ich hatte ja anfangs versucht mein system wieder herzustellen, was ja nicht funktioniert hatte. Ich dachte mir, das daher auch das Problem mit GMER käme, weil er sich ja immer bei Shadowvolume aufhing. Jetzt konnte ich den Wiederherstellungspunkt rückgängig machen, was natürlich meinem Problem weiterhin nicht hilft: Ich habe weiter hin kaum Internet. Bei der Wiederherstlung wurden jetzt ein paar der Tools gelöscht, aber die Scans stehen ja bereits oben. Aber deswegen war auch die Emulierungssoftware Daemon tools wieder aktiv. Ich hoffe wirklich ihr könnt mir helfen! Danke GMER Logfile: Code:
ATTFilter GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-03 12:30:16
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\uxryqpod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C81599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA5F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\Drivers\spie.sys Das System kann den angegebenen Pfad nicht finden. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9183F000, 0x2D556C, 0xE8000020]
.text USBPORT.SYS!DllUnload 91F4ACA0 4 Bytes JMP 86750450
.text a7pac3hs.SYS 92B22000 12 Bytes [44, C8, C0, 82, EE, C6, C0, ...]
.text a7pac3hs.SYS 92B2200D 9 Bytes [A7, C0, 82, 48, CB, C0, 82, ...]
.text a7pac3hs.SYS 92B22017 20 Bytes [00, DE, E7, 11, 8B, E6, E5, ...]
.text a7pac3hs.SYS 92B2202C 149 Bytes [00, 00, 00, 00, D0, C1, C7, ...]
.text a7pac3hs.SYS 92B220C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Pando Networks\Media Booster\PMB.exe[3368] kernel32.dll!SetUnhandledExceptionFilter 771A3162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8554D1F8
Device \Driver\sptd \Device\523065061 spie.sys
Device \Driver\volmgr \Device\VolMgrControl 855481F8
Device \Driver\usbuhci \Device\USBPDO-0 86760500
Device \Driver\usbuhci \Device\USBPDO-1 86760500
Device \Driver\usbuhci \Device\USBPDO-2 86760500
Device \Driver\usbehci \Device\USBPDO-3 85572500
Device \Driver\PCI_PNP3058 \Device\00000054 spie.sys
Device \Driver\usbuhci \Device\USBPDO-4 86760500
Device \Driver\usbuhci \Device\USBPDO-5 86760500
Device \Driver\ACPI_HAL \Device\00000049 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-6 86760500
Device \Driver\volmgr \Device\HarddiskVolume1 855481F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\usbehci \Device\USBPDO-7 85572500
Device \Driver\volmgr \Device\HarddiskVolume2 855481F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\cdrom \Device\CdRom0 855A8500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8554A1F8
Device \Driver\atapi \Device\Ide\IdePort0 8554A1F8
Device \Driver\atapi \Device\Ide\IdePort1 8554A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 8554A1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel0 8554B1F8
Device \Driver\msahci \Device\Ide\PciIde0Channel1 8554B1F8
Device \Driver\cdrom \Device\CdRom1 855A8500
Device \Driver\volmgr \Device\HarddiskVolume3 855481F8
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\NetBT \Device\NetBT_Tcpip_{11064605-D534-4660-8EE6-790A4D410712} 8670C1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8670C1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9631D02B-5D3B-437E-BF19-639231377AD4} 8670C1F8
Device \Driver\usbuhci \Device\USBFDO-0 86760500
Device \Driver\usbuhci \Device\USBFDO-1 86760500
Device \Driver\usbuhci \Device\USBFDO-2 86760500
Device \Driver\usbehci \Device\USBFDO-3 85572500
Device \Driver\usbuhci \Device\USBFDO-4 86760500
Device \Driver\usbuhci \Device\USBFDO-5 86760500
Device \Driver\usbuhci \Device\USBFDO-6 86760500
Device \Driver\usbehci \Device\USBFDO-7 85572500
Device \Driver\a7pac3hs \Device\Scsi\a7pac3hs1 8682F500
Device \Driver\a7pac3hs \Device\Scsi\a7pac3hs1Port2Path0Target0Lun0 8682F500
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433724ed8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433724ed8@701a041dc3a2 0x53 0x74 0xF1 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x6E 0x2A 0xFD ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x9D 0xF6 0xEA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0xA9 0x33 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433724ed8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433724ed8@701a041dc3a2 0x53 0x74 0xF1 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0x92 0xB7 0x4E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x9D 0xF6 0xEA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x32 0xA9 0x33 0x76 ...
---- EOF - GMER 1.0.15 ----
|
|
03.11.2010, 14:07
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Wlan Unterbrechungen Das OTL-Log ist unauffällig. Hast Du irgendwas vor vier tagen gemacht, da funktionierte WLAN ja noch einwandfrei?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Wlan Unterbrechungen |
| 0 bytes, 5 minuten, adobe, anfang, autorun, avgntflt.sys, avira, bho, bluescreen, bonjour, canon, components, conduit, converter, corp./icp, defender, desktop, drahtloses netzwerk, excel.exe, explorer, firefox, fontcache, format, funktioniert nicht mehr, hkcu\~\run values retrieved., infizierte dateien, internet, internet abbruch, langs, laufzeit, location, logfile, malware, mozilla, nvstor.sys, object, oldtimer, otl logfile, pando media booster, programdata, programm, registry, required, searchplugins, security, senden, software, sptd.sys, start menu, system, teamspeak, unterbrechungen, webcheck, windows, wlan |
Linear-Darstellung
