| |
| |||||||
Log-Analyse und Auswertung: Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.OWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.01.2011, 11:57
| #1 |
| |  Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O Hallo Liebe Community, nun Poste ich mal ein sehr seltsames Ereigniss. Seit einiger Zeit wenn der Pc etwas länger läuft und ich z.B. Zocke, wird der Bildschirm auf einmal Schwarz, der Pc läuft aber ich kann z.B. im Teamspeak mich nichtmehr mit jemandem unterhalten. Dazu kommt das ich über die Lautsprecher seltsame Geräusche höre. Es hört sich an wie in einer Werkstatt und ein Motorrad fährt ... sehr sehr komisch, da ich kein Video auf dem Rechner habe, in welchem ein Motorrad vorkommt. Zudem geht abundzu Werbung auf. Und BF Bad Commpany 2 stürzt einfach so ab. Ich hoffe ihr könnt mir bei meinem Problem helfen. Vielen dank schonmal im Vorraus!!! Ps: Dazu muss ich sagen ich habe Win 7 32Bit drauf. MBam - Log Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5564
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.01.2011 10:55:37
mbam-log-2011-01-21 (10-55-37).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 142843
Laufzeit: 4 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:01 on 21/01/2011 (Fabian)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Code:
ATTFilter GMER Logfile: OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.01.2011 11:38:48 - Run 1 OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Fabian\Desktop\MFTools An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 74,43 Gb Total Space | 6,70 Gb Free Space | 9,00% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 179,99 Gb Free Space | 60,38% Space Free | Partition Type: NTFS Computer Name: FABI | User Name: Fabian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.01.21 10:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\MFTools\OTL.exe PRC - [2011.01.07 21:06:12 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2010.12.14 14:04:48 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2010.12.12 19:56:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2010.12.12 17:41:23 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.06 13:10:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.06 13:10:53 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.19 18:43:14 | 000,135,168 | ---- | M] () -- C:\Programme\Razer\Copperhead\razerhid.exe PRC - [2009.11.16 13:25:32 | 000,131,072 | ---- | M] () -- C:\Programme\Razer\Copperhead\razertra.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2007.09.20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007.09.13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007.09.13 13:44:48 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe PRC - [2007.07.10 21:19:24 | 001,180,952 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe PRC - [2007.07.10 21:15:14 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\NicConfigSvc.exe PRC - [2007.06.26 16:37:54 | 000,320,784 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe PRC - [2007.06.26 16:37:30 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\LCDMon.exe PRC - [2007.06.26 16:37:18 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe PRC - [2007.06.26 16:36:42 | 000,387,856 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe PRC - [2007.06.26 16:36:32 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe PRC - [2007.04.25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.04.25 12:18:52 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- C:\Programme\Razer\Copperhead\razerofa.exe ========== Modules (SafeList) ========== MOD - [2011.01.21 10:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\MFTools\OTL.exe MOD - [2010.11.04 06:48:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2010.03.25 16:17:22 | 000,159,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806\ATL90.dll MOD - [2010.03.25 10:25:22 | 004,222,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL MOD - [2010.03.25 03:45:24 | 008,945,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office14\1031\GrooveIntlResource.dll MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.06.10 22:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll MOD - [2009.06.10 22:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.14 14:03:16 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2010.12.12 17:41:23 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.06 13:10:53 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.04 19:35:22 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010.11.02 05:36:16 | 000,801,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.06.02 15:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2007.09.20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007.09.13 13:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007.07.10 21:15:14 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc) SRV - [2007.04.25 12:18:56 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV - [2011.01.08 04:27:00 | 010,467,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.12.20 12:28:39 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.29 19:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.11.22 13:33:35 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.22 19:36:45 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.01.01 18:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.11.10 15:50:08 | 000,012,416 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\copperhd.sys -- (UsbFltr) DRV - [2009.08.28 09:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.08.21 05:38:10 | 000,020,480 | ---- | M] (Dell Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\omci.sys -- (OMCI) DRV - [2007.10.10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev) DRV - [2007.09.13 13:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007.06.05 16:57:48 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2007.04.25 12:17:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor) DRV - [2007.03.05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx) DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 19:56:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 14:13:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.12 17:43:15 | 000,000,000 | ---D | M] [2010.02.04 18:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions [2010.02.04 18:58:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.20 12:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.02.04 21:15:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [2010.09.28 10:17:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.22 13:48:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.20 12:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.02.04 21:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.07 23:25:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.04.07 16:29:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.07 16:29:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.07 16:29:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.07 16:29:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.07 16:29:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.06.22 19:51:59 | 000,001,498 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Copperhead] C:\Programme\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe (Logitech Inc.) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{6a6574e9-23ca-11df-8e95-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{6a6574e9-23ca-11df-8e95-00219bec983c}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{7b86f3f9-a48a-11df-9f65-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{7b86f3f9-a48a-11df-9f65-00219bec983c}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\AutoRun\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\configure\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9c8bdd43-7e2d-11df-87ba-00219bec983c}\Shell\install\command - "" = F:\SETUP.EXE O33 - MountPoints2\{9f6a037c-1d68-11e0-9cef-00219bec983c}\Shell - "" = AutoRun O33 - MountPoints2\{9f6a037c-1d68-11e0-9cef-00219bec983c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (autocheck turegopt /AM) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2011.01.21 10:50:45 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.01.21 10:50:14 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2011.01.21 10:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.01.21 10:45:06 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes [2011.01.21 10:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.01.21 10:44:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.01.21 10:44:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.21 10:44:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.01.21 10:44:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.01.21 10:43:05 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\MFTools [2011.01.20 10:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\YxljdvsPl [2011.01.19 23:22:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.19 23:14:26 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.01.18 18:44:21 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2011.01.18 18:44:05 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2011.01.18 18:44:05 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2011.01.18 18:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2011.01.18 18:43:31 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2011 [2011.01.18 18:30:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011.01.17 18:40:38 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\NTA Sem 5 [2011.01.13 09:42:03 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\nHancer [2011.01.13 09:38:18 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2011.01.13 09:34:10 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2011.01.13 09:33:46 | 000,000,000 | ---D | C] -- C:\NVIDIA [2011.01.13 09:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon [2011.01.13 09:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer [2011.01.13 00:38:18 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\PunkBuster [2011.01.13 00:38:04 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\BFBC2 [2011.01.13 00:37:37 | 000,000,000 | RH-D | C] -- C:\Users\Fabian\AppData\Roaming\SecuROM [2011.01.12 16:07:44 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Electronic Arts [2011.01.12 16:07:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2011.01.12 16:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2011.01.12 16:07:24 | 000,000,000 | ---D | C] -- C:\Programme\Electronic Arts [2011.01.12 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Documents\Ea key [2011.01.11 11:22:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\U3 [2011.01.09 22:45:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.01.09 18:55:15 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.01.04 11:45:03 | 000,000,000 | --SD | C] -- C:\Users\Fabian\Documents\Meine Shapes [2011.01.04 10:59:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\.mogwai [2011.01.01 13:42:32 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Avira ========== Files - Modified Within 30 Days ========== [2011.01.21 11:05:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 11:05:04 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 10:58:18 | 000,000,063 | ---- | M] () -- C:\Windows\System32\everest_cpl.ini [2011.01.21 10:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.21 10:56:51 | 000,000,176 | ---- | M] () -- C:\Users\Fabian\defogger_reenable [2011.01.21 10:50:25 | 000,001,078 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.01.21 10:43:20 | 000,296,448 | ---- | M] () -- C:\Users\Fabian\Desktop\g2m3e4r.exe [2011.01.21 10:43:19 | 000,050,477 | ---- | M] () -- C:\Users\Fabian\Desktop\defogger.exe [2011.01.21 10:42:39 | 000,471,612 | ---- | M] () -- C:\Users\Fabian\Desktop\Load.exe [2011.01.20 13:07:41 | 000,138,416 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.20 13:07:36 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.20 11:09:48 | 000,270,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.01.19 23:11:10 | 000,089,214 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.19 23:11:10 | 000,089,214 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.19 12:13:27 | 005,086,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.19 12:13:27 | 001,949,574 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.19 12:13:27 | 001,545,764 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.19 12:13:27 | 001,382,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.15 12:58:33 | 000,000,085 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.01.13 00:35:53 | 000,138,056 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\PnkBstrK.sys [2011.01.13 00:35:17 | 002,434,856 | ---- | M] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.01.12 00:15:42 | 000,199,066 | ---- | M] () -- C:\Users\Fabian\Documents\ts3_clientui-win32-12815-2011-01-12 00_15_39.609203.dmp [2011.01.08 04:27:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll [2011.01.08 04:27:00 | 000,004,756 | ---- | M] () -- C:\Windows\System32\nvinfo.pb [2011.01.04 10:30:43 | 000,000,132 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Adobe PNG Format CS5 Prefs ========== Files Created - No Company Name ========== [2011.01.21 10:56:39 | 000,000,176 | ---- | C] () -- C:\Users\Fabian\defogger_reenable [2011.01.21 10:50:25 | 000,001,078 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2011.01.21 10:43:19 | 000,296,448 | ---- | C] () -- C:\Users\Fabian\Desktop\g2m3e4r.exe [2011.01.21 10:43:19 | 000,050,477 | ---- | C] () -- C:\Users\Fabian\Desktop\defogger.exe [2011.01.21 10:42:34 | 000,471,612 | ---- | C] () -- C:\Users\Fabian\Desktop\Load.exe [2011.01.13 09:34:46 | 000,004,756 | ---- | C] () -- C:\Windows\System32\nvinfo.pb [2011.01.13 00:38:27 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2011.01.13 00:35:53 | 000,138,416 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.13 00:35:53 | 000,138,056 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\PnkBstrK.sys [2011.01.13 00:35:22 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.13 00:35:22 | 000,270,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2011.01.13 00:35:17 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2011.01.13 00:35:17 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.01.12 00:15:39 | 000,199,066 | ---- | C] () -- C:\Users\Fabian\Documents\ts3_clientui-win32-12815-2011-01-12 00_15_39.609203.dmp [2010.11.17 12:26:19 | 000,000,067 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\f54616158.bat [2010.11.17 12:25:30 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.10.25 16:55:17 | 000,000,132 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.10.25 13:50:12 | 000,000,132 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.07.01 12:46:25 | 000,003,584 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.05 10:18:06 | 000,000,063 | ---- | C] () -- C:\Windows\System32\everest_cpl.ini [2010.02.04 21:50:23 | 000,007,603 | ---- | C] () -- C:\Users\Fabian\AppData\Local\Resmon.ResmonCfg [2010.02.04 20:41:18 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2010.02.04 19:06:59 | 000,089,214 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.02.04 19:06:58 | 000,089,214 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys ========== LOP Check ========== [2010.04.25 13:17:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Azureus [2010.06.25 10:06:53 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010.06.22 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DAEMON Tools Lite [2011.01.20 20:32:07 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ [2011.01.13 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\nHancer [2010.07.16 16:21:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenCandy [2010.05.11 20:51:02 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u [2010.09.28 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Subversion [2010.02.04 18:58:39 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Thunderbird [2010.08.12 19:14:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client [2011.01.20 12:27:23 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software [2010.07.16 16:21:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Uniblue [2010.12.16 10:39:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.02.05 09:36:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010.02.05 09:36:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011.01.21 10:57:43 | 2145,452,032 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll [2009.07.14 02:16:18 | 000,489,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-01-21 09:17:45 ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\ICQ:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Public\Documents\Dell Webcam Center:Roxio EMC Stream @Alternate Data Stream - 757 bytes -> C:\Users\Fabian\Documents\Re defekter Artikel.eml:OECustomProperty < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2011 11:38:48 - Run 1
OTL by OldTimer - Version 3.2.20.3 Folder = C:\Users\Fabian\Desktop\MFTools
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,43 Gb Total Space | 6,70 Gb Free Space | 9,00% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 179,99 Gb Free Space | 60,38% Space Free | Partition Type: NTFS
Computer Name: FABI | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Programme\Adobe Photoshop CS5\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CloneDVD2" = CloneDVD2
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Professional 2010
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"f031ef6ac137efc5" = Dell Driver Download Manager
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 19.01.2011 07:13:24 | Computer Name = Fabi | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 188: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 192: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 13:33:24 | Computer Name = Fabi | Source = Bonjour Service | ID = 100
Description = 496: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 13
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 12292
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = VSS | ID = 8193
Description =
Error - 19.01.2011 17:56:31 | Computer Name = Fabi | Source = System Restore | ID = 8193
Description =
[ System Events ]
Error - 21.01.2011 05:10:22 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:17:50 | Computer Name = Fabi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
(Definition 1.97.22.0)
Error - 21.01.2011 05:45:54 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 21.01.2011 05:46:27 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:46:45 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "Dell Energieverwaltung der internen Netzwerkkarte" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 21.01.2011 05:48:16 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 05:57:00 | Computer Name = Fabi | Source = DCOM | ID = 10010
Description =
Error - 21.01.2011 05:57:07 | Computer Name = Fabi | Source = Service Control Manager | ID = 7034
Description = Dienst "Dell Energieverwaltung der internen Netzwerkkarte" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.
Error - 21.01.2011 05:58:31 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 21.01.2011 06:33:09 | Computer Name = Fabi | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
[/CODE] Geändert von Einsa (21.01.2011 um 12:56 Uhr) |
|
21.01.2011, 13:18
| #2 |
| /// Malware-holic   | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O bitte erstelle und poste ein combofix log.
__________________Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ |
|
21.01.2011, 19:30
| #3 | |
| | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.OZitat:
 |
|
28.01.2011, 14:33
| #4 |
| | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O hat wirklich keiner ne Ahnung? |
|
28.01.2011, 15:40
| #5 |
| /// Malware-holic | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O lösche mal combofix.exe lade neu runter, diesmal wie folgt: rechtsklick, ziehl speichern unter, lösche: combofix.exe bei namen. schreibe 2345.com speichere und versuchs noch mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.01.2011, 19:01
| #6 |
| | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O Vielen dank für deine Hilfe markus, es hat so wirklich funktioniert  !!!Und hier is der Combofix Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-01-28.01 - Fabian 28.01.2011 18:47:11.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2046.1123 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Desktop\2345.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-28 ))))))))))))))))))))))))))))))
.
2011-01-28 17:55 . 2011-01-28 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-21 09:45 . 2011-01-21 09:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\Malwarebytes
2011-01-21 09:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 09:44 . 2011-01-21 09:44 -------- d-----w- c:\programdata\Malwarebytes
2011-01-21 09:44 . 2011-01-21 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 09:44 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-20 09:35 . 2011-01-20 09:35 -------- d-----w- c:\programdata\YxljdvsPl
2011-01-19 22:14 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-19 22:14 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-19 22:14 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-19 22:14 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-19 22:14 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-19 22:14 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-19 22:14 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-19 22:14 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-19 22:14 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-19 22:14 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-19 22:14 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-18 17:44 . 2010-12-14 13:05 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-18 17:44 . 2010-12-14 13:00 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-01-18 17:44 . 2010-12-14 13:00 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-18 17:43 . 2011-01-18 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-18 17:30 . 2011-01-18 17:30 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-13 08:42 . 2011-01-13 09:19 -------- d-----w- c:\users\Fabian\AppData\Roaming\nHancer
2011-01-13 08:38 . 2011-01-13 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-13 08:34 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-13 08:34 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-13 08:34 . 2010-10-16 18:55 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-01-13 08:34 . 2011-01-13 08:38 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-13 08:33 . 2011-01-13 08:33 -------- d-----w- C:\NVIDIA
2011-01-13 08:25 . 2011-01-13 08:25 -------- d-----w- c:\programdata\Caphyon
2011-01-13 08:25 . 2011-01-13 08:42 -------- d-----w- c:\programdata\nHancer
2011-01-12 23:38 . 2011-01-25 21:09 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-12 23:38 . 2011-01-12 23:38 -------- d-----w- c:\users\Fabian\AppData\Local\PunkBuster
2011-01-12 23:37 . 2011-01-12 23:37 -------- d--h--r- c:\users\Fabian\AppData\Roaming\SecuROM
2011-01-12 23:35 . 2011-01-25 21:09 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-12 23:35 . 2011-01-12 23:35 138056 ----a-w- c:\users\Fabian\AppData\Roaming\PnkBstrK.sys
2011-01-12 23:35 . 2011-01-25 21:09 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-12 23:35 . 2011-01-24 13:45 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-12 23:35 . 2011-01-13 00:03 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-12 23:35 . 2011-01-12 23:35 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\users\Fabian\AppData\Local\Electronic Arts
2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\programdata\Electronic Arts
2011-01-12 15:07 . 2011-01-12 15:09 -------- d-----w- c:\program files\Electronic Arts
2011-01-11 10:22 . 2011-01-11 10:25 -------- d-----w- c:\users\Fabian\AppData\Roaming\U3
2011-01-09 17:55 . 2011-01-10 12:43 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-04 09:59 . 2011-01-04 09:59 -------- d-----w- c:\users\Fabian\.mogwai
2011-01-01 12:42 . 2011-01-01 12:42 -------- d-----w- c:\users\Fabian\AppData\Roaming\Avira
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-19 22:14 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-02-04 17:45 1965672 ----a-w- c:\windows\system32\nvapi.dll
2010-12-20 11:28 . 2010-02-05 15:21 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-03 21:18 . 2010-11-17 11:26 67 ----a-w- c:\users\Fabian\AppData\Roaming\f54616158.bat
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 12:33 . 2010-02-05 15:21 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-12 17:53 . 2010-09-28 09:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 20:38 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 20:38 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 20:38 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 20:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 20:38 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 20:38 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 20:38 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 20:38 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 20:38 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 20:38 179712 ----a-w- c:\windows\system32\schtasks.exe
2006-06-15 19:33 . 2010-02-04 19:45 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2010-02-04 19:45 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2010-02-04 19:45 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2010-02-04 19:45 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2010-02-04 19:44 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2010-02-04 19:45 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2010-02-04 19:45 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2010-02-04 19:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2010-02-04 19:45 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2010-02-04 19:45 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-06-26 775952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-10 0]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-10 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-22 691696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-10-01 27248]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2009-11-10 12416]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3297774077-2101188014-3693075033-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,4d,8f,b6,27,a1,51,f5,2f,2e,86,c8,76,2f,ec,86,9a,50,a3,1b,01,
90,32,96,59,a8,14,7b,2e,ff,92,a1,91,8b,c6,9e,56,70,26,4c,cf,fe,3b,d3,e4,39,\
"rkeysecu"=hex:16,5b,03,56,6b,32,3d,a9,aa,05,4a,28,78,fb,8b,44
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-28 18:57:42
ComboFix-quarantined-files.txt 2011-01-28 17:57
Vor Suchlauf: 7.562.600.448 Bytes frei
Nach Suchlauf: 7.495.819.264 Bytes frei
- - End Of File - - 60D616F75972953E32AE947B356B7349
|
|
28.01.2011, 19:07
| #7 |
| /// Malware-holic | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O Start programme zubehör editor, kopiere rein: Killall:: Folder:: c:\programdata\YxljdvsPl datei speichern unter, ort dort wo sich das umbenannte combofix befindet, typ alle dateien name cfscript.txt ziehe cfscript auf combofix, programm startet log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
28.01.2011, 22:45
| #8 |
| | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O so hab es mal gemacht hier is die logfile Combofix Logfile: Code:
ATTFilter ComboFix 11-01-28.01 - Fabian 28.01.2011 22:30:16.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.2046.1415 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Desktop\MFTools\2345.exe
Benutzte Befehlsschalter :: c:\users\Fabian\Desktop\MFTools\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\programdata\YxlJdvsPl
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-28 bis 2011-01-28 ))))))))))))))))))))))))))))))
.
2011-01-28 21:38 . 2011-01-28 21:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-28 18:07 . 2011-01-28 18:07 -------- d-----w- c:\program files\iTunes
2011-01-28 18:07 . 2011-01-28 18:07 -------- d-----w- c:\program files\iPod
2011-01-28 17:43 . 2011-01-28 17:57 -------- d-----w- C:\2345
2011-01-28 08:41 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2723D81F-629E-49A5-9483-1F512598271C}\mpengine.dll
2011-01-21 09:45 . 2011-01-21 09:45 -------- d-----w- c:\users\Fabian\AppData\Roaming\Malwarebytes
2011-01-21 09:44 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-21 09:44 . 2011-01-21 09:44 -------- d-----w- c:\programdata\Malwarebytes
2011-01-21 09:44 . 2011-01-21 09:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-21 09:44 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 22:14 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-19 22:14 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-19 22:14 . 2011-01-08 03:27 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-19 22:14 . 2011-01-08 03:27 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-19 22:14 . 2011-01-08 03:27 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-19 22:14 . 2011-01-08 03:27 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-19 22:14 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-19 22:14 . 2011-01-08 03:27 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-19 22:14 . 2011-01-08 03:27 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-19 22:14 . 2011-01-08 03:27 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-19 22:14 . 2011-01-08 03:27 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-18 17:44 . 2010-12-14 13:05 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-01-18 17:44 . 2010-12-14 13:00 21312 ----a-w- c:\windows\system32\authuitu.dll
2011-01-18 17:44 . 2010-12-14 13:00 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-01-18 17:43 . 2011-01-18 17:44 -------- d-----w- c:\program files\TuneUp Utilities 2011
2011-01-18 17:30 . 2011-01-18 17:30 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-01-13 08:42 . 2011-01-13 09:19 -------- d-----w- c:\users\Fabian\AppData\Roaming\nHancer
2011-01-13 08:38 . 2011-01-13 08:38 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-13 08:34 . 2010-10-16 18:55 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2011-01-13 08:34 . 2010-10-16 18:55 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2011-01-13 08:34 . 2010-10-16 18:55 319080 ----a-w- c:\windows\system32\nvdecodemft.dll
2011-01-13 08:34 . 2011-01-13 08:38 -------- d-----w- c:\program files\NVIDIA Corporation
2011-01-13 08:33 . 2011-01-13 08:33 -------- d-----w- C:\NVIDIA
2011-01-13 08:25 . 2011-01-13 08:25 -------- d-----w- c:\programdata\Caphyon
2011-01-13 08:25 . 2011-01-13 08:42 -------- d-----w- c:\programdata\nHancer
2011-01-12 23:38 . 2011-01-25 21:09 270904 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-12 23:38 . 2011-01-12 23:38 -------- d-----w- c:\users\Fabian\AppData\Local\PunkBuster
2011-01-12 23:37 . 2011-01-12 23:37 -------- d--h--r- c:\users\Fabian\AppData\Roaming\SecuROM
2011-01-12 23:35 . 2011-01-25 21:09 138416 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-12 23:35 . 2011-01-12 23:35 138056 ----a-w- c:\users\Fabian\AppData\Roaming\PnkBstrK.sys
2011-01-12 23:35 . 2011-01-25 21:09 270904 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-12 23:35 . 2011-01-24 13:45 270904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-12 23:35 . 2011-01-13 00:03 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-01-12 23:35 . 2011-01-12 23:35 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\users\Fabian\AppData\Local\Electronic Arts
2011-01-12 15:07 . 2011-01-12 15:07 -------- d-----w- c:\programdata\Electronic Arts
2011-01-12 15:07 . 2011-01-12 15:09 -------- d-----w- c:\program files\Electronic Arts
2011-01-11 10:22 . 2011-01-11 10:25 -------- d-----w- c:\users\Fabian\AppData\Roaming\U3
2011-01-09 17:55 . 2011-01-10 12:43 -------- d-----w- c:\program files\Microsoft Silverlight
2011-01-07 20:06 . 2011-01-07 20:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-07 20:06 . 2011-01-07 20:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-07 20:06 . 2011-01-07 20:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-07 20:06 . 2011-01-07 20:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-07 20:06 . 2011-01-07 20:06 288872 ----a-w- c:\windows\system32\nvhotkey.dll
2011-01-07 20:06 . 2011-01-07 20:06 2558568 ----a-w- c:\windows\system32\nvsvcr.dll
2011-01-07 20:06 . 2011-01-07 20:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-04 09:59 . 2011-01-04 09:59 -------- d-----w- c:\users\Fabian\.mogwai
2011-01-01 12:42 . 2011-01-01 12:42 -------- d-----w- c:\users\Fabian\AppData\Roaming\Avira
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2011-01-19 22:14 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-02-04 17:45 1965672 ----a-w- c:\windows\system32\nvapi.dll
2010-12-20 11:28 . 2010-02-05 15:21 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-03 21:18 . 2010-11-17 11:26 67 ----a-w- c:\users\Fabian\AppData\Roaming\f54616158.bat
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 12:33 . 2010-02-05 15:21 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-12 17:53 . 2010-09-28 09:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-04 05:52 . 2010-12-15 20:38 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 20:38 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 20:38 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 20:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 20:38 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 20:38 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 20:38 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 20:38 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 20:38 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 20:38 179712 ----a-w- c:\windows\system32\schtasks.exe
2006-06-15 19:33 . 2010-02-04 19:45 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-25 17:43 . 2010-02-04 19:45 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 . 2010-02-04 19:45 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-06-19 12:10 . 2010-02-04 19:45 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 . 2010-02-04 19:44 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 . 2010-02-04 19:45 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 . 2010-02-04 19:45 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 . 2010-02-04 19:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 . 2010-02-04 19:45 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 . 2010-02-04 19:45 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2011-01-05 133432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2009-11-19 135168]
"Launch LCDMon"="c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe" [2007-06-26 775952]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-04-25 174872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-06 281768]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-10 0]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files\Air Mouse\Air Mouse\Air Mouse.exe [2010-6-27 1018856]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-7-10 1180952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"OEM02Mon.exe"=c:\windows\OEM02Mon.exe
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-22 691696]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-06 135336]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-06-02 246520]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [2009-10-01 27248]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2009-11-10 12416]
--- Andere Dienste/Treiber im Speicher ---
*NewlyCreated* - EVERESTDRIVER
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath -
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-3297774077-2101188014-3693075033-1001\Software\SecuROM\License information*]
"datasecu"=hex:7f,4d,8f,b6,27,a1,51,f5,2f,2e,86,c8,76,2f,ec,86,9a,50,a3,1b,01,
90,32,96,59,a8,14,7b,2e,ff,92,a1,91,8b,c6,9e,56,70,26,4c,cf,fe,3b,d3,e4,39,\
"rkeysecu"=hex:16,5b,03,56,6b,32,3d,a9,aa,05,4a,28,78,fb,8b,44
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\STacSV.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\program files\Lavalys\EVEREST Ultimate Edition\everest.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-01-28 22:43:35 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-01-28 21:43
ComboFix2.txt 2011-01-28 17:57
Vor Suchlauf: 7.161.733.120 Bytes frei
Nach Suchlauf: 7.147.589.632 Bytes frei
- - End Of File - - B723A367ABA34F3F0825192967EB7B1E
|
|
29.01.2011, 12:21
| #9 |
| /// Malware-holic | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O download: http://ad13.geekstogo.com/MBRCheck.exe rechtsklick mbrcheck, als admin ausführen, ein log sollte erstellt werden, diese s posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
29.01.2011, 13:28
| #10 |
| | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O hier ist das log  Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: MXG071
Logical Drives Mask: 0x0000001c
Kernel Drivers (total 174):
0x82C3C000 \SystemRoot\system32\ntkrnlpa.exe
0x82C05000 \SystemRoot\system32\halmacpi.dll
0x80BA6000 \SystemRoot\system32\kdcom.dll
0x8322F000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x832A7000 \SystemRoot\system32\PSHED.dll
0x832B8000 \SystemRoot\system32\BOOTVID.dll
0x832C0000 \SystemRoot\system32\CLFS.SYS
0x83302000 \SystemRoot\system32\CI.dll
0x88A35000 \SystemRoot\system32\drivers\Wdf01000.sys
0x88AA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x88AB4000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x88AFC000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x88B05000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x88B0D000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x88B18000 \SystemRoot\system32\DRIVERS\pci.sys
0x88B42000 \SystemRoot\System32\drivers\partmgr.sys
0x88B53000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x88B5B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x88B66000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x88B76000 \SystemRoot\System32\drivers\volmgrx.sys
0x88BC1000 \SystemRoot\system32\DRIVERS\intelide.sys
0x88BC8000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x88BD6000 \SystemRoot\System32\drivers\mountmgr.sys
0x88C2D000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x88CEB000 \SystemRoot\system32\DRIVERS\atapi.sys
0x88CF4000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x88D17000 \SystemRoot\system32\DRIVERS\msahci.sys
0x88D21000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x88D2A000 \SystemRoot\system32\drivers\fltmgr.sys
0x88D5E000 \SystemRoot\system32\drivers\fileinfo.sys
0x88E20000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88F4F000 \SystemRoot\System32\Drivers\msrpc.sys
0x88F7A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x88F8D000 \SystemRoot\System32\Drivers\cng.sys
0x88FEA000 \SystemRoot\System32\drivers\pcw.sys
0x88E00000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x89003000 \SystemRoot\system32\drivers\ndis.sys
0x890BA000 \SystemRoot\system32\drivers\NETIO.SYS
0x890F8000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8920A000 \SystemRoot\System32\drivers\tcpip.sys
0x89353000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x89384000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8938D000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x893CC000 \SystemRoot\System32\Drivers\spldr.sys
0x8911D000 \SystemRoot\System32\drivers\rdyboost.sys
0x893D4000 \SystemRoot\System32\Drivers\mup.sys
0x893E4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8914A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x893EC000 \SystemRoot\system32\DRIVERS\disk.sys
0x8917C000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8DED7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DEF6000 \SystemRoot\System32\Drivers\Null.SYS
0x8DEFD000 \SystemRoot\System32\Drivers\Beep.SYS
0x8DF04000 \SystemRoot\System32\drivers\vga.sys
0x8DF10000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8DF31000 \SystemRoot\System32\drivers\watchdog.sys
0x8DF3E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8DF46000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8DF4E000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8DF56000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8DF61000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8DF6F000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8DF86000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8DF91000 \SystemRoot\system32\drivers\afd.sys
0x891AE000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8DFEB000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x891E0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8DFF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x88E09000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x88D6F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x88D7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x88DC0000 \SystemRoot\system32\DRIVERS\omci.sys
0x89200000 \SystemRoot\system32\drivers\nsiproxy.sys
0x88DCB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x88FF8000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x88DD5000 \SystemRoot\System32\drivers\discache.sys
0x8EC13000 \SystemRoot\system32\drivers\csc.sys
0x8EC77000 \SystemRoot\System32\Drivers\dfsc.sys
0x8EC8F000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8EC9D000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8ECC3000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8ECC5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8ECE6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90004000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x909FE000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x8ECF8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8EDAF000 \SystemRoot\System32\drivers\dxgmms1.sys
0x8EDE8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x833AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EC00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x88DE1000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F419000 \SystemRoot\system32\DRIVERS\netw5v32.sys
0x8F82C000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8F85B000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8F887000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8F8A0000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x8F8F1000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8F909000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8F940000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8F942000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F94F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8F95C000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8F962000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8F966000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8F96F000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8F97C000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x8F98E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8F9A6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8F9B1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8F9D3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8F400000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x88C00000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8F9EB000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8F9F5000 \SystemRoot\system32\DRIVERS\swenum.sys
0x88A00000 \SystemRoot\system32\DRIVERS\ks.sys
0x88C17000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E82A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E86E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E87F000 \SystemRoot\system32\drivers\stwrt.sys
0x8E8D4000 \SystemRoot\system32\drivers\portcls.sys
0x8E903000 \SystemRoot\system32\drivers\drmk.sys
0x97930000 \SystemRoot\System32\win32k.sys
0x8E91C000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E926000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8E93C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8DE06000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x8E949000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x8E95A000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E965000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E978000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E97F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8E996000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys
0x8E9D0000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys
0x8E9D2000 \SystemRoot\system32\drivers\copperhd.sys
0x8E9D6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E9E1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8E9ED000 \SystemRoot\system32\DRIVERS\monitor.sys
0x97B90000 \SystemRoot\System32\TSDDD.dll
0x97BC0000 \SystemRoot\System32\cdd.dll
0x97800000 \SystemRoot\System32\ATMFD.DLL
0x8E800000 \SystemRoot\system32\drivers\luafv.sys
0x83200000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x83215000 \SystemRoot\system32\drivers\WudfPf.sys
0x8DEC4000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96C0B000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96C51000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96C61000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96C74000 \SystemRoot\system32\drivers\HTTP.sys
0x96CF9000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96D12000 \SystemRoot\System32\drivers\mpsdrv.sys
0x96D24000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x96D47000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x96D82000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F21D000 \SystemRoot\system32\drivers\peauth.sys
0x9F2B4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F2BE000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F2DF000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F2EC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F33B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F38C000 \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
0x9F38D000 \SystemRoot\System32\drivers\rdpdr.sys
0x9F3B2000 \SystemRoot\system32\drivers\tdtcp.sys
0x9F3BC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9F3C9000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9F200000 \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt
0xACA6F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xACAE2000 \SystemRoot\System32\Drivers\usbaapl.sys
0xACAF0000 \SystemRoot\system32\DRIVERS\WinUsb.sys
0xACAF9000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x76DB0000 \Windows\System32\ntdll.dll
0x47F50000 \Windows\System32\smss.exe
0x76FF0000 \Windows\System32\apisetschema.dll
0x003B0000 \Windows\System32\autochk.exe
Processes (total 79):
0 System Idle Process
4 System
300 C:\Windows\System32\smss.exe
400 csrss.exe
468 C:\Windows\System32\wininit.exe
476 csrss.exe
524 C:\Windows\System32\services.exe
540 C:\Windows\System32\lsass.exe
548 C:\Windows\System32\lsm.exe
652 C:\Windows\System32\svchost.exe
732 C:\Windows\System32\nvvsvc.exe
764 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\winlogon.exe
1344 C:\Windows\System32\spoolsv.exe
1372 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1396 C:\Windows\System32\svchost.exe
1492 C:\Windows\System32\AEstSrv.exe
1520 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1564 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1592 C:\Program Files\Bonjour\mDNSResponder.exe
1640 C:\Windows\System32\svchost.exe
1672 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1708 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1716 C:\Windows\System32\conhost.exe
1728 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1800 C:\Windows\System32\PnkBstrA.exe
1892 C:\Windows\System32\stacsv.exe
1948 C:\Windows\System32\svchost.exe
2044 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
348 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
2196 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
2224 C:\Windows\System32\nvvsvc.exe
2232 WmiPrvSE.exe
2404 C:\Windows\System32\taskhost.exe
2504 C:\Windows\System32\dwm.exe
2536 C:\Windows\explorer.exe
2544 C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
2880 C:\Program Files\Razer\Copperhead\razerhid.exe
2952 C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
2972 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3056 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3120 C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
3216 C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe
3236 C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
3300 C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
3496 C:\Windows\System32\svchost.exe
3536 C:\Program Files\iTunes\iTunesHelper.exe
3564 C:\Program Files\Windows Sidebar\sidebar.exe
3608 C:\Program Files\Razer\Copperhead\razertra.exe
3616 C:\Program Files\ICQ7.2\ICQ.exe
3636 C:\Program Files\Razer\Copperhead\razerofa.exe
3864 C:\Windows\System32\taskeng.exe
3944 C:\Program Files\Dell\QuickSet\quickset.exe
3992 C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
2440 WmiPrvSE.exe
2604 C:\Program Files\Windows Media Player\wmpnetwk.exe
3268 C:\Program Files\iPod\bin\iPodService.exe
4760 C:\Windows\System32\svchost.exe
4704 C:\Users\Fabian\AppData\Local\Apps\2.0\V4RC78K7.9AB\LRMC9BJL.NTQ\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe
5000 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
884 C:\Program Files\Mozilla Firefox\firefox.exe
3592 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
5008 WUDFHost.exe
2644 C:\Windows\System32\SearchIndexer.exe
1632 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
4016 C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
5772 C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
4996 C:\Windows\System32\taskhost.exe
5428 C:\Windows\System32\SearchProtocolHost.exe
2524 C:\Windows\System32\SearchFilterHost.exe
3188 dllhost.exe
4260 dllhost.exe
4104 C:\Users\Fabian\Desktop\MBRCheck.exe
4528 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
PhysicalDrive0 Model Number: ST980813AS, Rev: 3.ADC
PhysicalDrive1 Model Number: SAMSUNGHM320JI, Rev: 2SS00_01
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
298 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
|
|
29.01.2011, 13:56
| #11 |
| /// Malware-holic | Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O das problem besteht immernoch nehme ich an? kannst du mit Malwarebytes erst mal nen kompletten scan nach update machen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Schwarzer Bildschirm + PC läuft + im Hintergrund läuft wohl ein Video o.O |
| alternate, askbar, avgntflt.sys, bildschirm, community, corp./icp, document, einfach, einiger, erhalte, excel.exe, fontcache, geräusche, hintergrund, hoffe, iastor.sys, install.exe, komisch, launch, lautsprecher, location, locker, länger, microsoft office word, mozilla thunderbird, ntdll.dll, nvlddmkm.sys, nvstor.sys, oldtimer, pc läuft, plug-in, poste, problem, programdata, rechner, saver, schonmal, schwarz, schwarzer, schwarzer bildschirm, searchplugins, seltsames, shell32.dll, sptd.sys, start menu, stürzt, system restore, teamspeak, video, vlc media player, webcheck, welchem, werbung, werkstatt |
Linear-Darstellung
