|
Plagegeister aller Art und deren Bekämpfung: Botnet, wie überprüfe ich meinen PC?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.04.2011, 18:39 | #1 |
| Botnet, wie überprüfe ich meinen PC? Hallihallo, hab heute einen Beitrag im TV gesehen. Der gibs über diese Botnetze. Habe ehrlich gesagt das erste mal was davon gehört und bin ziemlicher Anfänger auf dem Gebiet Maleware, Viren, Trojaner & Co. Hab mir ein paar Seiten und Threads hier im Forum angeschaut, aber ich konnte da leider nicht viel von verstehen :-( Es fielen immer Wörter wie Exploit, G-Packs, KeyGen, Infect ect. Mein Internet Browser stockt in letzter Zeit öfters mal. Er bleibt einfach ein paar Sekunden im Standbild, das bin ich nicht gewöhnt, auch ist er in letzter Zeit etwas langsam geworden. Also die Finale Frage, wie kann ich meinen PC überprüfen, ob ich einem solchen Botnet unterstellt bin? Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/ Ich bedanke mich im Voraus für hilfreiche Tipps (bitte für Anfänger ) Euer Change |
07.04.2011, 10:43 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Hallo und
__________________Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
08.04.2011, 14:26 | #3 |
| Botnet, wie überprüfe ich meinen PC? Hat nicht vor dir schon jemand nen Post geschrieben? Ist ja fies den einfach zu löschen ^^
__________________Also hier die Logs: Maleware log PHP-Code: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.04.2011 14:53:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\UserXY\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\mIRC\mirc.exe (mIRC Co. Ltd.) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\xampp\xampp-control.exe (Apache Friends) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.03.26 17:08:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.31 22:37:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.31 22:37:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.31 21:12:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 22:37:25 | 000,000,000 | ---D | M] [2010.11.12 22:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions [2011.04.07 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions [2011.03.08 09:57:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.14 00:24:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.05 15:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.31 22:37:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.31 22:37:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ] O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.08 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes [2011.04.08 13:10:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.08 13:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.08 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.08 13:10:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.08 13:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.05 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended [2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended [2011.03.31 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.03.31 22:43:47 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack [2011.03.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\DDMSettings [2011.03.31 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.03.31 22:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.03.31 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\DivX [2011.03.30 21:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.03.30 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.03.30 21:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.03.29 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\vlc [2011.03.29 01:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.29 01:23:38 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.03.26 17:20:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone Mobile Connect [2011.03.26 17:17:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\FLEXnet [2011.03.26 17:10:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone [2011.03.26 17:10:20 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.03.26 17:10:18 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2011.03.26 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Bytemobile [2011.03.26 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011.03.26 17:07:18 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll [2011.03.26 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913} [2011.03.20 02:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Ontrack [2011.03.19 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\SATA Treiber [2011.03.16 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Dokumente [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\mIRC [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Programme\mIRC [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC [2011.03.10 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\FreePDF_XP [2011.03.10 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP [2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF [2011.03.10 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.03.10 18:33:36 | 000,000,000 | ---D | C] -- C:\Programme\gs [2010.12.06 23:09:42 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.12.06 23:09:41 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.04.08 13:03:45 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.08 13:03:44 | 000,666,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.08 13:03:44 | 000,141,546 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.08 13:03:44 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.08 12:58:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job [2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.08 12:57:33 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys [2011.04.07 21:23:38 | 009,307,648 | ---- | M] () -- C:\Users\UserXY\Desktop\GuAH.rar [2011.04.06 22:51:28 | 000,006,452 | ---- | M] () -- C:\Users\UserXY\.recently-used.xbel [2011.04.05 21:47:25 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.05 21:46:19 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.03 22:08:46 | 000,003,862 | ---- | M] () -- C:\Users\UserXY\Desktop\Geburtstag.html [2011.04.03 03:06:46 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Team.html [2011.04.02 22:19:43 | 000,025,140 | ---- | M] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt [2011.04.02 05:28:07 | 000,002,045 | ---- | M] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk [2011.04.02 04:59:18 | 000,001,022 | ---- | M] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk [2011.03.31 20:48:04 | 000,000,369 | ---- | M] () -- C:\Users\UserXY\Desktop\Tickets DB.rtf [2011.03.30 21:08:33 | 000,000,021 | ---- | M] () -- C:\Windows\ø04 [2011.03.29 19:42:15 | 000,006,144 | ---- | M] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.28 22:00:38 | 000,013,422 | ---- | M] () -- C:\Users\UserXY\Desktop\Werbung.ods [2011.03.26 17:07:18 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll [2011.03.19 19:43:06 | 000,005,025 | ---- | M] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf [2011.03.19 17:09:17 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.18 00:43:09 | 000,001,292 | ---- | M] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf [2011.03.17 05:27:11 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf ========== Files Created - No Company Name ========== [2011.04.07 21:23:10 | 009,307,648 | ---- | C] () -- C:\Users\UserXY\Desktop\GuAH.rar [2011.04.07 00:39:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job [2011.04.06 22:51:28 | 000,006,452 | ---- | C] () -- C:\Users\UserXY\.recently-used.xbel [2011.04.02 22:19:42 | 000,025,140 | ---- | C] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt [2011.04.02 04:59:18 | 000,002,045 | ---- | C] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk [2011.04.02 04:59:18 | 000,001,022 | ---- | C] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk [2011.03.31 22:43:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.03.31 22:43:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04 [2011.03.28 20:57:39 | 000,013,422 | ---- | C] () -- C:\Users\UserXY\Desktop\Werbung.ods [2011.03.19 19:43:06 | 000,005,025 | ---- | C] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf [2011.03.18 00:43:09 | 000,001,292 | ---- | C] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf [2011.03.16 19:51:01 | 000,000,421 | ---- | C] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf [2011.03.10 18:34:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.10 18:34:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.01.28 17:46:05 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.28 17:45:55 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.28 17:45:21 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.12.13 14:24:31 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.12.06 23:09:42 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.12.06 23:09:42 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.12.06 23:09:41 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.12.06 23:09:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.12.05 15:33:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.05 03:38:55 | 000,006,144 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.23 18:41:50 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.11.21 17:04:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2010.11.17 19:00:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.11.17 19:00:04 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.14 18:53:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.11.14 18:53:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.11.12 21:49:39 | 000,000,680 | ---- | C] () -- C:\Users\UserXY\AppData\Local\d3d9caps.dat [2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.01.21 09:15:58 | 000,666,108 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,141,546 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,253,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > OTL Log Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.04.2011 14:53:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\UserXY\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{082057E1-DA2A-4851-988D-2E02C82A61FC}" = lport=137 | protocol=17 | dir=in | app=system | "{085ABB05-D427-445F-88AF-5885142FA378}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{195668FE-0AFF-4DB2-86A7-89A346F10C38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2C54D6E6-8FEE-4F4A-9224-2AA06FC24203}" = rport=138 | protocol=17 | dir=out | app=system | "{317AAA2A-006B-49D1-B134-6E4CB3385BC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{35F15898-9B3E-4274-8AE9-CBB711AF420D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{410549BA-C46D-4EB1-9EF4-99DFBEA384B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{51D95E50-48EF-41CC-AA40-F09713A590F8}" = lport=139 | protocol=6 | dir=in | app=system | "{62092309-4945-4F07-B28A-A7C206BB06BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71488D49-8D57-45EA-AF79-720FFA1557AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{7DC38869-D686-488F-9F65-8E02AE621005}" = rport=139 | protocol=6 | dir=out | app=system | "{836476F3-4A08-49AE-A9DE-185DC8F1CD66}" = rport=137 | protocol=17 | dir=out | app=system | "{9D16125D-AFEF-4687-B4E2-B4BF846720A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{BCCAE36C-FEC0-4A39-A6C7-BFFFA0AEDE2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D1831A9F-DB0D-48B2-B585-B0CE700325A5}" = lport=445 | protocol=6 | dir=in | app=system | "{E6344D9A-75FD-4F90-BA1D-DF7BD1B58CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EDE86F30-7567-4E89-BD88-3359EDF83FE5}" = rport=445 | protocol=6 | dir=out | app=system | "{F048EA16-D3D8-4B37-A175-2A77C2687A92}" = lport=138 | protocol=17 | dir=in | app=system | "{F56D6BE4-37C7-431E-84A1-14390E7CA0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{18A121F3-2C46-4C1A-BF84-D2F95D9E6441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{20D44E87-FF81-460E-AEC4-30E44858EBF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3905CB25-C78D-488A-9E80-2B44898757F5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{3B7EB9F6-29B7-42D9-80A8-3C8B6D9922FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{44395975-C19E-4884-9D62-13723227A96A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{566F4F0F-E2F3-4A2E-A42D-17BECCA37CA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7C06B76E-FC2E-4D86-88BA-7454C66DD4D8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{8A31DA49-E7C2-4E51-A068-CC0332B8C2FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{91BEC9BA-706F-4520-A4BF-C11804050734}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{99E5BAD5-15DF-4BFF-A5FE-C85833A5124D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A13B0100-F471-452E-8161-D7EBD3B85FAD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{A55B93E2-F95F-4D94-9496-0271AEC5F240}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{B352AD18-7473-48A8-91B1-A1BED7889219}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{C9BDFEC7-A8B3-4149-93ED-4D643E8D588A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "{D2CFEF35-E009-4B6C-B934-32EAFBD2F115}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | "{EEBB4BBB-98B5-46E4-9E65-EE9B50E8025D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F0FC704B-ABEC-4F4D-884B-FBBAA49A487D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | "{F32B80AD-1024-4021-8731-4EAC57D4F431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | "TCP Query User{0915FD88-778B-432D-89BF-E4FD32A0F1BF}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe | "TCP Query User{2EC893D1-D51E-4D23-B962-F6194A048EB4}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe | "TCP Query User{3676B3FD-EE92-401A-AD98-5E5A6E94EA93}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe | "TCP Query User{41BF4A2A-7EDD-49F2-9EAC-17FC445D69C6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe | "TCP Query User{45500023-0036-4DA3-B78F-3A774D5AE7D7}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe | "TCP Query User{497DCF11-B305-41B3-A76C-8BD710C3D788}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{50AAD46C-C652-4991-91EF-196A0AF998C6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe | "TCP Query User{62CE1318-260F-4C3D-ADB1-BD5CB111598E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "TCP Query User{73805122-F62E-4850-BD91-E255465048C2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe | "TCP Query User{7F0E4E5B-BA5F-4E8A-B0FE-958756B73563}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{8DD3A72E-F650-4F7A-9960-2F5A2046D664}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe | "TCP Query User{8F43AB5B-0F0E-45F3-9245-63054D4E3827}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "TCP Query User{946907A8-0B09-4FE4-9DAC-842C1818B14E}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe | "TCP Query User{9BD4BDCE-0B4F-4267-8B10-A806071F542E}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | "TCP Query User{A11562F4-F346-4B91-A5EE-33C65A9D7E27}C:\program files\tswebeditor\tswebeditor.exe" = protocol=6 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe | "TCP Query User{C5B0937B-5D7A-4288-9055-F2BCC74BBDC2}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe | "TCP Query User{D1B511A2-C11A-44C1-A058-A4C6C52406E8}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe | "TCP Query User{D924792E-5E81-4646-87A3-7C7D27EFB058}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "UDP Query User{08718B93-277E-42CA-8529-C9AC14F04FC2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe | "UDP Query User{0F951912-372E-4EA9-8C13-D4AB69ABB10B}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{2A53B9AD-2F81-42FE-BB6E-4889E8C81575}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe | "UDP Query User{4BD0F880-ED4E-4B61-A661-94DCF2945FB6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe | "UDP Query User{4C728C08-5E01-46CC-B2B0-DAE936FB3C77}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe | "UDP Query User{5824E21F-8453-45C4-9E0A-17A797E11B89}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe | "UDP Query User{77215D82-E1F6-456F-BF44-9C922816922F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | "UDP Query User{8A25C818-1C5F-41B9-8702-F0CD6B9400A6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe | "UDP Query User{8C2FA855-BED0-424F-9B1B-D30C0C9DAF96}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | "UDP Query User{97B62570-DD02-4961-89B5-00233035892C}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe | "UDP Query User{A1CD3481-586B-40DB-B9DA-21730BBCE276}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe | "UDP Query User{B0C4FA83-D395-4B51-9D63-B4E77C7F0F50}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | "UDP Query User{B839EF48-9CAA-418C-9553-CB1B9CFA4F20}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe | "UDP Query User{C2A885AC-4463-44C6-BC64-F8710030128C}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe | "UDP Query User{CAC51CF5-3558-4E61-9E03-DA633AC7A79E}C:\program files\tswebeditor\tswebeditor.exe" = protocol=17 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe | "UDP Query User{DB253A1D-37AC-4E69-8428-0009D14E729A}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe | "UDP Query User{DBDFDFAD-82A9-402F-B98C-C6FA8BE52FD3}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | "UDP Query User{E910EBD3-1AD2-44B6-BF33-282591AB7977}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software "{29805E39-651D-483D-85DA-A818AE4B1D96}" = World of Warcraft Model Viewer 32-bit "{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920 "{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam "{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces "{58E5BB82-338B-4A48-B1BE-F8BE30F615EC}_is1" = Hyrule City 1.1 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite "{7B63B2922B174135AFC0E1377DD81EC2}" = "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air "{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch "{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit) "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Allied Intent Xtended" = Allied Intent Xtended 2.0 "AutoHotkey" = AutoHotkey 1.0.48.05.L61 "AutoItv3" = AutoIt v3.3.6.1 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Content Uploader" = DivX Content Uploader "DivX Setup.divx.com" = DivX-Setup "FileZilla Client" = FileZilla Client 3.3.4.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305 "FreePDF_XP" = FreePDF (Remove only) "Geany" = Geany 0.19.1 "GPL Ghostscript 9.01" = GPL Ghostscript 9.01 "Hamachi" = Hamachi 1.0.3.0 "InstallShield_{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "mIRC" = mIRC "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Revo Uninstaller" = Revo Uninstaller 1.91 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "TeamSpeak 3 Client" = TeamSpeak 3 Client "Uninstall_is1" = Uninstall 1.0.0.1 "VLC media player" = VLC media player 1.1.8 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 05.04.2011 16:14:22 | Computer Name = UserXY-LT | Source = VSS | ID = 8194 Description = Error - 06.04.2011 14:23:26 | Computer Name = UserXY-LT | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 06.04.2011 14:23:27 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10 Description = Error - 06.04.2011 21:27:01 | Computer Name = UserXY-LT | Source = VMCService | ID = 0 Description = GetProcessOwner Error - 07.04.2011 05:14:48 | Computer Name = UserXY-LT | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 07.04.2011 05:14:52 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10 Description = Error - 07.04.2011 12:18:04 | Computer Name = UserXY-LT | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 07.04.2011 12:18:06 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10 Description = Error - 08.04.2011 06:57:54 | Computer Name = UserXY-LT | Source = VMCService | ID = 0 Description = conflictManagerTypeValue Error - 08.04.2011 06:57:55 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 16.01.2011 12:31:28 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016 Description = Error - 16.01.2011 12:31:43 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000 Description = Error - 16.01.2011 12:34:27 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.178.29 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 17.01.2011 08:39:17 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016 Description = Error - 17.01.2011 08:39:25 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse 0016EAD0C51E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 17.01.2011 08:39:31 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000 Description = Error - 18.01.2011 07:58:23 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016 Description = Error - 18.01.2011 07:58:35 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000 Description = Error - 19.01.2011 07:48:57 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016 Description = Error - 19.01.2011 07:49:20 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000 Description = < End of report > Vielen Dank, Change :-) |
08.04.2011, 14:57 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 15:05 | #5 |
| Botnet, wie überprüfe ich meinen PC? Nein, da steht nur dieser den ich angegeben habe! Das mit den Hängern manchmal wird immer schlimmer....dann tut sich 10 sec manchmal garnichts! Liebe Grüße, Change |
08.04.2011, 15:14 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL [2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ] O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found :Commands [purity] [resethosts] [emptytemp] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Botnet, wie überprüfe ich meinen PC? |
08.04.2011, 16:35 | #7 |
| Botnet, wie überprüfe ich meinen PC? Was wird denn gefixt? Gibts ein Problem mit meinem Computer? Irgendwas kaputt? Liebe Grüße, Change |
08.04.2011, 17:50 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Wenn man dir hier helfen soll, muss du schon den Helfern vertrauen. Soll ich dir jetzt jede Zeile des Scriptes erklären bis du es verstanden hast oder willst du schnell und einfach Windows wieder auf Vordermann bringen?
__________________ Logfiles bitte immer in CODE-Tags posten |
08.04.2011, 18:48 | #9 |
| Botnet, wie überprüfe ich meinen PC? Ganz ehrlich? Ich vertraue euch, das ist keine Frage. Aber ich bin jemand der nicht einfach gesagt bekommen möchte was er machen soll, ich möchte lernen. Ich möchte wissen was nicht stimmt und lernen diese Probleme zu lösen. Ich halte wenig von Leuten die ins Forum posten was muss ich tun und dann einfach stupide das tun was gesagt wird. Ich hinterfrage nicht mangels fehlendem Vertrauen sondern mangels fehlendem Wissen. Aber ist ja gut, dann werde ich es eben so ausführen. Danke :-) Liebe Grüße, Change |
12.04.2011, 14:45 | #10 |
| Botnet, wie überprüfe ich meinen PC? Also, habe nun den Fix mal durchgespielt, scheinen ein zwei Problemchen bei aufgetreten zu sein: Code:
ATTFilter All processes killed ========== OTL ========== C:\Windows\ø04 moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. File not found. File D:\Autorun.exe not found. File move failed. D:\autorun.inf scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found. File F:\Install.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found. File D:\Autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found. File F:\setup_vmc_lite.exe /checkApplicationPresence not found. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Jonas ->Temp folder emptied: 199568523 bytes ->Temporary Internet Files folder emptied: 60557249 bytes ->FireFox cache emptied: 82907101 bytes ->Flash cache emptied: 70256 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18827197 bytes RecycleBin emptied: 3812925512 bytes Total Files Cleaned = 3.981,00 mb HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated. OTL by OldTimer - Version 3.2.22.3 log created on 04122011_153726 Files\Folders moved on Reboot... File move failed. D:\autorun.inf scheduled to be moved on reboot. Registry entries deleted on Reboot... Liebe Grüße, Change |
12.04.2011, 14:55 | #11 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
12.04.2011, 15:21 | #12 |
| Botnet, wie überprüfe ich meinen PC? Ok, der Scan hat 0 Ergebnisse geliefert und einen Scanlog gab es auch nicht. Habe hier nur den Log durch "Report" im Nachhinein: Code:
ATTFilter 2011/04/12 16:17:52.0035 5448 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/12 16:17:52.0340 5448 ================================================================================ 2011/04/12 16:17:52.0340 5448 SystemInfo: 2011/04/12 16:17:52.0340 5448 2011/04/12 16:17:52.0340 5448 OS Version: 6.0.6001 ServicePack: 1.0 2011/04/12 16:17:52.0340 5448 Product type: Workstation 2011/04/12 16:17:52.0340 5448 ComputerName: USER-XY 2011/04/12 16:17:52.0340 5448 UserName: USER-XY 2011/04/12 16:17:52.0340 5448 Windows directory: C:\Windows 2011/04/12 16:17:52.0340 5448 System windows directory: C:\Windows 2011/04/12 16:17:52.0340 5448 Processor architecture: Intel x86 2011/04/12 16:17:52.0340 5448 Number of processors: 2 2011/04/12 16:17:52.0340 5448 Page size: 0x1000 2011/04/12 16:17:52.0340 5448 Boot type: Normal boot 2011/04/12 16:17:52.0340 5448 ================================================================================ 2011/04/12 16:17:52.0819 5448 Initialize success 2011/04/12 16:17:58.0481 4572 ================================================================================ 2011/04/12 16:17:58.0481 4572 Scan started 2011/04/12 16:17:58.0481 4572 Mode: Manual; 2011/04/12 16:17:58.0481 4572 ================================================================================ 2011/04/12 16:18:00.0030 4572 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys 2011/04/12 16:18:00.0150 4572 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys 2011/04/12 16:18:00.0251 4572 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/04/12 16:18:00.0300 4572 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/04/12 16:18:00.0470 4572 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/04/12 16:18:00.0556 4572 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/04/12 16:18:00.0583 4572 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/04/12 16:18:00.0631 4572 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/04/12 16:18:00.0679 4572 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/04/12 16:18:00.0725 4572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/04/12 16:18:00.0763 4572 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/04/12 16:18:00.0795 4572 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/04/12 16:18:00.0825 4572 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/04/12 16:18:00.0855 4572 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/04/12 16:18:00.0878 4572 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/04/12 16:18:00.0980 4572 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/04/12 16:18:01.0019 4572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/04/12 16:18:01.0076 4572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/04/12 16:18:01.0106 4572 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/04/12 16:18:01.0177 4572 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/04/12 16:18:01.0213 4572 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys 2011/04/12 16:18:01.0273 4572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/04/12 16:18:01.0317 4572 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/04/12 16:18:01.0422 4572 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys 2011/04/12 16:18:01.0454 4572 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/04/12 16:18:01.0491 4572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/04/12 16:18:01.0519 4572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/04/12 16:18:01.0555 4572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/04/12 16:18:01.0585 4572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/04/12 16:18:01.0625 4572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/04/12 16:18:01.0644 4572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/04/12 16:18:01.0680 4572 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/04/12 16:18:01.0778 4572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/04/12 16:18:01.0822 4572 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/04/12 16:18:01.0863 4572 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/04/12 16:18:01.0908 4572 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/04/12 16:18:01.0999 4572 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/04/12 16:18:02.0050 4572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/04/12 16:18:02.0077 4572 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/04/12 16:18:02.0100 4572 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/04/12 16:18:02.0125 4572 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/04/12 16:18:02.0169 4572 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/04/12 16:18:02.0225 4572 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/04/12 16:18:02.0305 4572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/04/12 16:18:02.0389 4572 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/04/12 16:18:02.0456 4572 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/04/12 16:18:02.0511 4572 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/04/12 16:18:02.0567 4572 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/04/12 16:18:02.0625 4572 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/04/12 16:18:02.0742 4572 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys 2011/04/12 16:18:02.0798 4572 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/04/12 16:18:02.0834 4572 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/04/12 16:18:02.0902 4572 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/04/12 16:18:02.0969 4572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/04/12 16:18:03.0001 4572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/04/12 16:18:03.0036 4572 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/04/12 16:18:03.0064 4572 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/04/12 16:18:03.0105 4572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/04/12 16:18:03.0132 4572 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/04/12 16:18:03.0222 4572 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys 2011/04/12 16:18:03.0312 4572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/04/12 16:18:03.0384 4572 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/04/12 16:18:03.0569 4572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/04/12 16:18:03.0619 4572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/04/12 16:18:03.0699 4572 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/04/12 16:18:03.0737 4572 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/04/12 16:18:03.0814 4572 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys 2011/04/12 16:18:03.0969 4572 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2011/04/12 16:18:04.0028 4572 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/04/12 16:18:04.0071 4572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/04/12 16:18:04.0101 4572 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/04/12 16:18:04.0146 4572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/04/12 16:18:04.0275 4572 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys 2011/04/12 16:18:04.0453 4572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 2011/04/12 16:18:04.0502 4572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/04/12 16:18:04.0541 4572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/04/12 16:18:04.0723 4572 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/04/12 16:18:04.0767 4572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/04/12 16:18:05.0010 4572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/04/12 16:18:05.0043 4572 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/04/12 16:18:05.0074 4572 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/04/12 16:18:05.0103 4572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/04/12 16:18:05.0141 4572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/04/12 16:18:05.0162 4572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/04/12 16:18:05.0185 4572 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys 2011/04/12 16:18:05.0254 4572 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/04/12 16:18:05.0298 4572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/04/12 16:18:05.0340 4572 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/04/12 16:18:05.0374 4572 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/04/12 16:18:05.0420 4572 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/04/12 16:18:05.0450 4572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/04/12 16:18:05.0520 4572 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys 2011/04/12 16:18:05.0571 4572 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/04/12 16:18:05.0618 4572 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/04/12 16:18:05.0723 4572 MIDITECH_01 (96d3a86a4f5b46b3a19b5febfe4071c0) C:\Windows\system32\drivers\mt01drv.sys 2011/04/12 16:18:05.0763 4572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/04/12 16:18:05.0803 4572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/04/12 16:18:05.0839 4572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/04/12 16:18:05.0887 4572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/04/12 16:18:05.0918 4572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/04/12 16:18:05.0962 4572 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/04/12 16:18:06.0021 4572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/04/12 16:18:06.0059 4572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/04/12 16:18:06.0089 4572 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/04/12 16:18:06.0154 4572 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/04/12 16:18:06.0173 4572 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/04/12 16:18:06.0207 4572 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/04/12 16:18:06.0249 4572 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/04/12 16:18:06.0276 4572 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/04/12 16:18:06.0359 4572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/04/12 16:18:06.0392 4572 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/04/12 16:18:06.0442 4572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/04/12 16:18:06.0464 4572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/04/12 16:18:06.0483 4572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/04/12 16:18:06.0508 4572 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/04/12 16:18:06.0547 4572 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/04/12 16:18:06.0570 4572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/04/12 16:18:06.0595 4572 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/04/12 16:18:06.0674 4572 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/04/12 16:18:06.0725 4572 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys 2011/04/12 16:18:06.0750 4572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/04/12 16:18:06.0778 4572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/04/12 16:18:06.0835 4572 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/04/12 16:18:06.0869 4572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/04/12 16:18:06.0908 4572 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/04/12 16:18:06.0935 4572 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/04/12 16:18:07.0195 4572 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys 2011/04/12 16:18:07.0445 4572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/04/12 16:18:07.0487 4572 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/04/12 16:18:07.0518 4572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/04/12 16:18:07.0580 4572 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/04/12 16:18:07.0679 4572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/04/12 16:18:07.0704 4572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/04/12 16:18:07.0772 4572 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys 2011/04/12 16:18:08.0058 4572 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/04/12 16:18:08.0270 4572 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/04/12 16:18:08.0291 4572 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/04/12 16:18:08.0323 4572 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/04/12 16:18:08.0392 4572 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/04/12 16:18:08.0435 4572 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/04/12 16:18:08.0467 4572 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/04/12 16:18:08.0501 4572 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/04/12 16:18:08.0548 4572 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/04/12 16:18:08.0589 4572 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/04/12 16:18:08.0619 4572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/04/12 16:18:08.0668 4572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/04/12 16:18:08.0794 4572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/04/12 16:18:08.0826 4572 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/04/12 16:18:08.0903 4572 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/04/12 16:18:09.0000 4572 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/04/12 16:18:09.0101 4572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/04/12 16:18:09.0136 4572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/04/12 16:18:09.0158 4572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/04/12 16:18:09.0190 4572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/04/12 16:18:09.0223 4572 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/04/12 16:18:09.0243 4572 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/04/12 16:18:09.0273 4572 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/04/12 16:18:09.0301 4572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/04/12 16:18:09.0342 4572 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/04/12 16:18:09.0368 4572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/04/12 16:18:09.0401 4572 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/04/12 16:18:09.0466 4572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/04/12 16:18:09.0537 4572 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys 2011/04/12 16:18:09.0570 4572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/04/12 16:18:09.0619 4572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/04/12 16:18:09.0652 4572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/04/12 16:18:09.0687 4572 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/04/12 16:18:09.0722 4572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/04/12 16:18:09.0774 4572 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 2011/04/12 16:18:09.0797 4572 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/04/12 16:18:09.0826 4572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 2011/04/12 16:18:09.0860 4572 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/04/12 16:18:09.0894 4572 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/04/12 16:18:09.0920 4572 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/04/12 16:18:09.0947 4572 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/04/12 16:18:09.0986 4572 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/04/12 16:18:10.0143 4572 SNP2UVC (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys 2011/04/12 16:18:10.0301 4572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/04/12 16:18:10.0389 4572 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys 2011/04/12 16:18:10.0458 4572 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys 2011/04/12 16:18:10.0482 4572 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys 2011/04/12 16:18:10.0522 4572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/04/12 16:18:10.0609 4572 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/04/12 16:18:10.0671 4572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/04/12 16:18:10.0702 4572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/04/12 16:18:10.0734 4572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/04/12 16:18:10.0842 4572 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys 2011/04/12 16:18:10.0935 4572 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys 2011/04/12 16:18:11.0035 4572 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys 2011/04/12 16:18:11.0109 4572 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/04/12 16:18:11.0412 4572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/04/12 16:18:11.0546 4572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/04/12 16:18:11.0591 4572 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/04/12 16:18:11.0622 4572 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/04/12 16:18:11.0673 4572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/04/12 16:18:11.0705 4572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/04/12 16:18:11.0723 4572 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 2011/04/12 16:18:11.0749 4572 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/04/12 16:18:11.0773 4572 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/04/12 16:18:11.0812 4572 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/04/12 16:18:11.0849 4572 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/04/12 16:18:11.0888 4572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/04/12 16:18:11.0921 4572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/04/12 16:18:11.0955 4572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/04/12 16:18:12.0041 4572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/04/12 16:18:12.0077 4572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/04/12 16:18:12.0102 4572 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/04/12 16:18:12.0130 4572 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/04/12 16:18:12.0157 4572 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/04/12 16:18:12.0176 4572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/04/12 16:18:12.0219 4572 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/04/12 16:18:12.0281 4572 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/04/12 16:18:12.0438 4572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/04/12 16:18:12.0535 4572 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 2011/04/12 16:18:12.0582 4572 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/04/12 16:18:12.0607 4572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/04/12 16:18:12.0632 4572 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/04/12 16:18:12.0657 4572 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/04/12 16:18:12.0683 4572 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/04/12 16:18:12.0712 4572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/04/12 16:18:12.0764 4572 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/04/12 16:18:12.0799 4572 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/04/12 16:18:12.0839 4572 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/04/12 16:18:12.0893 4572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/04/12 16:18:12.0918 4572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/12 16:18:12.0944 4572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/04/12 16:18:12.0980 4572 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/04/12 16:18:13.0018 4572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/04/12 16:18:13.0125 4572 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/04/12 16:18:13.0204 4572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/04/12 16:18:13.0277 4572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/04/12 16:18:13.0362 4572 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys 2011/04/12 16:18:13.0622 4572 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys 2011/04/12 16:18:13.0797 4572 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys 2011/04/12 16:18:13.0929 4572 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys 2011/04/12 16:18:13.0991 4572 ================================================================================ 2011/04/12 16:18:13.0991 4572 Scan finished 2011/04/12 16:18:13.0991 4572 ================================================================================ Liebe Grüße, Change |
12.04.2011, 17:13 | #13 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.04.2011, 23:11 | #14 |
| Botnet, wie überprüfe ich meinen PC? Also, bin gekommen bis zum Abschluss der ComboFix Datei. dann kam ein cmd-window mit blauem Hintergrund: Code:
ATTFilter Bereite Logdatei vor. Starte keine anderen Programme, bevor ComboFix fertig ist. This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. PEV.cfxxe funktioniert nicht mehr Keine Ahnung ob alles gut funktioniert hat. Nach klicken auf "Programm beenden" kam der Hinweis auf den log: Code:
ATTFilter ComboFix 11-04-12.01 - UserXY 12.04.2011 23:19:35.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1969 [GMT 2:00] ausgeführt von:: c:\users\UserXY\Desktop\cofi.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((( Dateien erstellt von 2011-03-12 bis 2011-04-12 )))))))))))))))))))))))))))))) . . 2011-04-12 21:25 . 2011-04-12 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-12 21:13 . 2011-04-12 21:13 -------- d-----w- c:\program files\CCleaner 2011-04-12 13:37 . 2011-04-12 13:37 -------- d-----w- C:\_OTL 2011-04-12 12:17 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1AE2B9-77DD-42EB-935D-5592E958F1E3}\mpengine.dll 2011-04-11 01:11 . 2011-04-11 01:11 -------- d-----w- c:\program files\MSXML 4.0 2011-04-08 18:00 . 2011-04-08 18:00 -------- d-----w- c:\program files\ASIO4ALL v2 2011-04-08 17:43 . 2011-04-08 17:43 -------- d-----w- c:\windows\usb-audio.deMiditech01 2011-04-08 17:42 . 2007-03-19 21:09 19456 ----a-w- c:\windows\system32\drivers\mt01drv.sys 2011-04-08 17:38 . 2011-04-08 17:38 -------- d-----w- c:\program files\ProtectDisc Driver Installer 2011-04-08 17:37 . 2011-04-08 17:37 -------- d-----w- c:\users\UserXY\AppData\Roaming\MAGIX 2011-04-08 17:35 . 2003-04-18 14:29 82432 ----a-w- c:\windows\system32\msxml4r.dll 2011-04-08 17:35 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll 2011-04-08 17:31 . 2007-04-18 21:07 53248 ----a-w- c:\windows\system32\mgxasio2.dll 2011-04-08 17:31 . 2006-07-21 15:16 430080 ----a-w- c:\windows\system32\MXRestore.exe 2011-04-08 17:19 . 2011-04-08 17:28 -------- d-----w- c:\programdata\MAGIX 2011-04-08 17:18 . 2011-04-08 17:35 -------- d-----w- c:\program files\MAGIX 2011-04-08 17:18 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll 2011-04-08 17:17 . 2011-04-08 17:35 -------- d-----w- c:\windows\system32\MAGIX 2011-04-08 17:17 . 2007-07-11 09:53 697560 ----a-w- c:\windows\system32\mgxoschk.dll 2011-04-08 14:01 . 2011-04-08 14:01 -------- d-----w- c:\program files\Common Files\DivX Shared 2011-04-08 11:11 . 2011-04-08 11:11 -------- d-----w- c:\users\UserXY\AppData\Roaming\Malwarebytes 2011-04-08 11:10 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-08 11:10 . 2011-04-08 11:10 -------- d-----w- c:\programdata\Malwarebytes 2011-04-08 11:10 . 2011-04-08 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-08 11:10 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-31 20:43 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll 2011-03-31 20:43 . 2011-03-31 20:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-03-31 20:31 . 2011-04-01 21:33 -------- d-----w- c:\users\UserXY\AppData\Roaming\DivX 2011-03-30 19:26 . 2011-03-30 19:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine 2011-03-30 19:26 . 2011-04-08 14:02 -------- d-----w- c:\program files\DivX 2011-03-28 23:24 . 2011-03-29 08:51 -------- d-----w- c:\users\UserXY\AppData\Roaming\vlc 2011-03-28 23:23 . 2011-03-28 23:23 -------- d-----w- c:\program files\VideoLAN 2011-03-26 15:20 . 2011-03-26 15:20 -------- d-----w- c:\users\UserXY\AppData\Roaming\Vodafone Mobile Connect 2011-03-26 15:17 . 2011-03-26 15:17 -------- d-----w- c:\users\UserXY\AppData\Roaming\FLEXnet 2011-03-26 15:10 . 2011-03-26 15:10 -------- d-----w- c:\users\UserXY\AppData\Roaming\Vodafone 2011-03-26 15:10 . 2009-06-29 16:59 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2011-03-26 15:10 . 2009-04-09 12:38 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2011-03-26 15:09 . 2011-03-26 15:09 -------- d-----w- c:\users\UserXY\AppData\Roaming\Bytemobile 2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\programdata\Vodafone 2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\programdata\FLEXnet 2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\program files\Vodafone 2011-03-26 15:07 . 2011-03-26 15:07 8464 ----a-w- c:\windows\system32\SpOrder.dll 2011-03-26 15:07 . 2011-03-26 15:07 -------- d-----w- c:\users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913} 2011-03-20 00:50 . 2011-03-20 00:51 -------- d-----w- c:\program files\Ontrack . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-05 19:47 . 2011-01-28 15:46 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2011-04-05 19:46 . 2011-01-28 15:45 234536 ----a-w- c:\windows\system32\PnkBstrB.exe 2011-04-05 19:46 . 2011-01-28 15:45 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr 2011-03-19 15:09 . 2010-11-12 21:38 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-02-02 16:11 . 2010-11-13 01:23 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-01-28 15:45 . 2011-01-28 15:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248] "tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472] "FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk] path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk backup=c:\windows\pss\hamachi.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk] path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-11-10 11:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt] 2008-11-03 13:14 217088 ----a-w- c:\program files\BisonCam\BsMnt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ] 2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728] R3 MIDITECH_01;MIDITECH01 MIDI driver service;c:\windows\system32\drivers\mt01drv.sys [2007-03-19 19456] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144] S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680] S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216] S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - KLMD25 *Deregistered* - BMLoad *Deregistered* - klmd25 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ . Inhalt des "geplante Tasks" Ordners . 2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . . ------- Zusätzlicher Suchlauf ------- . IE: Free YouTube Download - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm IE: Free YouTube to MP3 Converter - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm FF - ProfilePath - c:\users\UserXY\AppData\Roaming\Mozilla\Firefox\Profiles\cff1zf4c.default\ FF - prefs.js: browser.startup.homepage - hxxp://google.de FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - Entfernte verwaiste Registrierungseinträge - - - - . HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe AddRemove-Allied Intent Xtended - c:\program files\EA GAMES\Battlefield 2 - Backup\AIXuninstaller.exe AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe AddRemove-{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04} - c:\program files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net Rootkit scan 2011-04-12 23:25 Windows 6.0.6001 Service Pack 1 NTFS . Scanne versteckte Prozesse... . Scanne versteckte Autostarteinträge... . Scanne versteckte Dateien... . Scan erfolgreich abgeschlossen versteckte Dateien: 0 . ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'Explorer.exe'(5252) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll . Zeit der Fertigstellung: 2011-04-13 00:12:16 ComboFix-quarantined-files.txt 2011-04-12 22:12 . Vor Suchlauf: 12 Verzeichnis(se), 199.935.758.336 Bytes frei Nach Suchlauf: 16 Verzeichnis(se), 199.877.750.784 Bytes frei . - - End Of File - - D22AE12B24EFD7EBD46009E221901A8F |
13.04.2011, 09:19 | #15 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Botnet, wie überprüfe ich meinen PC? |
anfänger, antivir, avira, avira antivir, bot, botnet, browser, erste mal, erstellt, exploit, firewall, forum, frage, free, internet, internet browser, keygen, langsam, maleware, seite, seiten, sekunden, stockt, tipps, trojaner, verbindung, viren, vista, wörter |