| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Botnet, wie überprüfe ich meinen PC?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.04.2011, 18:39
| #1 |
 |  Botnet, wie überprüfe ich meinen PC? Hallihallo, hab heute einen Beitrag im TV gesehen. Der gibs über diese Botnetze. Habe ehrlich gesagt das erste mal was davon gehört und bin ziemlicher Anfänger auf dem Gebiet Maleware, Viren, Trojaner & Co. Hab mir ein paar Seiten und Threads hier im Forum angeschaut, aber ich konnte da leider nicht viel von verstehen :-( Es fielen immer Wörter wie Exploit, G-Packs, KeyGen, Infect ect. Mein Internet Browser stockt in letzter Zeit öfters mal. Er bleibt einfach ein paar Sekunden im Standbild, das bin ich nicht gewöhnt, auch ist er in letzter Zeit etwas langsam geworden. Also die Finale Frage, wie kann ich meinen PC überprüfen, ob ich einem solchen Botnet unterstellt bin? Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/ Ich bedanke mich im Voraus für hilfreiche Tipps (bitte für Anfänger  )Euer Change |
|
07.04.2011, 10:43
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Botnet, wie überprüfe ich meinen PC? Hallo und
__________________ Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
08.04.2011, 14:26
| #3 |
| | Botnet, wie überprüfe ich meinen PC? Hat nicht vor dir schon jemand nen Post geschrieben? Ist ja fies den einfach zu löschen ^^
__________________Also hier die Logs: Maleware log PHP-Code: OTL Logfile: Code:
ATTFilter OTL logfile created on: 08.04.2011 14:53:42 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\UserXY\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\mIRC\mirc.exe (mIRC Co. Ltd.) PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net) PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\xampp\xampp-control.exe (Apache Friends) PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.03.26 17:08:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.31 22:37:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.31 22:37:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.31 21:12:17 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 22:37:25 | 000,000,000 | ---D | M] [2010.11.12 22:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions [2011.04.07 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions [2011.03.08 09:57:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.14 00:24:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.12.05 15:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2011.03.31 22:37:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.31 22:37:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1} [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [snp2uvc] File not found O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ] O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.08 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes [2011.04.08 13:10:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.04.08 13:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.04.08 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.04.08 13:10:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.04.08 13:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.04.05 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended [2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended [2011.03.31 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2011.03.31 22:43:47 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack [2011.03.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\DDMSettings [2011.03.31 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus [2011.03.31 22:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared [2011.03.31 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\DivX [2011.03.30 21:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine [2011.03.30 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2011.03.30 21:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX [2011.03.29 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\vlc [2011.03.29 01:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2011.03.29 01:23:38 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN [2011.03.26 17:20:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone Mobile Connect [2011.03.26 17:17:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\FLEXnet [2011.03.26 17:10:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone [2011.03.26 17:10:20 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2011.03.26 17:10:18 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2011.03.26 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Bytemobile [2011.03.26 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2011.03.26 17:07:18 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll [2011.03.26 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913} [2011.03.20 02:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Ontrack [2011.03.19 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\SATA Treiber [2011.03.16 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Dokumente [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\mIRC [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Programme\mIRC [2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC [2011.03.10 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\FreePDF_XP [2011.03.10 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF [2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP [2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF [2011.03.10 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript [2011.03.10 18:33:36 | 000,000,000 | ---D | C] -- C:\Programme\gs [2010.12.06 23:09:42 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.12.06 23:09:41 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll ========== Files - Modified Within 30 Days ========== [2011.04.08 13:03:45 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.04.08 13:03:44 | 000,666,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.04.08 13:03:44 | 000,141,546 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.04.08 13:03:44 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.04.08 12:58:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job [2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.08 12:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.08 12:57:33 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys [2011.04.07 21:23:38 | 009,307,648 | ---- | M] () -- C:\Users\UserXY\Desktop\GuAH.rar [2011.04.06 22:51:28 | 000,006,452 | ---- | M] () -- C:\Users\UserXY\.recently-used.xbel [2011.04.05 21:47:25 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.04.05 21:46:19 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2011.04.03 22:08:46 | 000,003,862 | ---- | M] () -- C:\Users\UserXY\Desktop\Geburtstag.html [2011.04.03 03:06:46 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Team.html [2011.04.02 22:19:43 | 000,025,140 | ---- | M] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt [2011.04.02 05:28:07 | 000,002,045 | ---- | M] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk [2011.04.02 04:59:18 | 000,001,022 | ---- | M] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk [2011.03.31 20:48:04 | 000,000,369 | ---- | M] () -- C:\Users\UserXY\Desktop\Tickets DB.rtf [2011.03.30 21:08:33 | 000,000,021 | ---- | M] () -- C:\Windows\ø04 [2011.03.29 19:42:15 | 000,006,144 | ---- | M] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.28 22:00:38 | 000,013,422 | ---- | M] () -- C:\Users\UserXY\Desktop\Werbung.ods [2011.03.26 17:07:18 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll [2011.03.19 19:43:06 | 000,005,025 | ---- | M] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf [2011.03.19 17:09:17 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.18 00:43:09 | 000,001,292 | ---- | M] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf [2011.03.17 05:27:11 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf ========== Files Created - No Company Name ========== [2011.04.07 21:23:10 | 009,307,648 | ---- | C] () -- C:\Users\UserXY\Desktop\GuAH.rar [2011.04.07 00:39:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job [2011.04.06 22:51:28 | 000,006,452 | ---- | C] () -- C:\Users\UserXY\.recently-used.xbel [2011.04.02 22:19:42 | 000,025,140 | ---- | C] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt [2011.04.02 04:59:18 | 000,002,045 | ---- | C] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk [2011.04.02 04:59:18 | 000,001,022 | ---- | C] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk [2011.03.31 22:43:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.03.31 22:43:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04 [2011.03.28 20:57:39 | 000,013,422 | ---- | C] () -- C:\Users\UserXY\Desktop\Werbung.ods [2011.03.19 19:43:06 | 000,005,025 | ---- | C] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf [2011.03.18 00:43:09 | 000,001,292 | ---- | C] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf [2011.03.16 19:51:01 | 000,000,421 | ---- | C] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf [2011.03.10 18:34:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.03.10 18:34:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2011.01.28 17:46:05 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.28 17:45:55 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.28 17:45:21 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.12.13 14:24:31 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.12.06 23:09:42 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.12.06 23:09:42 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe [2010.12.06 23:09:41 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.12.06 23:09:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2010.12.05 15:33:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.12.05 03:38:55 | 000,006,144 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.23 18:41:50 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.11.21 17:04:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat [2010.11.17 19:00:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.11.17 19:00:04 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.14 18:53:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.11.14 18:53:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.11.12 21:49:39 | 000,000,680 | ---- | C] () -- C:\Users\UserXY\AppData\Local\d3d9caps.dat [2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.01.21 09:15:58 | 000,666,108 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,141,546 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,253,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > OTL Log Extras.Txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.04.2011 14:53:42 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\UserXY\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082057E1-DA2A-4851-988D-2E02C82A61FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{085ABB05-D427-445F-88AF-5885142FA378}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{195668FE-0AFF-4DB2-86A7-89A346F10C38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2C54D6E6-8FEE-4F4A-9224-2AA06FC24203}" = rport=138 | protocol=17 | dir=out | app=system |
"{317AAA2A-006B-49D1-B134-6E4CB3385BC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35F15898-9B3E-4274-8AE9-CBB711AF420D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{410549BA-C46D-4EB1-9EF4-99DFBEA384B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51D95E50-48EF-41CC-AA40-F09713A590F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{62092309-4945-4F07-B28A-A7C206BB06BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71488D49-8D57-45EA-AF79-720FFA1557AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7DC38869-D686-488F-9F65-8E02AE621005}" = rport=139 | protocol=6 | dir=out | app=system |
"{836476F3-4A08-49AE-A9DE-185DC8F1CD66}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D16125D-AFEF-4687-B4E2-B4BF846720A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{BCCAE36C-FEC0-4A39-A6C7-BFFFA0AEDE2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1831A9F-DB0D-48B2-B585-B0CE700325A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6344D9A-75FD-4F90-BA1D-DF7BD1B58CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDE86F30-7567-4E89-BD88-3359EDF83FE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F048EA16-D3D8-4B37-A175-2A77C2687A92}" = lport=138 | protocol=17 | dir=in | app=system |
"{F56D6BE4-37C7-431E-84A1-14390E7CA0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18A121F3-2C46-4C1A-BF84-D2F95D9E6441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{20D44E87-FF81-460E-AEC4-30E44858EBF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3905CB25-C78D-488A-9E80-2B44898757F5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3B7EB9F6-29B7-42D9-80A8-3C8B6D9922FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{44395975-C19E-4884-9D62-13723227A96A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{566F4F0F-E2F3-4A2E-A42D-17BECCA37CA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C06B76E-FC2E-4D86-88BA-7454C66DD4D8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8A31DA49-E7C2-4E51-A068-CC0332B8C2FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91BEC9BA-706F-4520-A4BF-C11804050734}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99E5BAD5-15DF-4BFF-A5FE-C85833A5124D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A13B0100-F471-452E-8161-D7EBD3B85FAD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A55B93E2-F95F-4D94-9496-0271AEC5F240}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B352AD18-7473-48A8-91B1-A1BED7889219}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C9BDFEC7-A8B3-4149-93ED-4D643E8D588A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D2CFEF35-E009-4B6C-B934-32EAFBD2F115}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EEBB4BBB-98B5-46E4-9E65-EE9B50E8025D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0FC704B-ABEC-4F4D-884B-FBBAA49A487D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F32B80AD-1024-4021-8731-4EAC57D4F431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0915FD88-778B-432D-89BF-E4FD32A0F1BF}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe |
"TCP Query User{2EC893D1-D51E-4D23-B962-F6194A048EB4}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe |
"TCP Query User{3676B3FD-EE92-401A-AD98-5E5A6E94EA93}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe |
"TCP Query User{41BF4A2A-7EDD-49F2-9EAC-17FC445D69C6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe |
"TCP Query User{45500023-0036-4DA3-B78F-3A774D5AE7D7}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe |
"TCP Query User{497DCF11-B305-41B3-A76C-8BD710C3D788}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{50AAD46C-C652-4991-91EF-196A0AF998C6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe |
"TCP Query User{62CE1318-260F-4C3D-ADB1-BD5CB111598E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{73805122-F62E-4850-BD91-E255465048C2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe |
"TCP Query User{7F0E4E5B-BA5F-4E8A-B0FE-958756B73563}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8DD3A72E-F650-4F7A-9960-2F5A2046D664}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe |
"TCP Query User{8F43AB5B-0F0E-45F3-9245-63054D4E3827}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{946907A8-0B09-4FE4-9DAC-842C1818B14E}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe |
"TCP Query User{9BD4BDCE-0B4F-4267-8B10-A806071F542E}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe |
"TCP Query User{A11562F4-F346-4B91-A5EE-33C65A9D7E27}C:\program files\tswebeditor\tswebeditor.exe" = protocol=6 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe |
"TCP Query User{C5B0937B-5D7A-4288-9055-F2BCC74BBDC2}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe |
"TCP Query User{D1B511A2-C11A-44C1-A058-A4C6C52406E8}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe |
"TCP Query User{D924792E-5E81-4646-87A3-7C7D27EFB058}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{08718B93-277E-42CA-8529-C9AC14F04FC2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe |
"UDP Query User{0F951912-372E-4EA9-8C13-D4AB69ABB10B}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2A53B9AD-2F81-42FE-BB6E-4889E8C81575}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe |
"UDP Query User{4BD0F880-ED4E-4B61-A661-94DCF2945FB6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe |
"UDP Query User{4C728C08-5E01-46CC-B2B0-DAE936FB3C77}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe |
"UDP Query User{5824E21F-8453-45C4-9E0A-17A797E11B89}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe |
"UDP Query User{77215D82-E1F6-456F-BF44-9C922816922F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{8A25C818-1C5F-41B9-8702-F0CD6B9400A6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe |
"UDP Query User{8C2FA855-BED0-424F-9B1B-D30C0C9DAF96}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{97B62570-DD02-4961-89B5-00233035892C}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe |
"UDP Query User{A1CD3481-586B-40DB-B9DA-21730BBCE276}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe |
"UDP Query User{B0C4FA83-D395-4B51-9D63-B4E77C7F0F50}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{B839EF48-9CAA-418C-9553-CB1B9CFA4F20}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe |
"UDP Query User{C2A885AC-4463-44C6-BC64-F8710030128C}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe |
"UDP Query User{CAC51CF5-3558-4E61-9E03-DA633AC7A79E}C:\program files\tswebeditor\tswebeditor.exe" = protocol=17 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe |
"UDP Query User{DB253A1D-37AC-4E69-8428-0009D14E729A}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe |
"UDP Query User{DBDFDFAD-82A9-402F-B98C-C6FA8BE52FD3}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E910EBD3-1AD2-44B6-BF33-282591AB7977}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{29805E39-651D-483D-85DA-A818AE4B1D96}" = World of Warcraft Model Viewer 32-bit
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{58E5BB82-338B-4A48-B1BE-F8BE30F615EC}_is1" = Hyrule City 1.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"AutoHotkey" = AutoHotkey 1.0.48.05.L61
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Content Uploader" = DivX Content Uploader
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"FreePDF_XP" = FreePDF (Remove only)
"Geany" = Geany 0.19.1
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.91
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.04.2011 16:14:22 | Computer Name = UserXY-LT | Source = VSS | ID = 8194
Description =
Error - 06.04.2011 14:23:26 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.04.2011 14:23:27 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
Error - 06.04.2011 21:27:01 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 07.04.2011 05:14:48 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 07.04.2011 05:14:52 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
Error - 07.04.2011 12:18:04 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 07.04.2011 12:18:06 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
Error - 08.04.2011 06:57:54 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 08.04.2011 06:57:55 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 16.01.2011 12:31:28 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
Error - 16.01.2011 12:31:43 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
Error - 16.01.2011 12:34:27 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.29 für die Netzwerkkarte mit der Netzwerkadresse
0016EAD0C51E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 17.01.2011 08:39:17 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
Error - 17.01.2011 08:39:25 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
0016EAD0C51E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 17.01.2011 08:39:31 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
Error - 18.01.2011 07:58:23 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
Error - 18.01.2011 07:58:35 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2011 07:48:57 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
Error - 19.01.2011 07:49:20 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Vielen Dank, Change :-) |
|
08.04.2011, 14:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2011, 15:05
| #5 |
| | Botnet, wie überprüfe ich meinen PC? Nein, da steht nur dieser den ich angegeben habe! Das mit den Hängern manchmal wird immer schlimmer....dann tut sich 10 sec manchmal garnichts! Liebe Grüße, Change |
|
08.04.2011, 15:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] ()
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Botnet, wie überprüfe ich meinen PC? |
|
08.04.2011, 16:35
| #7 |
| | Botnet, wie überprüfe ich meinen PC? Was wird denn gefixt? Gibts ein Problem mit meinem Computer? Irgendwas kaputt? Liebe Grüße, Change |
|
08.04.2011, 17:50
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Wenn man dir hier helfen soll, muss du schon den Helfern vertrauen. Soll ich dir jetzt jede Zeile des Scriptes erklären bis du es verstanden hast oder willst du schnell und einfach Windows wieder auf Vordermann bringen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.04.2011, 18:48
| #9 |
| | Botnet, wie überprüfe ich meinen PC? Ganz ehrlich? Ich vertraue euch, das ist keine Frage. Aber ich bin jemand der nicht einfach gesagt bekommen möchte was er machen soll, ich möchte lernen. Ich möchte wissen was nicht stimmt und lernen diese Probleme zu lösen. Ich halte wenig von Leuten die ins Forum posten was muss ich tun und dann einfach stupide das tun was gesagt wird. Ich hinterfrage nicht mangels fehlendem Vertrauen sondern mangels fehlendem Wissen. Aber ist ja gut, dann werde ich es eben so ausführen. Danke :-) Liebe Grüße, Change |
|
12.04.2011, 14:45
| #10 |
| | Botnet, wie überprüfe ich meinen PC? Also, habe nun den Fix mal durchgespielt, scheinen ein zwei Problemchen bei aufgetreten zu sein: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Windows\ø04 moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File not found.
File D:\Autorun.exe not found.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
File F:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Jonas
->Temp folder emptied: 199568523 bytes
->Temporary Internet Files folder emptied: 60557249 bytes
->FireFox cache emptied: 82907101 bytes
->Flash cache emptied: 70256 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18827197 bytes
RecycleBin emptied: 3812925512 bytes
Total Files Cleaned = 3.981,00 mb
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_153726
Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Liebe Grüße, Change |
|
12.04.2011, 14:55
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 15:21
| #12 |
| | Botnet, wie überprüfe ich meinen PC? Ok, der Scan hat 0 Ergebnisse geliefert und einen Scanlog gab es auch nicht. Habe hier nur den Log durch "Report" im Nachhinein: Code:
ATTFilter 2011/04/12 16:17:52.0035 5448 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 16:17:52.0340 5448 ================================================================================
2011/04/12 16:17:52.0340 5448 SystemInfo:
2011/04/12 16:17:52.0340 5448
2011/04/12 16:17:52.0340 5448 OS Version: 6.0.6001 ServicePack: 1.0
2011/04/12 16:17:52.0340 5448 Product type: Workstation
2011/04/12 16:17:52.0340 5448 ComputerName: USER-XY
2011/04/12 16:17:52.0340 5448 UserName: USER-XY
2011/04/12 16:17:52.0340 5448 Windows directory: C:\Windows
2011/04/12 16:17:52.0340 5448 System windows directory: C:\Windows
2011/04/12 16:17:52.0340 5448 Processor architecture: Intel x86
2011/04/12 16:17:52.0340 5448 Number of processors: 2
2011/04/12 16:17:52.0340 5448 Page size: 0x1000
2011/04/12 16:17:52.0340 5448 Boot type: Normal boot
2011/04/12 16:17:52.0340 5448 ================================================================================
2011/04/12 16:17:52.0819 5448 Initialize success
2011/04/12 16:17:58.0481 4572 ================================================================================
2011/04/12 16:17:58.0481 4572 Scan started
2011/04/12 16:17:58.0481 4572 Mode: Manual;
2011/04/12 16:17:58.0481 4572 ================================================================================
2011/04/12 16:18:00.0030 4572 acedrv10 (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys
2011/04/12 16:18:00.0150 4572 acehlp10 (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys
2011/04/12 16:18:00.0251 4572 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/12 16:18:00.0300 4572 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 16:18:00.0470 4572 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 16:18:00.0556 4572 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 16:18:00.0583 4572 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 16:18:00.0631 4572 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/12 16:18:00.0679 4572 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 16:18:00.0725 4572 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 16:18:00.0763 4572 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 16:18:00.0795 4572 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 16:18:00.0825 4572 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/12 16:18:00.0855 4572 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 16:18:00.0878 4572 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 16:18:00.0980 4572 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 16:18:01.0019 4572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 16:18:01.0076 4572 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 16:18:01.0106 4572 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/12 16:18:01.0177 4572 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/12 16:18:01.0213 4572 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/12 16:18:01.0273 4572 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 16:18:01.0317 4572 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 16:18:01.0422 4572 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
2011/04/12 16:18:01.0454 4572 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 16:18:01.0491 4572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 16:18:01.0519 4572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 16:18:01.0555 4572 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 16:18:01.0585 4572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 16:18:01.0625 4572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 16:18:01.0644 4572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 16:18:01.0680 4572 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 16:18:01.0778 4572 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 16:18:01.0822 4572 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 16:18:01.0863 4572 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 16:18:01.0908 4572 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/12 16:18:01.0999 4572 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/12 16:18:02.0050 4572 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 16:18:02.0077 4572 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/12 16:18:02.0100 4572 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 16:18:02.0125 4572 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 16:18:02.0169 4572 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 16:18:02.0225 4572 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/12 16:18:02.0305 4572 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 16:18:02.0389 4572 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 16:18:02.0456 4572 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 16:18:02.0511 4572 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/12 16:18:02.0567 4572 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 16:18:02.0625 4572 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 16:18:02.0742 4572 ewusbnet (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/12 16:18:02.0798 4572 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/12 16:18:02.0834 4572 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 16:18:02.0902 4572 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 16:18:02.0969 4572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 16:18:03.0001 4572 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 16:18:03.0036 4572 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 16:18:03.0064 4572 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 16:18:03.0105 4572 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 16:18:03.0132 4572 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 16:18:03.0222 4572 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/12 16:18:03.0312 4572 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 16:18:03.0384 4572 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 16:18:03.0569 4572 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 16:18:03.0619 4572 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 16:18:03.0699 4572 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 16:18:03.0737 4572 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 16:18:03.0814 4572 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 16:18:03.0969 4572 hwdatacard (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/12 16:18:04.0028 4572 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 16:18:04.0071 4572 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 16:18:04.0101 4572 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 16:18:04.0146 4572 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 16:18:04.0275 4572 IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 16:18:04.0453 4572 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 16:18:04.0502 4572 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 16:18:04.0541 4572 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 16:18:04.0723 4572 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 16:18:04.0767 4572 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 16:18:05.0010 4572 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 16:18:05.0043 4572 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 16:18:05.0074 4572 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 16:18:05.0103 4572 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 16:18:05.0141 4572 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 16:18:05.0162 4572 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 16:18:05.0185 4572 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/12 16:18:05.0254 4572 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 16:18:05.0298 4572 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 16:18:05.0340 4572 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 16:18:05.0374 4572 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 16:18:05.0420 4572 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 16:18:05.0450 4572 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 16:18:05.0520 4572 massfilter (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
2011/04/12 16:18:05.0571 4572 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 16:18:05.0618 4572 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 16:18:05.0723 4572 MIDITECH_01 (96d3a86a4f5b46b3a19b5febfe4071c0) C:\Windows\system32\drivers\mt01drv.sys
2011/04/12 16:18:05.0763 4572 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 16:18:05.0803 4572 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 16:18:05.0839 4572 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 16:18:05.0887 4572 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 16:18:05.0918 4572 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 16:18:05.0962 4572 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 16:18:06.0021 4572 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 16:18:06.0059 4572 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 16:18:06.0089 4572 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 16:18:06.0154 4572 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 16:18:06.0173 4572 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 16:18:06.0207 4572 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 16:18:06.0249 4572 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/12 16:18:06.0276 4572 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 16:18:06.0359 4572 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 16:18:06.0392 4572 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 16:18:06.0442 4572 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 16:18:06.0464 4572 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 16:18:06.0483 4572 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 16:18:06.0508 4572 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 16:18:06.0547 4572 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 16:18:06.0570 4572 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 16:18:06.0595 4572 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 16:18:06.0674 4572 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 16:18:06.0725 4572 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/04/12 16:18:06.0750 4572 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 16:18:06.0778 4572 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 16:18:06.0835 4572 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 16:18:06.0869 4572 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 16:18:06.0908 4572 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 16:18:06.0935 4572 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 16:18:07.0195 4572 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/12 16:18:07.0445 4572 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 16:18:07.0487 4572 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 16:18:07.0518 4572 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 16:18:07.0580 4572 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 16:18:07.0679 4572 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 16:18:07.0704 4572 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 16:18:07.0772 4572 NVHDA (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/12 16:18:08.0058 4572 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 16:18:08.0270 4572 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 16:18:08.0291 4572 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 16:18:08.0323 4572 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 16:18:08.0392 4572 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 16:18:08.0435 4572 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 16:18:08.0467 4572 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 16:18:08.0501 4572 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 16:18:08.0548 4572 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/12 16:18:08.0589 4572 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/12 16:18:08.0619 4572 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 16:18:08.0668 4572 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 16:18:08.0794 4572 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 16:18:08.0826 4572 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/12 16:18:08.0903 4572 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 16:18:09.0000 4572 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 16:18:09.0101 4572 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 16:18:09.0136 4572 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 16:18:09.0158 4572 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 16:18:09.0190 4572 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 16:18:09.0223 4572 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 16:18:09.0243 4572 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 16:18:09.0273 4572 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 16:18:09.0301 4572 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 16:18:09.0342 4572 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 16:18:09.0368 4572 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 16:18:09.0401 4572 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 16:18:09.0466 4572 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 16:18:09.0537 4572 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/12 16:18:09.0570 4572 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 16:18:09.0619 4572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 16:18:09.0652 4572 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/12 16:18:09.0687 4572 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/12 16:18:09.0722 4572 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 16:18:09.0774 4572 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 16:18:09.0797 4572 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 16:18:09.0826 4572 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 16:18:09.0860 4572 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 16:18:09.0894 4572 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 16:18:09.0920 4572 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 16:18:09.0947 4572 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 16:18:09.0986 4572 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 16:18:10.0143 4572 SNP2UVC (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/12 16:18:10.0301 4572 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 16:18:10.0389 4572 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 16:18:10.0458 4572 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 16:18:10.0482 4572 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 16:18:10.0522 4572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/12 16:18:10.0609 4572 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 16:18:10.0671 4572 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 16:18:10.0702 4572 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 16:18:10.0734 4572 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 16:18:10.0842 4572 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 16:18:10.0935 4572 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 16:18:11.0035 4572 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2011/04/12 16:18:11.0109 4572 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 16:18:11.0412 4572 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 16:18:11.0546 4572 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 16:18:11.0591 4572 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 16:18:11.0622 4572 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 16:18:11.0673 4572 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 16:18:11.0705 4572 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 16:18:11.0723 4572 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 16:18:11.0749 4572 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 16:18:11.0773 4572 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 16:18:11.0812 4572 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 16:18:11.0849 4572 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 16:18:11.0888 4572 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 16:18:11.0921 4572 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 16:18:11.0955 4572 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 16:18:12.0041 4572 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 16:18:12.0077 4572 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 16:18:12.0102 4572 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 16:18:12.0130 4572 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 16:18:12.0157 4572 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/12 16:18:12.0176 4572 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 16:18:12.0219 4572 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 16:18:12.0281 4572 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 16:18:12.0438 4572 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 16:18:12.0535 4572 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/12 16:18:12.0582 4572 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 16:18:12.0607 4572 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 16:18:12.0632 4572 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 16:18:12.0657 4572 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 16:18:12.0683 4572 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 16:18:12.0712 4572 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 16:18:12.0764 4572 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 16:18:12.0799 4572 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 16:18:12.0839 4572 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 16:18:12.0893 4572 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 16:18:12.0918 4572 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 16:18:12.0944 4572 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 16:18:12.0980 4572 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 16:18:13.0018 4572 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 16:18:13.0125 4572 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/12 16:18:13.0204 4572 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 16:18:13.0277 4572 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 16:18:13.0362 4572 XUIF (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/04/12 16:18:13.0622 4572 ZTEusbmdm6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/12 16:18:13.0797 4572 ZTEusbnmea (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/12 16:18:13.0929 4572 ZTEusbser6k (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/12 16:18:13.0991 4572 ================================================================================
2011/04/12 16:18:13.0991 4572 Scan finished
2011/04/12 16:18:13.0991 4572 ================================================================================
Liebe Grüße, Change |
|
12.04.2011, 17:13
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2011, 23:11
| #14 |
| | Botnet, wie überprüfe ich meinen PC? Also, bin gekommen bis zum Abschluss der ComboFix Datei. dann kam ein cmd-window mit blauem Hintergrund: Code:
ATTFilter Bereite Logdatei vor.
Starte keine anderen Programme, bevor ComboFix fertig ist.
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
PEV.cfxxe funktioniert nicht mehr Keine Ahnung ob alles gut funktioniert hat. Nach klicken auf "Programm beenden" kam der Hinweis auf den log: Code:
ATTFilter ComboFix 11-04-12.01 - UserXY 12.04.2011 23:19:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3066.1969 [GMT 2:00]
ausgeführt von:: c:\users\UserXY\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-12 bis 2011-04-12 ))))))))))))))))))))))))))))))
.
.
2011-04-12 21:25 . 2011-04-12 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-12 21:13 . 2011-04-12 21:13 -------- d-----w- c:\program files\CCleaner
2011-04-12 13:37 . 2011-04-12 13:37 -------- d-----w- C:\_OTL
2011-04-12 12:17 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1AE2B9-77DD-42EB-935D-5592E958F1E3}\mpengine.dll
2011-04-11 01:11 . 2011-04-11 01:11 -------- d-----w- c:\program files\MSXML 4.0
2011-04-08 18:00 . 2011-04-08 18:00 -------- d-----w- c:\program files\ASIO4ALL v2
2011-04-08 17:43 . 2011-04-08 17:43 -------- d-----w- c:\windows\usb-audio.deMiditech01
2011-04-08 17:42 . 2007-03-19 21:09 19456 ----a-w- c:\windows\system32\drivers\mt01drv.sys
2011-04-08 17:38 . 2011-04-08 17:38 -------- d-----w- c:\program files\ProtectDisc Driver Installer
2011-04-08 17:37 . 2011-04-08 17:37 -------- d-----w- c:\users\UserXY\AppData\Roaming\MAGIX
2011-04-08 17:35 . 2003-04-18 14:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2011-04-08 17:35 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-04-08 17:31 . 2007-04-18 21:07 53248 ----a-w- c:\windows\system32\mgxasio2.dll
2011-04-08 17:31 . 2006-07-21 15:16 430080 ----a-w- c:\windows\system32\MXRestore.exe
2011-04-08 17:19 . 2011-04-08 17:28 -------- d-----w- c:\programdata\MAGIX
2011-04-08 17:18 . 2011-04-08 17:35 -------- d-----w- c:\program files\MAGIX
2011-04-08 17:18 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2011-04-08 17:17 . 2011-04-08 17:35 -------- d-----w- c:\windows\system32\MAGIX
2011-04-08 17:17 . 2007-07-11 09:53 697560 ----a-w- c:\windows\system32\mgxoschk.dll
2011-04-08 14:01 . 2011-04-08 14:01 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-04-08 11:11 . 2011-04-08 11:11 -------- d-----w- c:\users\UserXY\AppData\Roaming\Malwarebytes
2011-04-08 11:10 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 11:10 . 2011-04-08 11:10 -------- d-----w- c:\programdata\Malwarebytes
2011-04-08 11:10 . 2011-04-08 11:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-08 11:10 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-31 20:43 . 2010-03-15 10:31 165376 ----a-w- c:\windows\system32\unrar.dll
2011-03-31 20:43 . 2011-03-31 20:44 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-03-31 20:31 . 2011-04-01 21:33 -------- d-----w- c:\users\UserXY\AppData\Roaming\DivX
2011-03-30 19:26 . 2011-03-30 19:26 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2011-03-30 19:26 . 2011-04-08 14:02 -------- d-----w- c:\program files\DivX
2011-03-28 23:24 . 2011-03-29 08:51 -------- d-----w- c:\users\UserXY\AppData\Roaming\vlc
2011-03-28 23:23 . 2011-03-28 23:23 -------- d-----w- c:\program files\VideoLAN
2011-03-26 15:20 . 2011-03-26 15:20 -------- d-----w- c:\users\UserXY\AppData\Roaming\Vodafone Mobile Connect
2011-03-26 15:17 . 2011-03-26 15:17 -------- d-----w- c:\users\UserXY\AppData\Roaming\FLEXnet
2011-03-26 15:10 . 2011-03-26 15:10 -------- d-----w- c:\users\UserXY\AppData\Roaming\Vodafone
2011-03-26 15:10 . 2009-06-29 16:59 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-03-26 15:10 . 2009-04-09 12:38 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-03-26 15:09 . 2011-03-26 15:09 -------- d-----w- c:\users\UserXY\AppData\Roaming\Bytemobile
2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\programdata\Vodafone
2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\programdata\FLEXnet
2011-03-26 15:08 . 2011-03-26 15:08 -------- d-----w- c:\program files\Vodafone
2011-03-26 15:07 . 2011-03-26 15:07 8464 ----a-w- c:\windows\system32\SpOrder.dll
2011-03-26 15:07 . 2011-03-26 15:07 -------- d-----w- c:\users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
2011-03-20 00:50 . 2011-03-20 00:51 -------- d-----w- c:\program files\Ontrack
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 19:47 . 2011-01-28 15:46 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-04-05 19:46 . 2011-01-28 15:45 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-04-05 19:46 . 2011-01-28 15:45 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-03-19 15:09 . 2010-11-12 21:38 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2010-11-13 01:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-28 15:45 . 2011-01-28 15:45 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 87304 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 11:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2008-11-03 13:14 217088 ----a-w- c:\program files\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MIDITECH_01;MIDITECH01 MIDI driver service;c:\windows\system32\drivers\mt01drv.sys [2007-03-19 19456]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - BMLoad
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\UserXY\AppData\Roaming\Mozilla\Firefox\Profiles\cff1zf4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-Allied Intent Xtended - c:\program files\EA GAMES\Battlefield 2 - Backup\AIXuninstaller.exe
AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04} - c:\program files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-12 23:25
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5252)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Zeit der Fertigstellung: 2011-04-13 00:12:16
ComboFix-quarantined-files.txt 2011-04-12 22:12
.
Vor Suchlauf: 12 Verzeichnis(se), 199.935.758.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 199.877.750.784 Bytes frei
.
- - End Of File - - D22AE12B24EFD7EBD46009E221901A8F
|
|
13.04.2011, 09:19
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Botnet, wie überprüfe ich meinen PC? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Botnet, wie überprüfe ich meinen PC? |
| anfänger, antivir, avira, avira antivir, bot, botnet, browser, erste mal, erstellt, exploit, firewall, forum, frage, free, internet, internet browser, keygen, langsam, maleware, seite, seiten, sekunden, stockt, tipps, trojaner, verbindung, viren, vista, wörter |
Linear-Darstellung
