| |
| |||||||
Log-Analyse und Auswertung: OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert istWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.04.2011, 18:52
| #1 |
| |  OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Hallo Experten, könnte bitte einmal jemand einen Blick auf mein OTL Logflie werfen? Ich habe das ungute Gefühl, dass mein System infiziert ist. Code:
ATTFilter OTL logfile created on: 15.04.2011 19:37:01 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 40,00 Gb Total Space | 10,47 Gb Free Space | 26,17% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 4,51 Gb Free Space | 22,55% Space Free | Partition Type: NTFS Drive E: | 576,18 Gb Total Space | 269,07 Gb Free Space | 46,70% Space Free | Partition Type: NTFS Drive F: | 425,76 Gb Total Space | 270,33 Gb Free Space | 63,49% Space Free | Partition Type: NTFS Drive G: | 384,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive X: | 186,31 Gb Total Space | 28,94 Gb Free Space | 15,53% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\AppData\Local\Temp\3SS232B.exe (Microsoft Corporation) PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) PRC - C:\Users\***\AppData\Local\TVersity\Media Server\MediaServer.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe () PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Windows\SysWOW64\PSIService.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AODService) -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (TVersityMediaServer) -- C:\Users\***\AppData\Local\TVersity\Media Server\MediaServer.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (ProtexisLicensing) -- C:\Windows\SysWOW64\PSIService.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (mod7700) -- C:\Windows\SysNative\drivers\dvb7700all.sys (DiBcom) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation) DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.) DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech, Inc.) DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech, Inc.) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Almico Software) DRV - (AODDriver) -- D:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA FD E3 3D C3 6E CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 49 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.90 FF - prefs.js..network.proxy.backup.ftp: "localhost" FF - prefs.js..network.proxy.backup.ftp_port: 8080 FF - prefs.js..network.proxy.backup.gopher: "localhost" FF - prefs.js..network.proxy.backup.gopher_port: 8080 FF - prefs.js..network.proxy.backup.socks: "localhost" FF - prefs.js..network.proxy.backup.socks_port: 8080 FF - prefs.js..network.proxy.backup.ssl: "localhost" FF - prefs.js..network.proxy.backup.ssl_port: 8080 FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 8080 FF - prefs.js..network.proxy.gopher: "localhost" FF - prefs.js..network.proxy.gopher_port: 8080 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 8080 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 8080 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.30 17:00:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.30 17:00:34 | 000,000,000 | ---D | M] [2009.11.29 12:26:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.04.15 19:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions [2010.04.29 17:37:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.08 17:22:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.15 18:16:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2009.11.29 12:27:38 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009.12.11 20:19:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions [2009.12.11 20:19:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009.12.11 20:19:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6g12q6zk.default - Kopie\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.12.02 18:03:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.02 18:03:30 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- D:\PROGRAMME\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER [2010.10.29 19:59:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.29 19:59:34 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.29 19:59:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.29 19:59:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.29 19:59:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.04.15 18:57:05 | 000,432,594 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 14888 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [34D27A2BD4720CD8] File not found O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8:64bit: - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.246.64.8 62.220.18.8 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.16 20:16:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003.09.01 23:50:14 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2003.08.31 05:36:09 | 000,002,046 | R--- | M] () - G:\Autorun.csf -- [ CDFS ] O32 - AutoRun File - [2003.09.01 23:50:21 | 001,101,824 | R--- | M] () - G:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006.11.07 15:22:29 | 000,000,000 | ---D | M] - X:\Autorun -- [ NTFS ] O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell - "" = AutoRun O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell\AutoRun\command - "" = H:\setup.exe O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003.09.01 23:50:21 | 001,101,824 | R--- | M] () O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun1.exe /a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.15 18:46:03 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.15 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2011.04.11 18:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache [2011.04.03 15:28:53 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command & Conquer Generäle Stunde Null Data [2011.04.03 15:04:11 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Command and Conquer Generals Zero Hour Data [2011.04.01 16:18:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Baumaschinen Simulator 2011 [2011.03.19 15:11:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys [2011.03.19 15:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2011.03.18 21:25:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan ========== Files - Modified Within 30 Days ========== [2011.04.15 19:20:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.04.15 18:57:05 | 000,432,594 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.04.15 18:46:06 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2011.04.15 17:54:35 | 000,059,481 | ---- | M] () -- C:\Users\***\Desktop\memoryking.pdf [2011.04.15 17:54:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 17:54:26 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.15 17:20:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.04.15 16:57:30 | 001,507,168 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.15 16:57:30 | 000,657,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.15 16:57:30 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.15 16:57:30 | 000,130,818 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.15 16:57:30 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.15 16:50:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.15 16:50:37 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2011.04.14 17:00:38 | 000,000,576 | ---- | M] () -- C:\Windows\wiso.ini [2011.04.12 19:08:14 | 000,053,598 | ---- | M] () -- C:\Users\***\Desktop\Aktuell_steuer_checkliste.pdf [2011.04.04 17:01:46 | 000,364,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.04.03 15:25:20 | 000,000,991 | ---- | M] () -- C:\Windows\eReg.dat [2011.04.03 15:20:10 | 000,000,679 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle Die Stunde Null .lnk [2011.03.29 14:23:20 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2011.03.19 15:11:26 | 000,001,115 | ---- | M] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk [2011.03.18 21:25:35 | 000,001,020 | ---- | M] () -- C:\Users\***\Desktop\SpeedFan.lnk [2011.03.18 21:25:35 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo ========== Files Created - No Company Name ========== [2011.04.15 17:54:34 | 000,059,481 | ---- | C] () -- C:\Users\***\Desktop\memoryking.pdf [2011.04.12 19:08:14 | 000,053,598 | ---- | C] () -- C:\Users\***\Desktop\Aktuell_steuer_checkliste.pdf [2011.04.03 15:20:10 | 000,000,679 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle Die Stunde Null .lnk [2011.04.03 15:14:17 | 000,000,991 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.19 15:11:26 | 000,001,115 | ---- | C] () -- C:\Users\***\Desktop\EVEREST Home Edition.lnk [2011.03.18 21:25:35 | 000,001,020 | ---- | C] () -- C:\Users\***\Desktop\SpeedFan.lnk [2011.03.18 21:25:34 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2011.03.10 20:56:46 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2010.12.14 19:06:05 | 000,000,576 | ---- | C] () -- C:\Windows\wiso.ini [2010.10.20 18:29:29 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2010.10.14 02:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2010.09.29 15:46:09 | 000,150,240 | ---- | C] () -- C:\Windows\SysWow64\drivers\MLTCAP.sys [2010.06.16 00:28:58 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010.03.26 18:07:27 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini [2009.12.16 17:17:29 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.12.07 18:20:18 | 000,472,656 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe [2009.12.07 18:16:42 | 000,003,140 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys [2009.12.07 18:16:42 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\98FF2C839A.sys [2009.11.30 19:16:14 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2009.11.27 00:14:19 | 000,007,588 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2009.11.26 19:48:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.02 21:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\SysWow64\PSIService.exe [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== LOP Check ========== [2010.07.16 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\0ad [2010.03.27 20:32:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alarmstufe Rot 3 Der Aufstand [2011.04.01 16:18:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Baumaschinen Simulator 2011 [2010.07.16 13:02:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BRAVIS [2010.04.25 12:05:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2009.11.27 18:34:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.02.01 17:24:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DeepBurner [2010.08.25 17:06:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GrabPro [2010.10.05 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hardcore [2009.11.27 00:39:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.08.10 18:21:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Need for Speed World [2010.04.24 22:08:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter [2011.03.17 23:16:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Orbit [2010.08.25 17:07:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ProgSense [2010.10.03 16:40:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Quest3D [2011.04.15 18:16:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2010.10.05 18:51:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sakura [2011.03.15 18:22:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.03.08 01:33:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TerraTec [2010.01.16 00:29:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software [2010.03.27 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack [2011.02.12 15:09:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 15.04.2011 19:37:01 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 65,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 10,47 Gb Free Space | 26,17% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 4,51 Gb Free Space | 22,55% Space Free | Partition Type: NTFS
Drive E: | 576,18 Gb Total Space | 269,07 Gb Free Space | 46,70% Space Free | Partition Type: NTFS
Drive F: | 425,76 Gb Total Space | 270,33 Gb Free Space | 63,49% Space Free | Partition Type: NTFS
Drive G: | 384,65 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive X: | 186,31 Gb Total Space | 28,94 Gb Free Space | 15,53% Space Free | Partition Type: NTFS
Computer Name: DESKTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\***\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\Users\***\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{28A0318C-B98D-B6B1-64D1-4E4755A8E668}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0008F2A-0E82-09A2-5A24-DFB31DCB3690}" = ATI Catalyst Install Manager
"{A3E7D4EB-D170-F9A8-B6C5-403CE95AC1B1}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ffdshow64_is1" = ffdshow x64 [rev 3305] [2010-03-04]
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{023E7812-63E0-F0EB-F226-806679332948}" = CCC Help Spanish
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04E87F64-7182-985A-694E-08475EE6F5F1}" = CCC Help English
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1650594B-3979-48DB-B8F2-4634CAA872A3}_is1" = Bounty Bay Online
"{1A7A8F56-CDB2-2925-5714-AE602C8C80D0}" = CCC Help Portuguese
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2410A9B7-A14A-FCD4-203B-E4266C98A65A}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2D62D645-8460-6888-9E89-0F93947E0925}" = CCC Help German
"{2EF94C49-4D4F-2137-26C2-4E52E36E54DF}" = Catalyst Control Center InstallProxy
"{30B950DB-5E14-4186-A1D7-B582B5966087}" = Catalyst Control Center Graphics Previews Vista
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5F15CD04-5682-D6AA-D5E5-F2A6643EF261}" = Catalyst Control Center Graphics Previews Common
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{64C67386-CF44-9E7A-7133-8F9CE8D6C41E}" = ccc-core-static
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3F693F-A252-46A7-8D0F-7F409B13F738}" = Scope
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7EE9145D-C430-44E6-B5ED-61FF9C332100}_is1" = Battle of the Immortals client
"{82BF91C4-229F-4447-EC70-D31705D7D2E7}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{99E67091-D392-4031-AD2A-E9547F3615F8}" = KONICA_MINOLTA DiMAGE remote camera driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9EA81723-22AD-686B-D090-8C1C9A9794D0}" = CCC Help Greek
"{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D51A7556-FA80-9167-7576-C5B103E2B837}" = CCC Help Italian
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DDE59617-F59A-473B-BC4E-C2B81F6CD38D}" = Command & Conquer™ Alarmstufe Rot 3 Der Aufstand
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E13F254C-A426-634A-DEAA-4926F200292C}" = CCC Help French
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBA739C4-DF56-3ADF-79EE-DE39533BBB6A}" = Catalyst Control Center Localization All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Cinergy T USB XXS" = Cinergy T USB XXS V2.03.03.29
"Drumaxx" = Drumaxx
"Earth 2160" = Earth 2160
"EasyBCD" = EasyBCD 1.7.2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps
"FreePDF_XP" = FreePDF (Remove only)
"German Truck Simulator" = German Truck Simulator 1.00
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"Hardcore" = Hardcore
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0728.1
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"JDownloader" = JDownloader
"Look@LAN_1.0" = Look@LAN 2.50 Build 35
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Orbit_is1" = Orbit Downloader
"PoiZone" = PoiZone
"Pontifex II" = Pontifex II
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"Sakura" = Sakura
"Sawer" = Sawer
"Skyscraper Simulator" = Skyscraper Simulator
"Spectrum Analyzer pro Live" = Spectrum Analyzer pro Live
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 33310" = R.U.S.E. Beta
"Steam App 400" = Portal
"Steam App 99850" = Crysis 2 Demo
"SurfMusik 3.1a_is1" = SurfMusik 3.1a
"SWFPlayer_is1" = SWFPlayer 2.6.2.0
"The Moon Project" = The Moon Project
"Toxic Biohazard" = Toxic Biohazard
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"VLC media player" = VLC media player 1.1.1
"WinLiveSuite" = Windows Live Essentials
"WinTrack 9.0_is1" = WinTrack V9.0 3D
"Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 15.04.2011 12:35:44 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 12:35:44 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 15.04.2011 13:10:54 | Computer Name = Desktop | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Media Center Events ]
Error - 29.05.2010 08:04:40 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 14:04:40 - Fehler beim Herstellen der Internetverbindung. 14:04:40
- Serververbindung konnte nicht hergestellt werden..
Error - 29.05.2010 08:05:11 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 14:05:09 - Fehler beim Herstellen der Internetverbindung. 14:05:09
- Serververbindung konnte nicht hergestellt werden..
Error - 07.02.2011 14:32:06 | Computer Name = Desktop | Source = MCUpdate | ID = 0
Description = 19:31:47 - EpgListings konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
[ System Events ]
Error - 11.04.2011 14:09:45 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 12.04.2011 14:02:19 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.04.2011 14:25:43 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 14.04.2011 11:26:52 | Computer Name = Desktop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2011 um 17:25:13 unerwartet heruntergefahren.
Error - 14.04.2011 14:34:41 | Computer Name = Desktop | Source = Service Control Manager | ID = 7034
Description = Dienst "TVersityMediaServer" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 15.04.2011 11:22:46 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR5.
Error - 15.04.2011 11:45:56 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
Error - 15.04.2011 11:46:41 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
Error - 15.04.2011 11:48:22 | Computer Name = Desktop | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk5\DR9.
Error - 15.04.2011 11:49:49 | Computer Name = Desktop | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR9 gefunden.
< End of report >
|
|
15.04.2011, 21:26
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert istZitat:
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________ |
|
16.04.2011, 11:42
| #3 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Gestern hatte ich einen unbekannten Prozess im Taskmanager. Habe ich diesen beendet, kam er ein paar Minuten unter ähnlichem Namen wieder. Beschreibung war Systray .exe stub und befand sich in c:\users\***\appdata\local\temp. Hatte auch das Temp Verzeichnis gelöscht. Prozess tauchte trotzdem wieder auf. Heute ist er bis jetzt noch nicht aufgetaucht.
__________________Das Logfile von Malwarebytes ist unauffällig: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6373
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
16.04.2011 12:37:05
mbam-log-2011-04-16 (12-37-05).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 272837
Laufzeit: 22 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
16.04.2011, 11:57
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Weitere Log von Malwarebytes gbt es noch?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.04.2011, 13:09
| #5 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Es gibt momentan keine weiteren Logs von Malwarebytes. Scanns der Vergangenheit waren aber ebenfalls ohne Befund. |
|
16.04.2011, 14:15
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2010.07.16 13:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\0ad
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.16 20:16:51 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.09.01 23:50:14 | 000,000,000 | ---D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:36:09 | 000,002,046 | R--- | M] () - G:\Autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 23:50:21 | 001,101,824 | R--- | M] () - G:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006.11.07 15:22:29 | 000,000,000 | ---D | M] - X:\Autorun -- [ NTFS ]
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell - "" = AutoRun
O33 - MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2003.09.01 23:50:21 | 001,101,824 | R--- | M] ()
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\Shell\AutoRun\command - "" = G:\autorun1.exe /a
O4 - HKCU..\Run: [34D27A2BD4720CD8] File not found
FF - prefs.js..network.proxy.backup.ftp: "localhost"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.gopher: "localhost"
FF - prefs.js..network.proxy.backup.gopher_port: 8080
FF - prefs.js..network.proxy.backup.socks: "localhost"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "localhost"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8080
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist |
|
16.04.2011, 14:47
| #7 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Hier das nach dem Fix generierte Logfile Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\***\AppData\Roaming\0ad\logs folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\data\screenshots folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\data folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\config folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates\gaia folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\templates folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation\data folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\simulation folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\shaders folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\maps\scenarios folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\maps folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\session_new folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\pregame folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\loading folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\gamesetup folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui\common folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\gui folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\attack\weapon folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\attack folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human\movement folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human\death folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor\human folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio\actor folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\audio folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\grass folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\biome-mediterranean folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types\biome-desert folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain\types folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures\terrain folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\textures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\materials folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\units\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\structures\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\weapons folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\tools folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\shields folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units\heads folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\units folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\temp folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures\hellenes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures\decals folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\structures folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\special\common folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\special folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\flora folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props\fauna folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\props folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\geology folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\flora\trees folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\flora folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors\fauna folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art\actors folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb\art folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\xmb folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\structural folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\skeletal folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props\shield folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props\helmet folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\props folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes\gaia folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\meshes folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\quadraped folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\female folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation\biped folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art\animation folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public\art folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods\public folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache\mods folder moved successfully.
C:\Users\***\AppData\Roaming\0ad\cache folder moved successfully.
C:\Users\***\AppData\Roaming\0ad folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\AUTOEXEC.BAT moved successfully.
File not found.
File move failed. G:\Autorun.csf scheduled to be moved on reboot.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88bcfac6-daba-11de-9775-00241d1101a4}\ not found.
File H:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917baf61-5192-11e0-9464-806e6f6e6963}\ not found.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92396f23-dab3-11de-9c64-806e6f6e6963}\ not found.
File G:\autorun1.exe /a not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\34D27A2BD4720CD8 deleted successfully.
Prefs.js: "localhost" removed from network.proxy.backup.ftp
Prefs.js: 8080 removed from network.proxy.backup.ftp_port
Prefs.js: "localhost" removed from network.proxy.backup.gopher
Prefs.js: 8080 removed from network.proxy.backup.gopher_port
Prefs.js: "localhost" removed from network.proxy.backup.socks
Prefs.js: 8080 removed from network.proxy.backup.socks_port
Prefs.js: "localhost" removed from network.proxy.backup.ssl
Prefs.js: 8080 removed from network.proxy.backup.ssl_port
Prefs.js: "localhost" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "localhost" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "localhost" removed from network.proxy.http
Prefs.js: 8080 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 8080 removed from network.proxy.socks_port
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 104814 bytes
->Temporary Internet Files folder emptied: 12070556 bytes
->Java cache emptied: 37347594 bytes
->FireFox cache emptied: 95708856 bytes
->Flash cache emptied: 12691 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1500 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 375071 bytes
Total Files Cleaned = 139,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04162011_154007
Files\Folders moved on Reboot...
File move failed. G:\Autorun.csf scheduled to be moved on reboot.
File move failed. G:\Autorun.exe scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
17.04.2011, 18:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 16:50
| #9 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist TDSSKiller zeigt keine weiteren Funde an. Auf meine Dokument und Ordner kann ich auch alle zugreifen. Code:
ATTFilter 2011/04/18 17:45:54.0909 1884 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/18 17:45:55.0221 1884 ================================================================================
2011/04/18 17:45:55.0221 1884 SystemInfo:
2011/04/18 17:45:55.0221 1884
2011/04/18 17:45:55.0221 1884 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/18 17:45:55.0221 1884 Product type: Workstation
2011/04/18 17:45:55.0221 1884 ComputerName: DESKTOP
2011/04/18 17:45:55.0221 1884 UserName: ***
2011/04/18 17:45:55.0221 1884 Windows directory: C:\Windows
2011/04/18 17:45:55.0221 1884 System windows directory: C:\Windows
2011/04/18 17:45:55.0221 1884 Running under WOW64
2011/04/18 17:45:55.0221 1884 Processor architecture: Intel x64
2011/04/18 17:45:55.0221 1884 Number of processors: 3
2011/04/18 17:45:55.0221 1884 Page size: 0x1000
2011/04/18 17:45:55.0221 1884 Boot type: Normal boot
2011/04/18 17:45:55.0221 1884 ================================================================================
2011/04/18 17:45:55.0518 1884 Initialize success
2011/04/18 17:45:56.0984 3104 ================================================================================
2011/04/18 17:45:56.0984 3104 Scan started
2011/04/18 17:45:56.0984 3104 Mode: Manual;
2011/04/18 17:45:56.0984 3104 ================================================================================
2011/04/18 17:45:58.0217 3104 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/18 17:45:58.0248 3104 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/18 17:45:58.0263 3104 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/18 17:45:58.0419 3104 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/18 17:45:58.0607 3104 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/18 17:45:58.0731 3104 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/18 17:45:58.0903 3104 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/18 17:45:59.0028 3104 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/18 17:45:59.0153 3104 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/18 17:45:59.0449 3104 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/18 17:45:59.0574 3104 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/18 17:45:59.0979 3104 amdkmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/18 17:46:00.0276 3104 amdkmdap (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/18 17:46:00.0323 3104 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/18 17:46:00.0401 3104 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/18 17:46:00.0432 3104 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/18 17:46:00.0463 3104 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/18 17:46:00.0572 3104 AODDriver (f160ecce1500a5a5877c123584e86b17) D:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys
2011/04/18 17:46:00.0759 3104 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/18 17:46:00.0822 3104 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/18 17:46:00.0837 3104 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/18 17:46:00.0884 3104 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/18 17:46:00.0978 3104 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/18 17:46:02.0210 3104 atikmdag (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/18 17:46:02.0319 3104 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/18 17:46:02.0382 3104 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/18 17:46:02.0444 3104 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/18 17:46:02.0538 3104 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/18 17:46:02.0569 3104 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/18 17:46:02.0616 3104 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/18 17:46:02.0647 3104 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/18 17:46:02.0725 3104 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/18 17:46:02.0741 3104 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/18 17:46:02.0772 3104 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/18 17:46:03.0458 3104 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/18 17:46:03.0505 3104 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/18 17:46:03.0521 3104 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/18 17:46:03.0552 3104 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/18 17:46:03.0630 3104 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/18 17:46:03.0723 3104 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/18 17:46:03.0770 3104 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/18 17:46:03.0833 3104 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/18 17:46:03.0942 3104 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/18 17:46:03.0973 3104 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/18 17:46:03.0989 3104 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/18 17:46:04.0051 3104 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/18 17:46:04.0082 3104 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/18 17:46:04.0207 3104 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/18 17:46:04.0285 3104 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/04/18 17:46:04.0347 3104 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/18 17:46:04.0394 3104 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/18 17:46:04.0472 3104 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/18 17:46:04.0519 3104 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/18 17:46:04.0566 3104 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/18 17:46:04.0893 3104 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/18 17:46:05.0127 3104 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/18 17:46:05.0174 3104 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
2011/04/18 17:46:05.0205 3104 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/18 17:46:05.0283 3104 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/18 17:46:05.0315 3104 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/18 17:46:05.0361 3104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/18 17:46:05.0393 3104 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/18 17:46:05.0408 3104 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/18 17:46:05.0439 3104 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/18 17:46:05.0533 3104 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/18 17:46:05.0564 3104 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/18 17:46:05.0595 3104 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/18 17:46:05.0642 3104 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/18 17:46:05.0689 3104 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/18 17:46:05.0767 3104 gdrv (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/04/18 17:46:05.0829 3104 GVTDrv64 (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/04/18 17:46:05.0907 3104 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/18 17:46:05.0985 3104 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/18 17:46:06.0032 3104 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/18 17:46:06.0048 3104 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/18 17:46:06.0126 3104 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/18 17:46:06.0173 3104 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/18 17:46:06.0219 3104 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/18 17:46:06.0266 3104 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/18 17:46:06.0297 3104 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/18 17:46:06.0375 3104 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/18 17:46:06.0422 3104 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/18 17:46:06.0469 3104 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/18 17:46:06.0516 3104 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/18 17:46:06.0641 3104 IntcAzAudAddService (6bcd9505f0ab48edda1ee250987b0eb4) C:\Windows\system32\drivers\RTKVHD64.sys
2011/04/18 17:46:06.0734 3104 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/18 17:46:06.0812 3104 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/18 17:46:06.0843 3104 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/18 17:46:06.0890 3104 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/18 17:46:06.0921 3104 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/18 17:46:06.0968 3104 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/18 17:46:07.0015 3104 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/18 17:46:07.0046 3104 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/18 17:46:07.0109 3104 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/18 17:46:07.0140 3104 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/18 17:46:07.0171 3104 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/18 17:46:07.0249 3104 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/18 17:46:07.0265 3104 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/18 17:46:07.0343 3104 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/04/18 17:46:07.0389 3104 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/04/18 17:46:07.0467 3104 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/04/18 17:46:07.0530 3104 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/18 17:46:07.0577 3104 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/04/18 17:46:07.0608 3104 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/04/18 17:46:07.0670 3104 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/18 17:46:07.0701 3104 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/18 17:46:07.0764 3104 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/18 17:46:07.0795 3104 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/18 17:46:07.0826 3104 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/18 17:46:07.0873 3104 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/04/18 17:46:07.0920 3104 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/18 17:46:07.0982 3104 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/18 17:46:08.0076 3104 mod7700 (6d4236d8b7bd6557b77fbf2ab001cad4) C:\Windows\system32\DRIVERS\dvb7700all.sys
2011/04/18 17:46:08.0123 3104 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/18 17:46:08.0185 3104 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/18 17:46:08.0232 3104 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/18 17:46:08.0279 3104 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/18 17:46:08.0310 3104 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/18 17:46:08.0357 3104 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/18 17:46:08.0435 3104 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/18 17:46:08.0466 3104 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/18 17:46:08.0513 3104 mrxsmb (b7f3d2c40bdf8ffb73ebfb19c77734e2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/18 17:46:08.0544 3104 mrxsmb10 (86c6f88b5168ce21cf8d69d0b3ff5d19) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/18 17:46:08.0575 3104 mrxsmb20 (b081069251c8e9f42cb8769d07148f9c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/18 17:46:08.0606 3104 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/18 17:46:08.0637 3104 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/18 17:46:08.0731 3104 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\Windows\system32\DRIVERS\msdv.sys
2011/04/18 17:46:08.0793 3104 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/18 17:46:08.0825 3104 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/18 17:46:08.0840 3104 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/18 17:46:08.0871 3104 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/18 17:46:08.0918 3104 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/18 17:46:08.0934 3104 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/18 17:46:08.0996 3104 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/18 17:46:09.0027 3104 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/18 17:46:09.0043 3104 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/18 17:46:09.0074 3104 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/18 17:46:09.0121 3104 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/18 17:46:09.0215 3104 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/18 17:46:09.0277 3104 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/18 17:46:09.0308 3104 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/18 17:46:09.0339 3104 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/18 17:46:09.0417 3104 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/18 17:46:09.0449 3104 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/18 17:46:09.0464 3104 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/18 17:46:09.0527 3104 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/18 17:46:09.0542 3104 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/18 17:46:09.0589 3104 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/18 17:46:09.0651 3104 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/18 17:46:09.0683 3104 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/18 17:46:09.0729 3104 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/18 17:46:09.0807 3104 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/18 17:46:09.0823 3104 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/18 17:46:09.0854 3104 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/18 17:46:09.0917 3104 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/18 17:46:09.0963 3104 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/18 17:46:09.0995 3104 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/18 17:46:10.0026 3104 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/18 17:46:10.0057 3104 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/18 17:46:10.0073 3104 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/18 17:46:10.0166 3104 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/18 17:46:10.0197 3104 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/18 17:46:10.0275 3104 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/18 17:46:10.0541 3104 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/18 17:46:10.0790 3104 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/18 17:46:10.0993 3104 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/18 17:46:11.0118 3104 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/18 17:46:11.0258 3104 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/18 17:46:11.0305 3104 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/18 17:46:11.0321 3104 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/18 17:46:11.0367 3104 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/18 17:46:11.0399 3104 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/18 17:46:11.0477 3104 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/18 17:46:11.0508 3104 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/18 17:46:11.0539 3104 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/18 17:46:11.0570 3104 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/18 17:46:11.0633 3104 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/18 17:46:11.0742 3104 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/04/18 17:46:11.0789 3104 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/18 17:46:11.0820 3104 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/18 17:46:11.0867 3104 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/18 17:46:11.0913 3104 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/18 17:46:11.0976 3104 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/18 17:46:12.0023 3104 RTHDMIAzAudService (730c8393dfc90386d5a1ecb24dd6c614) C:\Windows\system32\drivers\RtHDMIVX.sys
2011/04/18 17:46:12.0101 3104 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/18 17:46:12.0132 3104 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/18 17:46:12.0179 3104 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/18 17:46:12.0241 3104 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/18 17:46:12.0335 3104 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/18 17:46:12.0381 3104 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/18 17:46:12.0444 3104 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/18 17:46:12.0475 3104 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/18 17:46:12.0506 3104 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/18 17:46:12.0553 3104 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/18 17:46:12.0569 3104 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/18 17:46:12.0600 3104 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/18 17:46:12.0631 3104 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/18 17:46:12.0693 3104 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/18 17:46:12.0740 3104 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/18 17:46:12.0834 3104 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/18 17:46:12.0943 3104 srv (148d50904d2a0df29a19778715eb35bb) C:\Windows\system32\DRIVERS\srv.sys
2011/04/18 17:46:12.0990 3104 srv2 (ce2189fe31d36678ac9eb7ddee08ec96) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/18 17:46:13.0021 3104 srvnet (cb69edeb069a49577592835659cd0e46) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/18 17:46:13.0099 3104 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/18 17:46:13.0193 3104 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/18 17:46:13.0255 3104 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/18 17:46:13.0349 3104 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/18 17:46:13.0520 3104 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/18 17:46:13.0629 3104 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/18 17:46:13.0661 3104 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/18 17:46:13.0707 3104 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/18 17:46:13.0739 3104 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/18 17:46:13.0770 3104 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/18 17:46:13.0801 3104 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/18 17:46:13.0863 3104 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/18 17:46:13.0926 3104 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/18 17:46:13.0988 3104 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/18 17:46:14.0004 3104 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/18 17:46:14.0097 3104 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/18 17:46:14.0144 3104 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/18 17:46:14.0175 3104 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/18 17:46:14.0207 3104 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/18 17:46:14.0238 3104 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/18 17:46:14.0269 3104 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/18 17:46:14.0300 3104 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/18 17:46:14.0378 3104 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/18 17:46:14.0441 3104 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/18 17:46:14.0519 3104 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/18 17:46:14.0550 3104 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/18 17:46:14.0565 3104 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/18 17:46:14.0628 3104 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/18 17:46:14.0659 3104 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/18 17:46:14.0690 3104 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/18 17:46:14.0737 3104 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/18 17:46:14.0768 3104 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/18 17:46:14.0799 3104 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/18 17:46:14.0862 3104 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/18 17:46:14.0924 3104 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/18 17:46:14.0955 3104 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/18 17:46:15.0002 3104 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/18 17:46:15.0033 3104 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/18 17:46:15.0111 3104 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/18 17:46:15.0174 3104 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/18 17:46:15.0221 3104 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 17:46:15.0236 3104 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/18 17:46:15.0283 3104 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/18 17:46:15.0377 3104 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/18 17:46:15.0455 3104 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/18 17:46:15.0470 3104 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/18 17:46:15.0595 3104 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/18 17:46:15.0673 3104 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/18 17:46:15.0704 3104 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/18 17:46:15.0751 3104 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/18 17:46:16.0016 3104 ================================================================================
2011/04/18 17:46:16.0016 3104 Scan finished
2011/04/18 17:46:16.0016 3104 ================================================================================
|
|
18.04.2011, 16:56
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 17:22
| #11 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist CCleaner habe ich ausgeführt. Hier das Combofix Logfile: Code:
ATTFilter ComboFix 11-04-17.03 - *** 18.04.2011 18:12:13.1.3 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.49.1031.18.4094.2911 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\pswi_preloaded.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-18 bis 2011-04-18 ))))))))))))))))))))))))))))))
.
.
2011-04-18 16:15 . 2011-04-18 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-18 16:06 . 2011-04-18 16:06 -------- d-----w- c:\program files\CCleaner
2011-04-16 13:40 . 2011-04-16 13:40 -------- d-----w- C:\_OTL
2011-04-15 16:16 . 2011-04-15 16:16 -------- d-----w- c:\users\***\AppData\Roaming\QuickScan
2011-04-15 14:57 . 2011-03-15 05:17 8424784 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D513EC8C-AC3C-4669-BBA0-DC8684799782}\mpengine.dll
2011-04-11 16:01 . 2011-04-11 16:01 -------- d-----w- c:\program files (x86)\MSECache
2011-04-01 14:18 . 2011-04-01 14:18 -------- d-----w- c:\users\***\AppData\Roaming\Baumaschinen Simulator 2011
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 19:21 . 2011-03-10 18:56 30528 ----a-w- c:\windows\GVTDrv64.sys
2011-03-10 19:21 . 2011-02-19 14:58 25640 ----a-w- c:\windows\gdrv.sys
2011-03-10 19:10 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-02-19 06:37 . 2011-03-09 16:33 1135104 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 16:32 1540608 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 16:32 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 16:32 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 16:32 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-02-06 12:31 . 2010-05-29 11:33 1220416 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-02-02 16:11 . 2009-11-26 18:10 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-01-26 06:53 . 2011-02-09 16:55 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-26 06:53 . 2011-02-09 16:55 265088 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-01-26 06:31 . 2011-02-09 16:55 144384 ----a-w- c:\windows\system32\cdd.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2010-06-09 1689088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-30 98304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-28 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2010-07-01 136616]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 136176]
R3 ALSysIO;ALSysIO;c:\users\***\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AODDriver;AODDriver;d:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [2009-02-22 14904]
R3 AODDriver2;AODDriver2;c:\program files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [x]
R3 cpuz130;cpuz130;c:\users\***\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2011-03-10 30528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - klmd25
*Deregistered* - klmdb
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 16:05]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-30 16:05]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="RAVCpl64.exe" [2008-08-27 6471200]
"Skytel"="Skytel.exe" [2008-08-27 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\programme\Orbitdownloader\orbitmxt.dll/202
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6g12q6zk.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - localhost
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Fraps - c:\program files (x86)\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1268737062-1676774691-1697149512-1000\Software\SecuROM\License information*]
"datasecu"=hex:c5,b8,14,94,b2,d5,36,4b,d7,63,eb,c8,f2,34,73,89,ac,0c,7c,b7,6c,
65,22,ea,4a,40,f2,09,28,dd,19,c8,c7,39,24,2b,ea,9c,61,1f,14,e8,a3,ca,9b,cf,\
"rkeysecu"=hex:cf,fd,36,ed,8f,83,8f,67,d5,d5,68,a4,04,da,e7,c7
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-18 18:16:33
ComboFix-quarantined-files.txt 2011-04-18 16:16
.
Vor Suchlauf: 10 Verzeichnis(se), 10.625.548.288 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 10.485.268.480 Bytes frei
.
- - End Of File - - 9EC6DC57753BF0DFAC71136FE511EAC7
|
|
18.04.2011, 17:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 17:43
| #13 |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist GMER Logfile: Code:
ATTFilter GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 18:37:57
Windows 6.1.7600
Running: 5hqclcr4.exe
---- Files - GMER 1.0.15 ----
File C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngenrootstorelock.dat 0 bytes
File C:\Windows\Microsoft.NET\ngenservice_pri3_lock.dat 0 bytes
---- EOF - GMER 1.0.15 ----
MBRChek Log Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: GA-MA790X-UD4
Logical Drives Mask: 0x00800f7d
Kernel Drivers (total 194):
0x0304D000 \SystemRoot\system32\ntoskrnl.exe
0x03004000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C73000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C80000 \SystemRoot\system32\PSHED.dll
0x00C94000 \SystemRoot\system32\CLFS.SYS
0x00CF2000 \SystemRoot\system32\CI.dll
0x00DB2000 \SystemRoot\system32\drivers\klmdb.sys
0x00E3C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EE0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EEF000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F46000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F4F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F59000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F66000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F99000 \SystemRoot\System32\drivers\partmgr.sys
0x00FAE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FC3000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FDA000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF4000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0108F000 \SystemRoot\system32\drivers\fltmgr.sys
0x010DB000 \SystemRoot\system32\drivers\fileinfo.sys
0x0121C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x010EF000 \SystemRoot\System32\Drivers\msrpc.sys
0x013BF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0114D000 \SystemRoot\System32\Drivers\cng.sys
0x013D9000 \SystemRoot\System32\drivers\pcw.sys
0x013EA000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01471000 \SystemRoot\system32\drivers\ndis.sys
0x01563000 \SystemRoot\system32\drivers\NETIO.SYS
0x015C3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01601000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0144A000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0145A000 \SystemRoot\System32\Drivers\spldr.sys
0x01462000 \SystemRoot\SysWOW64\speedfan.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015EE000 \SystemRoot\System32\Drivers\mup.sys
0x013F4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x011C0000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01200000 \SystemRoot\system32\DRIVERS\disk.sys
0x00DCD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02AE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02B10000 \SystemRoot\System32\Drivers\Null.SYS
0x02B19000 \SystemRoot\System32\Drivers\Beep.SYS
0x02B20000 \SystemRoot\System32\drivers\vga.sys
0x02B2E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02B53000 \SystemRoot\System32\drivers\watchdog.sys
0x02B63000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02B6C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02B75000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02B7E000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02B89000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02B9A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02BB8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02A00000 \SystemRoot\system32\drivers\afd.sys
0x034D4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03519000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03522000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03548000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03557000 \SystemRoot\system32\DRIVERS\serial.sys
0x03574000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0358F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x035A3000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x035F4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03400000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0340B000 \SystemRoot\System32\drivers\discache.sys
0x0341A000 \SystemRoot\system32\drivers\csc.sys
0x0349D000 \SystemRoot\System32\Drivers\dfsc.sys
0x034BB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02A8A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x02BC5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02BEB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x02AAC000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03C9C000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0461C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x03CE7000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03C00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C6A000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04DF2000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03E15000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E6B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03E7C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03EBA000 \SystemRoot\system32\DRIVERS\fdc.sys
0x03EC7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x03ED3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03EF1000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x03EFC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03F0B000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F1B000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F31000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03F55000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03F61000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03F90000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03FAB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03FCC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03FE6000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03FF1000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03E00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04235000 \SystemRoot\system32\DRIVERS\ks.sys
0x04278000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0428A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x042E4000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x042EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04304000 \SystemRoot\system32\drivers\RtHDMIVX.sys
0x04330000 \SystemRoot\system32\drivers\portcls.sys
0x0436D000 \SystemRoot\system32\drivers\drmk.sys
0x0438F000 \SystemRoot\system32\drivers\ksthunk.sys
0x05E7F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05E00000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05E1B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x05E1D000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0x05E2D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x05E3B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05E54000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x05E5D000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x05E70000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05FEA000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x04395000 \SystemRoot\System32\drivers\Dxapi.sys
0x043A1000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x043BE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x043CC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x043D8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x043E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04200000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x0420E000 \SystemRoot\system32\drivers\luafv.sys
0x03DDB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x02AB5000 \SystemRoot\system32\drivers\WudfPf.sys
0x04600000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x028ED000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02905000 \SystemRoot\system32\drivers\HTTP.sys
0x029CD000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02800000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02845000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02893000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x07888000 \SystemRoot\system32\drivers\peauth.sys
0x0792E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07939000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07966000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07978000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0887A000 \SystemRoot\System32\DRIVERS\srv.sys
0x0890F000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x089CC000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x089D7000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77220000 \Windows\System32\ntdll.dll
0x479C0000 \Windows\System32\smss.exe
0xFF540000 \Windows\System32\apisetschema.dll
0xFF8C0000 \Windows\System32\autochk.exe
0xFF420000 \Windows\System32\msctf.dll
0xFF3A0000 \Windows\System32\shlwapi.dll
0xFF330000 \Windows\System32\gdi32.dll
0xFF250000 \Windows\System32\advapi32.dll
0xFE4C0000 \Windows\System32\shell32.dll
0xFE4A0000 \Windows\System32\imagehlp.dll
0xFE400000 \Windows\System32\clbcatq.dll
0xFE1F0000 \Windows\System32\ole32.dll
0x773F0000 \Windows\System32\normaliz.dll
0xFE120000 \Windows\System32\usp10.dll
0xFDFF0000 \Windows\System32\rpcrt4.dll
0xFDD90000 \Windows\System32\iertutil.dll
0xFDD40000 \Windows\System32\Wldap32.dll
0xFDCA0000 \Windows\System32\comdlg32.dll
0x77100000 \Windows\System32\kernel32.dll
0xFDB70000 \Windows\System32\wininet.dll
0xFD990000 \Windows\System32\setupapi.dll
0x773E0000 \Windows\System32\psapi.dll
0xFD960000 \Windows\System32\imm32.dll
0xFD880000 \Windows\System32\oleaut32.dll
0xFD870000 \Windows\System32\nsi.dll
0xFD6F0000 \Windows\System32\urlmon.dll
0xFD650000 \Windows\System32\msvcrt.dll
0xFD630000 \Windows\System32\sechost.dll
0x77000000 \Windows\System32\user32.dll
0xFD5B0000 \Windows\System32\difxapi.dll
0xFD5A0000 \Windows\System32\lpk.dll
0xFD550000 \Windows\System32\ws2_32.dll
0xFD510000 \Windows\System32\cfgmgr32.dll
0xFD470000 \Windows\System32\comctl32.dll
0xFD450000 \Windows\System32\devobj.dll
0xFD3E0000 \Windows\System32\KernelBase.dll
0xFD3A0000 \Windows\System32\wintrust.dll
0xFD230000 \Windows\System32\crypt32.dll
0xFD220000 \Windows\System32\msasn1.dll
0x773D0000 \Windows\SysWOW64\normaliz.dll
Processes (total 60):
0 System Idle Process
4 System
232 C:\Windows\System32\smss.exe
372 csrss.exe
436 C:\Windows\System32\wininit.exe
468 csrss.exe
492 C:\Windows\System32\services.exe
508 C:\Windows\System32\lsass.exe
516 C:\Windows\System32\lsm.exe
624 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\winlogon.exe
776 C:\Windows\System32\svchost.exe
836 C:\Windows\System32\atiesrxx.exe
900 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
572 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\atieclxx.exe
1152 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\dwm.exe
1420 C:\Windows\System32\taskhost.exe
1448 C:\Windows\explorer.exe
1500 C:\Windows\System32\spoolsv.exe
1532 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1596 C:\Windows\System32\svchost.exe
1788 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1916 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1924 C:\Windows\System32\conhost.exe
1948 C:\Windows\System32\svchost.exe
1116 C:\Windows\SysWOW64\PSIService.exe
1240 C:\Windows\System32\TCPSVCS.EXE
1360 C:\Windows\System32\svchost.exe
2012 C:\Windows\RAVCpl64.exe
1728 C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
1284 C:\Program Files\Logitech\SetPoint\SetPoint.exe
992 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2052 C:\Program Files (x86)\FreePDF_XP\fpassist.exe
2100 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2360 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2404 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
2608 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2908 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2940 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3380 C:\Windows\System32\SearchIndexer.exe
3556 C:\Windows\System32\svchost.exe
3576 C:\Windows\System32\svchost.exe
3752 WUDFHost.exe
1776 C:\Program Files\Windows Media Player\wmpnetwk.exe
4268 dllhost.exe
2652 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1552 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1608 C:\Windows\System32\svchost.exe
2304 C:\Windows\System32\audiodg.exe
4108 C:\Windows\System32\SearchFilterHost.exe
204 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1268 C:\Windows\SysWOW64\SearchProtocolHost.exe
240 C:\Windows\System32\SearchProtocolHost.exe
3476 C:\Users\***\Desktop\MBRCheck.exe
4840 C:\Windows\System32\conhost.exe
3992 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000004`ff976400 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x0000000a`00100000 (NTFS)
\\.\X: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HitachiHDP725050GLA360, Rev: GM4OA5CA
PhysicalDrive2 Model Number: SAMSUNGHD642JJ, Rev: 1AA01113
PhysicalDrive1 Model Number: SAMSUNGSP2014N, Rev: VC100-37
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
596 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
186 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
Done!
|
|
18.04.2011, 18:12
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2011, 20:36
| #15 | |
| | OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert istZitat:
 Die beiden Suchläufe waren auch ohne Ergebnis. Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 04/18/2011 at 08:23 PM
Application Version : 4.50.1002
Core Rules Database Version : 6863
Trace Rules Database Version: 4675
Scan type : Complete Scan
Total Scan Time : 01:05:17
Memory items scanned : 756
Memory threats detected : 0
Registry items scanned : 13689
Registry threats detected : 0
File items scanned : 60887
File threats detected : 0
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6373
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.04.2011 20:52:02
mbam-log-2011-04-18 (20-52-02).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 275015
Laufzeit: 24 Minute(n), 38 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu OTL Logfileauswertung - Ich habe das ungute Gefühl, dass mein System infiziert ist |
| 0x00000001, adblock, antivir, audacity, autorun, avgntflt.sys, avira, bho, c:\windows\system32\rundll32.exe, downloader, error, fehler, firefox, flash player, format, grand theft auto, hijack, hijackthis, install.exe, jdownloader, langs, location, logfile, media center, mozilla, object, oldtimer, otl logfileauswertung, otl.exe, plug-in, port, realtek, registry, remote control, rundll, safer networking, saver, scan, sched.exe, searchplugins, security, server, shell32.dll, shortcut, software, sptd.sys, start menu, studio, system, syswow64, webcheck, windows, youtube downloader |
Linear-Darstellung
