Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Trojan.Gen.Ml - Nicht entfernbar! (https://www.trojaner-board.de/91425-trojan-gen-ml-entfernbar.html)

ichhaueuch 13.10.2010 17:18
Liste der Anhänge anzeigen (Anzahl: 1)
Zu Schritt 1

Wenn ich fragen darf was ist überhaupt dieses

Zitat:
BitTorrent DNA

Und irgendwie bin ich blind sehe bei Systemsteuerung nicht

"Software Deinstallieren"

sehe nur z.B.

"Programme Deinstallieren"

aber da sehe ich nichts von desem Bit Torrent.

Habe Windows Vista Home Premium 32 Bit


PS: Screen im Anhang

Sorry das es so schwer ist bei mir und das ich nicht so oft antworten kann.

Swisstreasure 14.10.2010 17:46
Dann mach einfach bei Schritt 2 weiter :)

ichhaueuch 16.10.2010 11:40
Soll ich diesmal Anti Virus Programm anlassen ?
Weil du weißt ja das
Ergebnis von letzen -> Problem Detetcted -> runtergefahren
ohne das er fertig war

Swisstreasure 16.10.2010 14:18
Du sollst einfach IMMER nach Anleitung arbeiten und wenn dabei etwas nicht klappt dann das Problem schildern. Falls steht AV programm deaktivieren dann mach es. Wenn nichts steht dann musst Du es nicht machen :)

ichhaueuch 16.10.2010 17:11
Hier Schritt 2
Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
D:\AUTORUN.INF moved successfully.
Unable to delete ADS C:\Users\Name\Documents\clip0059.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0054.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0053.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0049.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0047.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0042.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0036.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0031.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0029.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0020.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0018.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0014.avi:TOC.WMV .
Unable to delete ADS C:\Users\Name\Documents\clip0002.avi:TOC.WMV .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Gast
->Temp folder emptied: 1976991 bytes
->Temporary Internet Files folder emptied: 1271724 bytes
->Java cache emptied: 1396192 bytes
->FireFox cache emptied: 56291564 bytes
->Flash cache emptied: 920 bytes
 
User: Public
 
User: Ricardo
->Temp folder emptied: 21976943 bytes
->Temporary Internet Files folder emptied: 2984754 bytes
->Java cache emptied: 20356794 bytes
->FireFox cache emptied: 208037336 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3514 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
RecycleBin emptied: 120029456 bytes
 
Total Files Cleaned = 414,00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 10162010_174249

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET1016.tmp not found!

Registry entries deleted on Reboot...


Hier Schritt 3

Code:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F606000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 7524352 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 175.97 )
0x8200E000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8200E000 PnpManager 3903488 bytes
0x8200E000 RAW 3903488 bytes
0x8200E000 WMIxWDM 3903488 bytes
0x9060D000 C:\Windows\system32\drivers\RTKVHDA.sys 2129920 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xA84B0000 Win32k 2105344 bytes
0xA84B0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x91A02000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101015.053\NAVEX15.SYS 1368064 bytes (Symantec Corporation, AV Engine)
0x8A607000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x83001000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x83201000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0xB220D000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x83326000 C:\Windows\System32\Drivers\dump_iaStor.sys 851968 bytes
0x82600000 C:\Windows\system32\DRIVERS\iaStor.sys 851968 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xAB209000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8FD33000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8060D000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82712000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8ED7D000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 458752 bytes (Symantec Corporation, SPBBC Driver)
0xAB2B8000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA00A5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x80732000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0xA005C000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20101007.001\IDSvix86.sys 299008 bytes (Symantec Corporation, IDS Core Driver)
0x90867000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0x90973000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80696000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x80482000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x805A3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82783000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xA0008000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8ED42000 C:\Windows\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0x83137000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8A716000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x8318B000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x8ECC6000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823C7000 ACPI_HAL 208896 bytes
0x823C7000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x826D0000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x909BB000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x807B5000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x90815000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x9090C000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
0x8310C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8EC85000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA0137000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8A7AC000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806ED000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0x8A75B000 C:\Windows\System32\drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x90842000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x91B70000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x8EC0D000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x83305000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x91BDE000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xA01A0000 C:\Program Files\Sandboxie\SbieDrv.sys 131072 bytes (SANDBOXIE L.T.D, Sandboxie Kernel Mode Driver)
0xA0103000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x8A781000 C:\Windows\System32\drivers\prohlp02.sys 114688 bytes (Protection Technology, StarForce Protection Helper Driver)
0x832EA000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xA0185000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x827C1000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serieller Gerätetreiber)
0x8078C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0120000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x805E4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xB2328000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8ED0B000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x90949000 C:\Windows\System32\Drivers\SYMFW.SYS 90112 bytes (Symantec Corporation, Firewall Filter Driver)
0x908F6000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xAB325000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8EC53000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xB2301000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xB233E000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20101015.053\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x8EC3F000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9095F000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x827DB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xA01D0000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8ED2F000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x831C3000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x908B0000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 73728 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB2316000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A7D3000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ECFA000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80469000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x807A4000 C:\Windows\system32\DRIVERS\VMNetSrv.sys 69632 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0x82702000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x91B59000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA01C0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8077C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x831D5000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8EC68000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8317C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0xA0176000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A79D000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAB33A000 C:\Windows\system32\drivers\npf.sys 61440 bytes (CACE Technologies, Inc., npf.sys (NT5/6 x86) Kernel Driver)
0x80714000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8EC30000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8FDEA000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80723000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x831E5000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xA86F0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8ED21000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x908DF000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0xA0044000 C:\Windows\System32\drivers\prodrv06.sys 57344 bytes (Protection Technology, StarForce Protection Environment Driver)
0xA015F000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9093C000 C:\Windows\System32\Drivers\SYMNDISV.SYS 53248 bytes (Symantec Corporation, NDIS Filter Driver)
0x8ECB9000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8FDD2000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80689000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB22F5000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91BD2000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x827EE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8EC78000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x908D4000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x807EE000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x807E3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83171000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8FDDF000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA016C000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8ECAF000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA0052000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB22EB000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x831F3000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator)
0x91BB1000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x8A7E4000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91BBB000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x91B50000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB235B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x908ED000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x909F6000 C:\Windows\system32\DRIVERS\SymIMv.sys 36864 bytes (Symantec Corporation, NDIS 6.0 Filter Driver for Windows Vista)
0xA86D0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x833F6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806DC000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x909ED000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x8047A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80401000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91B95000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x806E5000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x908C4000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x908CC000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8A74F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x91BCB000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91B69000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x91BC4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x90938000 C:\Windows\System32\Drivers\SYMREDRV.SYS 16384 bytes (Symantec Corporation, Redirector Filter Driver)
0x8A759000 C:\Windows\System32\drivers\prosync1.sys 8192 bytes (Protection Technology, StarForce Protection Synchronization Driver)
0x8A757000 C:\Windows\System32\drivers\sfhlp01.sys 8192 bytes (Protection Technology, StarForce Protection Helper Driver)
0x8EC83000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x91A00000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0x908C2000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9AC76C30 unknown_irp_handler 976 bytes
0x8CB01E40 unknown_irp_handler 448 bytes
==============================================
>Stealth
==============================================

Swisstreasure 16.10.2010 17:21
Erneuter CustomScan mit OTL

Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

ichhaueuch 17.10.2010 00:56
Hier die Otl.txt :

Code:
OTL logfile created on: 17.10.2010 01:33:16 - Run 2
OTL by OldTimer - Version 3.2.15.2    Folder = C:\Users\Name\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 398,31 Gb Free Space | 69,13% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,83 Gb Free Space | 54,15% Space Free | Partition Type: FAT32
 
Computer Name: Name-PC | User Name: Name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
PRC - [2010.10.02 18:51:54 | 002,937,528 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2010.08.09 12:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) -- C:\Programme\Sandboxie\SbieSvc.exe
PRC - [2009.10.07 19:08:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Name\Program Files\DNA\btdna.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008.07.11 02:27:52 | 040,999,448 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006.11.02 14:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008.01.21 04:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.23 16:44:56 | 002,950,744 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_062a651.dll -- (Akamai)
SRV - [2010.08.09 12:03:08 | 000,075,496 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2010.04.28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.03.18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010.03.18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010.02.10 19:07:00 | 003,458,548 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.27 17:24:34 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009.05.19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008.10.17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008.10.07 15:49:34 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.05.07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.08.23 22:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 22:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010.10.16 23:21:25 | 000,022,584 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010.09.28 10:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101015.053\NAVEX15.SYS -- (NAVEX15)
DRV - [2010.09.28 10:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101015.053\NAVENG.SYS -- (NAVENG)
DRV - [2010.09.15 20:11:07 | 000,287,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20101007.001\IDSvix86.sys -- (IDSvix86)
DRV - [2010.08.09 12:03:04 | 000,123,112 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Programme\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.05.26 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010.04.28 07:44:02 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010.03.14 21:49:49 | 000,068,680 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva337.sys -- (XDva337)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.16 18:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.10.29 18:33:45 | 000,229,224 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2009.02.19 12:31:42 | 000,024,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009.02.19 12:31:18 | 000,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009.02.19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.02.19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009.02.19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.02.19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009.01.09 18:46:08 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.09.05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008.07.30 17:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.07.10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008.06.09 07:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.05.07 19:22:50 | 002,134,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.05.07 17:40:02 | 000,317,976 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.02.06 17:13:00 | 000,218,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.02.05 02:50:44 | 000,059,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:21 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007.11.30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007.11.30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007.03.12 03:12:00 | 000,256,000 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WUSB54GCx86.sys -- (netr73)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.06.24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic Deutsch TC Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trojaner-board.de/91425-t...tfernbar.html"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {f1ae9383-9442-4e9c-ab8c-d441fd0021cf}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.6
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20100827
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.type: 4
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://utils.babylon.com/abt/index.php?url="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.10.11 12:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins
 
[2010.10.11 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions
[2010.10.11 18:01:17 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.10.11 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions
[2010.09.17 18:45:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.07.10 15:44:46 | 000,000,000 | ---D | M] (Softonic Deutsch Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.22 21:05:14 | 000,000,000 | ---D | M] (Softonic Deutsch TC Toolbar) -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}
[2010.10.11 12:22:15 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\compatibility@addons.mozilla.org
[2010.10.11 12:24:06 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\foxyproxy@eric.h.jung
[2010.09.17 18:45:39 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\mozilla\Firefox\Profiles\mgik1apm.default\extensions\nasanightlaunch@example.com
[2010.04.21 12:45:26 | 000,000,941 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\conduit.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-1.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-2.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-3.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-4.xml
[2010.05.08 14:55:39 | 000,000,828 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-5.xml
[2010.03.19 17:08:25 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-6.xml
[2010.05.08 14:56:31 | 000,000,950 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin-7.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\icqplugin.xml
[2010.05.08 14:55:39 | 000,001,759 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\live-search.xml
[2009.09.02 15:26:26 | 000,002,137 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\MyStart Search.xml
[2010.10.11 18:15:54 | 000,003,915 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\sweetim.xml
[2010.10.11 13:03:42 | 000,002,746 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Mozilla\FireFox\Profiles\mgik1apm.default\searchplugins\twitter.xml
[2010.10.11 18:25:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.07.15 11:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.10 17:12:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.03 19:58:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.02 18:51:54 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
 
O1 HOSTS File: ([2010.10.16 17:42:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O2 - BHO: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ALUAlert] C:\Programme\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Name\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [NexonPlug] C:\Nexon\NexonPlug\NexonPlug.exe (Nexon Corp.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk = C:\Programme\MultiRes\MultiRes.exe (EnTech Taiwan)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Name\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FMVC - C:\Windows\System32\fmcodec.DLL (Fox Magic Software)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP55 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP56 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP57 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: VIDC.SP58 - C:\Windows\System32\SP5X_32.DLL (Sunplus)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.17 01:28:21 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Temporary Projects
[2010.10.17 00:27:36 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IObit
[2010.10.17 00:27:36 | 000,000,000 | ---D | C] -- C:\Programme\IObit
[2010.10.17 00:19:59 | 002,626,432 | ---- | C] (IObit                                                      ) -- C:\Users\Name\Desktop\gb2beta-setup.exe
[2010.10.16 23:46:55 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.16 23:38:26 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.10.16 23:18:22 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Alte Version
[2010.10.16 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Texture
[2010.10.16 21:57:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Data
[2010.10.16 21:47:04 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (3)
[2010.10.16 21:37:19 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Mod v 12.0
[2010.10.16 21:08:25 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\sicherung
[2010.10.16 21:08:03 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner (2)
[2010.10.16 17:42:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.16 17:41:33 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.16 13:03:31 | 001,174,016 | ---- | C] (WarHax Coding) -- C:\Users\Name\Desktop\updated 18uhr.dll
[2010.10.14 12:47:26 | 000,000,000 | ---D | C] -- C:\Users\Name\Desktop\Neuer Ordner
[2010.10.11 18:15:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.10.11 18:01:31 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\LimeWire
[2010.10.11 18:00:52 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\LimeWire
[2010.10.11 12:17:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 6
[2010.10.11 11:39:10 | 000,000,000 | -H-D | C] -- C:\Programme\InstallJammer Registry
[2010.10.11 01:34:16 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Panda Security
[2010.10.11 01:33:37 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\WhiteSmoke
[2010.10.11 01:33:33 | 000,017,544 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\RkPavproc1.sys
[2010.10.11 01:33:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010.10.09 22:07:38 | 000,000,000 | R--D | C] -- C:\Sandbox
[2010.10.09 22:06:03 | 000,000,000 | ---D | C] -- C:\Programme\Sandboxie
[2010.10.09 14:28:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.10.03 19:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.03 19:08:25 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.10.02 23:11:05 | 000,000,000 | ---D | C] -- C:\Programme\MultiRes
[2010.10.02 21:56:00 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Softonic_Deutsch_TC
[2010.10.02 21:27:09 | 000,000,000 | ---D | C] -- C:\War Rock
[2010.10.01 19:19:10 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.01 19:17:56 | 000,000,000 | ---D | C] -- C:\Programme\XnView
[2010.09.11 22:51:50 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\NFS Carbon
[2010.09.11 17:41:30 | 000,000,000 | ---D | C] -- C:\Programme\Datel
[2010.09.10 19:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NFS Underground Demo
[2010.09.06 17:13:42 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\PackageAware
[2010.08.22 17:14:57 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\IrfanView
[2010.08.22 17:14:56 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.06 22:22:30 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Local\Sony
[2010.08.04 20:21:21 | 000,000,000 | ---D | C] -- C:\Users\Name\Documents\Navicat
[2010.07.26 20:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\XoftSpySE
[2010.07.24 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.23 11:57:24 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.17 01:08:34 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.10.17 01:08:34 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Game Booster 2.lnk
[2010.10.16 23:46:42 | 000,001,024 | ---- | M] () -- C:\Users\Name\.rnd
[2010.10.16 23:42:20 | 000,000,534 | ---- | M] () -- C:\Windows\tasks\Norton AntiVirus Online - Systemprüfung ausführen - Name.job
[2010.10.16 23:42:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.16 23:42:09 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.16 23:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.16 23:41:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.16 23:21:25 | 000,022,584 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.10.16 23:17:58 | 000,000,135 | ---- | M] () -- C:\Users\Name\Desktop\version.cfg
[2010.10.16 22:57:39 | 000,001,518 | ---- | M] () -- C:\Users\Name\Desktop\Warrock.lnk
[2010.10.16 21:07:04 | 000,453,444 | R--- | M] () -- C:\Users\Name\Desktop\wrkrzuwrde.7z
[2010.10.16 21:03:25 | 000,001,578 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.10.16 18:13:46 | 000,133,632 | ---- | M] () -- C:\Users\Name\Desktop\RKUnhookerLE.EXE
[2010.10.16 17:42:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.10.16 17:42:09 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Name\Desktop\OTL.exe
[2010.10.15 20:50:02 | 000,499,728 | ---- | M] () -- C:\Users\Name\Desktop\dsfdfds.png
[2010.10.15 20:49:09 | 002,043,933 | ---- | M] () -- C:\Users\Name\Desktop\sdfdfsdf.png
[2010.10.15 09:15:21 | 001,174,016 | ---- | M] (WarHax Coding) -- C:\Users\Name\Desktop\updated 18uhr.dll
[2010.10.13 20:38:39 | 000,000,862 | ---- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.13 18:19:54 | 000,793,175 | ---- | M] () -- C:\Users\Name\Desktop\Unbenannt.png
[2010.10.12 13:31:36 | 000,000,470 | ---- | M] () -- C:\Users\Name\Desktop\technobase.asx
[2010.10.09 23:00:55 | 000,696,320 | ---- | M] () -- C:\Users\Name\Desktop\HunerdA.exe
[2010.10.02 21:15:31 | 684,385,904 | ---- | M] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.02 17:16:02 | 000,737,696 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 17:16:02 | 000,697,424 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 17:16:02 | 000,168,994 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 17:16:02 | 000,143,140 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.09.25 17:25:23 | 000,000,680 | ---- | M] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2010.09.22 17:21:33 | 000,070,144 | ---- | M] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.21 20:10:13 | 002,626,432 | ---- | M] (IObit                                                      ) -- C:\Users\Name\Desktop\gb2beta-setup.exe
[2010.09.14 13:16:14 | 000,000,680 | RHS- | M] () -- C:\Users\Name\ntuser.pol
[2010.09.12 15:52:58 | 000,326,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.09.11 22:45:48 | 000,000,058 | ---- | M] () -- C:\Windows\nfsc_patch.ini
[2010.08.21 19:25:03 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.18 23:15:40 | 000,000,109 | ---- | M] () -- C:\Windows\GMouse.ini
[2010.08.05 13:12:55 | 000,000,600 | ---- | M] () -- C:\Users\Name\AppData\Local\PUTTY.RND
 
========== Files Created - No Company Name ==========
 
[2010.10.17 01:08:34 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2010.10.17 01:08:34 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Game Booster 2.lnk
[2010.10.16 23:46:54 | 000,774,144 | ---- | C] () -- C:\Windows\System32\NEROINSTAEC43759.DB
[2010.10.16 23:46:41 | 000,001,024 | ---- | C] () -- C:\Users\Name\.rnd
[2010.10.16 23:18:20 | 000,000,135 | ---- | C] () -- C:\Users\Name\Desktop\version.cfg
[2010.10.16 21:57:26 | 000,000,000 | ---- | C] () -- C:\Users\Name\Desktop\made by Achatius aka Darkelite
[2010.10.16 21:18:23 | 000,001,518 | ---- | C] () -- C:\Users\Name\Desktop\Warrock.lnk
[2010.10.16 21:07:06 | 000,453,444 | R--- | C] () -- C:\Users\Name\Desktop\wrkrzuwrde.7z
[2010.10.16 18:13:45 | 000,133,632 | ---- | C] () -- C:\Users\Name\Desktop\RKUnhookerLE.EXE
[2010.10.15 20:50:01 | 000,499,728 | ---- | C] () -- C:\Users\Name\Desktop\dsfdfds.png
[2010.10.15 20:49:07 | 002,043,933 | ---- | C] () -- C:\Users\Name\Desktop\sdfdfsdf.png
[2010.10.13 18:17:41 | 000,793,175 | ---- | C] () -- C:\Users\Name\Desktop\Unbenannt.png
[2010.10.12 13:31:56 | 000,000,470 | ---- | C] () -- C:\Users\Name\Desktop\technobase.asx
[2010.10.11 18:56:35 | 000,696,320 | ---- | C] () -- C:\Users\Name\Desktop\HunerdA.exe
[2010.10.11 01:38:06 | 000,000,119 | ---- | C] () -- C:\Users\Name\ESN Code.txt
[2010.10.09 22:06:34 | 000,001,578 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.10.05 15:39:11 | 000,000,862 | ---- | C] () -- C:\Users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
[2010.10.02 20:41:57 | 684,385,904 | ---- | C] () -- C:\Users\Name\War_Rock_20100921.exe
[2010.10.01 15:43:27 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.14 13:09:11 | 000,000,680 | RHS- | C] () -- C:\Users\Name\ntuser.pol
[2010.09.11 22:27:20 | 000,000,058 | ---- | C] () -- C:\Windows\nfsc_patch.ini
[2010.08.04 20:21:00 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.08.02 00:19:38 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.05.22 20:54:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.12 22:36:04 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.12 22:22:30 | 000,598,016 | ---- | C] () -- C:\Windows\System32\viscomqtde.dll
[2010.02.12 22:22:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.11.22 01:58:42 | 000,000,600 | ---- | C] () -- C:\Users\Name\AppData\Local\PUTTY.RND
[2009.11.20 15:25:57 | 001,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.08.01 19:56:29 | 000,000,552 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d8caps.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2009.01.01 19:54:11 | 000,000,680 | ---- | C] () -- C:\Users\Name\AppData\Local\d3d9caps.dat
[2008.10.31 15:02:29 | 000,070,144 | ---- | C] () -- C:\Users\Name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.09 19:36:23 | 000,022,584 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.08.08 15:49:44 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.05.16 02:14:50 | 000,000,963 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.02.12 22:52:18 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\AnvSoft
[2008.10.09 14:55:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Buhl Data Service GmbH
[2010.02.14 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\CrystalButton
[2009.12.08 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DMCache
[2010.10.17 01:32:58 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DNA
[2010.07.24 16:50:19 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.03 17:55:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\FileZilla
[2010.10.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Free Download Manager
[2010.05.08 16:53:04 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\GlarySoft
[2010.10.13 22:31:25 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\ICQ
[2010.10.17 00:27:36 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IObit
[2010.08.22 17:14:57 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\IrfanView
[2010.10.11 18:01:56 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\LimeWire
[2008.12.18 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\McLoad
[2010.03.19 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\OCS
[2010.03.19 15:51:41 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Opera
[2010.10.11 01:34:16 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Panda Security
[2010.08.06 22:22:30 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Sony
[2010.08.08 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TeamViewer
[2010.05.02 17:18:28 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TS3Client
[2010.05.08 14:15:03 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\TuneUp Software
[2008.11.08 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\Ulead Systems
[2010.10.11 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\WhiteSmoke
[2010.10.01 19:19:23 | 000,000,000 | ---D | M] -- C:\Users\Name\AppData\Roaming\XnView
[2010.10.16 23:40:07 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.08.04 11:38:09 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.16 23:41:46 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008.12.07 14:43:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.16 23:41:44 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.04.03 14:34:16 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.10.26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.04.17 01:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2009.04.20 17:30:35 | 000,001,658 | -H-- | M] () -- C:\Users\Name\AppData\Roaming\Microsoft\LastFlashConfig.WFC
 
< %PROGRAMFILES%\*.* >
[2008.01.21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.21 04:24:42 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.21 04:24:38 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-04 12:46:22
 
========== Files - Unicode (All) ==========
[2010.07.07 17:25:11 | 000,000,000 | ---D | M](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
[2010.07.07 17:25:11 | 000,000,000 | ---D | C](C:\Users\Name\Documents\?? ???) -- C:\Users\Name\Documents\넥슨 플러그
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0059.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0054.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0053.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0049.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0047.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0042.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0036.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0031.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0029.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0020.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0018.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0014.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Name\Documents\clip0002.avi:TOC.WMV

< End of report >


Eine Extra.txt erschien nach dem Scan nicht ?!

Swisstreasure 17.10.2010 19:06
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

ichhaueuch 18.10.2010 16:47
Ah gut habe jetzt erstmal dieses Bit Torrent DNA gefunden und
habe es deinstalliert und CCleaner erstmal durchlaufen lassen
das ist schonmal weg ;)
jetzt mache ich das mit Combofix^^

ichhaueuch 20.10.2010 12:36
merkwürdig ich hatte Norton Antivirus beendet aber als ich Combo-Fix.exe
gestartet hatte meinte er das Norton Antivirus nicht beendet sei
obwohl ich Auto-Protect aussgeschalten hatte also heißt das ja das Norton noch nicht ganz
Deaktiviert ist oder ? Was nun ?


PS: Ist es normal das bei Combo-Fix immer so ein Geräuch kommt ?^^ *düdü*

Swisstreasure 20.10.2010 13:30
Ich habe selber kein Norton. Auto-Protect ausschalten sollte reichen. Das Geräusch kommt bei der Warnmeldung. Das kannst Du aber ignorieren.

ichhaueuch 27.10.2010 06:20
Also ich bin mir nicht Sicher aber habe ein neuen Norton und der hat ein paar Viren weg gemacht und so habe hier mal einen Hijacktis Scan

ist der weg oder noch da?
falls er noch da ist mache ich natürlich normal weiter:D

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:20:23, on 27.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18498)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\wpcumi.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.nexon.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Ricardo\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 7488 bytes
--- --- ---

Swisstreasure 27.10.2010 11:26
Zitat:
Also ich bin mir nicht Sicher aber habe ein neuen Norton und der hat ein paar Viren weg gemacht und so habe hier mal einen Hijacktis Scan
Hab ich irgendwo geschrieben dass Du ein neues AV Program installieren sollst? Oder verstehe ich das falsch? Und wer hat geschrieben dass ich ein HJT Log sehen will?

Schau Dir Post 23 an. Da gehts weiter!

ichhaueuch 27.10.2010 19:28
Hier Combi-Fix

Combofix Logfile:
Code:
ComboFix 10-10-26.04 - Name 27.10.2010  20:12:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3069.1871 [GMT 2:00]
ausgeführt von:: c:\users\Name\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\vbzlib1.dll

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Ias


(((((((((((((((((((((((  Dateien erstellt von 2010-09-27 bis 2010-10-27  ))))))))))))))))))))))))))))))
.

2010-10-27 18:17 . 2010-10-27 18:21    --------    d-----w-    c:\users\Name\AppData\Local\temp
2010-10-27 18:17 . 2010-10-27 18:17    --------    d-----w-    c:\users\Gast\AppData\Local\temp
2010-10-27 18:17 . 2010-10-27 18:17    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-27 18:08 . 2010-10-27 18:09    --------    d-----w-    C:\32788R22FWJFW
2010-10-24 13:14 . 2010-10-24 13:22    --------    d-----w-    c:\program files\JDownloader
2010-10-24 12:27 . 2010-10-26 14:21    --------    d-----w-    c:\users\Name\AppData\Local\CrashDumps
2010-10-23 15:57 . 2010-10-23 15:57    --------    d-----w-    c:\users\Name\AppData\Roaming\Tific
2010-10-23 15:57 . 2010-10-23 15:57    --------    d-----w-    c:\users\Name\AppData\Local\Symantec
2010-10-23 15:51 . 2009-05-18 22:17    26600    ----a-r-    c:\windows\system32\drivers\GEARAspiWDM.sys
2010-10-23 15:51 . 2008-04-17 21:12    107368    ----a-r-    c:\windows\system32\GEARAspi.dll
2010-10-23 15:51 . 2010-10-23 15:51    --------    d-----w-    c:\program files\Symantec
2010-10-23 15:51 . 2010-10-23 15:51    124976    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-23 15:51 . 2010-10-24 16:07    --------    d-----w-    c:\windows\system32\drivers\N360
2010-10-23 15:51 . 2010-10-23 15:51    --------    d-----w-    c:\program files\Norton 360
2010-10-23 15:46 . 2010-10-23 15:46    --------    d-----w-    c:\programdata\PCSettings
2010-10-23 15:44 . 2010-10-23 15:46    --------    d-----w-    c:\programdata\NortonInstaller
2010-10-23 15:44 . 2010-10-23 15:44    --------    d-----w-    c:\program files\NortonInstaller
2010-10-23 15:43 . 2009-10-15 15:14    24352    ----a-w-    c:\windows\system32\drivers\SipIMNDI.sys
2010-10-23 14:22 . 2010-10-23 14:22    --------    d-----w-    c:\program files\Unlocker
2010-10-23 11:10 . 2010-10-23 11:10    --------    d-----w-    c:\program files\AutoIt3
2010-10-23 09:13 . 2010-10-23 09:13    --------    d-----w-    c:\users\Name\AppData\Roaming\teamspeak2
2010-10-22 19:06 . 2010-10-22 19:07    --------    d-----w-    c:\users\Name\AppData\Roaming\Hide IP NG
2010-10-22 19:06 . 2010-10-22 19:06    --------    d-----w-    c:\users\Name\AppData\Roaming\hideip_firefox_plugin
2010-10-20 20:42 . 2010-10-20 20:42    --------    d-----w-    c:\windows\system32\drivers\UMDF\ko-KR
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\Spool\prtprocs\w32x86\ko-KR\LMPRTPRC.DLL.mui
2010-10-20 20:42 . 2010-10-20 20:42    --------    d-----w-    c:\windows\system32\wbem\en-US
2010-10-20 20:42 . 2010-10-20 20:42    --------    d-----w-    c:\windows\system32\drivers\en-US
2010-10-20 20:41 . 2010-10-20 20:41    --------    d-----w-    c:\windows\system32\ko
2010-10-20 20:41 . 2010-10-20 20:41    --------    d-----w-    c:\windows\system32\0412
2010-10-20 20:41 . 2010-10-20 20:41    40960    ----a-w-    c:\program files\Common Files\Microsoft Shared\ink\ko\Microsoft.Ink.Resources.dll
2010-10-20 20:41 . 2010-10-20 20:42    --------    d-----w-    c:\windows\en-US
2010-10-20 20:41 . 2010-10-20 20:42    --------    d-----w-    c:\windows\ko-KR
2010-10-20 20:41 . 2010-10-20 20:42    --------    d-----w-    c:\windows\system32\wbem\ko-KR
2010-10-20 20:41 . 2010-10-20 20:42    --------    d-----w-    c:\windows\system32\drivers\ko-KR
2010-10-20 20:39 . 2010-10-20 20:39    --------    d-----w-    c:\windows\system32\Vistalizator
2010-10-20 20:22 . 2010-10-23 15:48    --------    d-----w-    c:\program files\Windows Journal
2010-10-20 16:52 . 2010-10-20 16:52    --------    d-----w-    c:\users\Name\AppData\Roaming\Vivox
2010-10-20 12:40 . 2010-10-20 12:50    --------    d-----w-    c:\program files\GamersFirst
2010-10-17 14:24 . 2010-10-17 14:24    22000    ----a-w-    c:\windows\system32\drivers\Neo_0119.sys
2010-10-17 14:22 . 2010-10-17 14:22    81920    ----a-w-    c:\windows\system32\vpncmd.exe
2010-10-17 14:22 . 2010-10-18 13:43    --------    d-----w-    c:\program files\PacketiX VPN Client English
2010-10-16 22:27 . 2010-10-16 22:27    --------    d-----w-    c:\users\Name\AppData\Roaming\IObit
2010-10-16 22:27 . 2010-10-16 22:27    --------    d-----w-    c:\program files\IObit
2010-10-16 21:46 . 2008-03-17 13:45    1414440    ----a-w-    c:\windows\system32\ShellManager310E2D762.dll
2010-10-16 21:38 . 2010-10-16 21:38    --------    d-----w-    c:\program files\Common Files\Skype
2010-10-16 15:42 . 2010-10-16 15:42    --------    d-----w-    C:\_OTL
2010-10-11 16:15 . 2010-10-16 21:44    --------    d-----w-    c:\programdata\SweetIM
2010-10-11 10:17 . 2010-10-11 16:02    --------    d-----w-    c:\program files\Mozilla Firefox 4.0 Beta 6
2010-10-11 09:39 . 2010-10-11 10:41    --------    d--h--w-    c:\program files\InstallJammer Registry
2010-10-10 23:34 . 2010-10-10 23:34    --------    d-----w-    c:\users\Name\AppData\Roaming\Panda Security
2010-10-10 23:33 . 2009-10-07 14:28    17544    ------w-    c:\windows\system32\drivers\RkPavproc1.sys
2010-10-10 23:33 . 2010-10-10 23:33    --------    d-----w-    c:\programdata\Panda Security
2010-10-09 20:07 . 2010-10-09 20:07    --------    d-----r-    C:\Sandbox
2010-10-09 20:06 . 2010-10-09 20:06    --------    d-----w-    c:\program files\Sandboxie
2010-10-09 12:28 . 2010-10-09 12:28    --------    d-----w-    c:\program files\Common Files\Adobe
2010-10-04 11:51 . 2010-06-22 12:57    2048    ----a-w-    c:\windows\system32\tzres.dll
2010-10-03 17:08 . 2010-10-27 11:42    --------    d-----w-    c:\programdata\SecTaskMan
2010-10-03 17:08 . 2010-10-03 17:08    --------    d-----w-    c:\program files\Security Task Manager
2010-10-02 21:11 . 2010-10-02 21:12    --------    d-----w-    c:\program files\MultiRes
2010-10-02 19:27 . 2010-10-19 17:33    --------    d-----w-    C:\War Rock
2010-10-01 17:19 . 2010-10-01 17:19    --------    d-----w-    c:\users\Name\AppData\Roaming\XnView
2010-10-01 17:17 . 2010-10-01 17:17    --------    d-----w-    c:\program files\XnView

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 13:18 . 2010-06-10 15:12    472808    ----a-w-    c:\windows\system32\deployJava1.dll
2010-10-20 20:42 . 2010-10-20 20:42    4608    ----a-w-    c:\windows\system32\drivers\UMDF\ko-KR\WpdMtpDr.dll.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\umbus.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\pscr.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\grserial.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\stcusb.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\serscan.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\SCR111.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\scmstcs.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\gpr400.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\cxbp0wdm.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\cmbp0wdm.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    2560    ----a-w-    c:\windows\system32\drivers\ko-KR\wd.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    5120    ----a-w-    c:\windows\system32\drivers\ko-KR\nv4_mini.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\yk60x86.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\rndismpx.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\pcmcia.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\ntrigdigi.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\msdsm.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\bcm4sbxp.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\scsiport.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\parport.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\parvdm.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    2560    ----a-w-    c:\windows\system32\drivers\ko-KR\amdide.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    7168    ----a-w-    c:\windows\system32\drivers\ko-KR\afd.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\modem.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\srv.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\RNDISMP.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\qwavedrv.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\pacer.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    45056    ----a-w-    c:\windows\system32\drivers\ko-KR\ntfs.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3584    ----a-w-    c:\windows\system32\drivers\en-US\nfsrdr.sys.mui
2010-10-20 20:42 . 2010-10-20 20:42    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\nfsrdr.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\dxgkrnl.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\ipnat.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\fltmgr.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\pnpmem.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    7168    ----a-w-    c:\windows\system32\drivers\ko-KR\serial.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    6144    ----a-w-    c:\windows\system32\drivers\ko-KR\ltmdmnt.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\wacompen.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\IPMIDrv.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\hidbth.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    5120    ----a-w-    c:\windows\system32\drivers\ko-KR\bthport.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    5120    ----a-w-    c:\windows\system32\drivers\ko-KR\bthpan.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\Dot4usb.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    6656    ----a-w-    c:\windows\system32\drivers\ko-KR\BrSerId.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\UAGP35.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\GAGP30KX.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\atikmdag.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\ati2mtag.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    2560    ----a-w-    c:\windows\system32\drivers\ko-KR\BrParwdm.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    2560    ----a-w-    c:\windows\system32\drivers\ko-KR\ati2mpad.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    12288    ----a-w-    c:\windows\system32\drivers\ko-KR\ohci1394.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    5120    ----a-w-    c:\windows\system32\drivers\ko-KR\luafv.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    28672    ----a-w-    c:\windows\system32\drivers\ko-KR\http.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    2560    ----a-w-    c:\windows\system32\drivers\ko-KR\wdf01000.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\e100b325.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\tpm.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\b57nd60x.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    24576    ----a-w-    c:\windows\system32\drivers\ko-KR\volsnap.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    13312    ----a-w-    c:\windows\system32\drivers\ko-KR\e1e6032.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    11776    ----a-w-    c:\windows\system32\drivers\ko-KR\E1G60I32.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4608    ----a-w-    c:\windows\system32\drivers\ko-KR\sermouse.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\mouclass.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\mouhid.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    24576    ----a-w-    c:\windows\system32\drivers\ko-KR\mpio.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    9216    ----a-w-    c:\windows\system32\drivers\ko-KR\fvevol.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    7168    ----a-w-    c:\windows\system32\drivers\ko-KR\pci.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\mssmbios.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3584    ----a-w-    c:\windows\system32\drivers\ko-KR\isapnp.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\VIAAGP.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\ULIAGPKX.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\SISAGP.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\NV_AGP.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\AMDAGP.SYS.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\AGP440.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    7168    ----a-w-    c:\windows\system32\drivers\ko-KR\i8042prt.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    4096    ----a-w-    c:\windows\system32\drivers\ko-KR\kbdclass.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    3072    ----a-w-    c:\windows\system32\drivers\ko-KR\kbdhid.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    7168    ----a-w-    c:\windows\system32\drivers\ko-KR\acpi.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\viac7.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\processr.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\intelppm.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\crusoe.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\amdk8.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    21504    ----a-w-    c:\windows\system32\drivers\ko-KR\amdk7.sys.mui
2010-10-20 20:41 . 2010-10-20 20:41    10240    ----a-w-    c:\windows\system32\drivers\ko-KR\battc.sys.mui
2010-10-16 21:21 . 2008-10-09 17:36    22584    ----a-w-    c:\windows\system32\drivers\PnkBstrK.sys
2010-10-16 21:21 . 2008-10-09 17:36    99904    ----a-w-    c:\windows\system32\PnkBstrB.exe
2010-10-08 18:24 . 2009-10-26 19:56    164880    ---ha-w-    c:\users\Name\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2010-08-17 13:32 . 2010-09-15 14:27    126464    ----a-w-    c:\windows\system32\spoolsv.exe
.

------- Sigcheck -------

[-] 2010-05-12 . 5B8AB8E9F38BC52ECD183B099093C2BD . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2010-10-02 2937528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13543968]
"toolbar_eula_launcher"="c:\program files\GoogleEULA\EULALauncher.exe" [2007-02-09 16896]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk
backup=c:\windows\pss\GamersFirst LIVE!.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MultiRes.lnk]
path=c:\users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MultiRes.lnk
backup=c:\windows\pss\MultiRes.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Name^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
path=c:\users\Name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk
backup=c:\windows\pss\PacketiX VPN Client Task Tray.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07    932288    ----a-r-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47    35760    ----a-w-    c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-05-07 15:41    178712    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-08-22 11:02    133432    ----a-w-    c:\program files\ICQ7.2\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 13:39    1090952    ----a-w-    c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
2010-08-25 14:36    2024824    ----a-w-    c:\nexon\NexonPlug\NexonPlug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-06-09 05:23    92704    ----a-w-    c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-05-07 14:19    6139904    ----a-w-    c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2010-08-09 10:03    389352    ----a-w-    c:\program files\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44    248552    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23    1008184    ----a-w-    c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1257661164-1137624066-1645535895-1001]
"EnableNotificationsRef"=dword:00000005

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [x]
R3 Neo_Wr;VPN Client Device Driver - Wr;c:\windows\system32\DRIVERS\Neo_0119.sys [2010-10-17 22000]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-02-10 3458548]
R3 SipIMNDI;T-Home Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI.sys [2009-10-15 24352]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva337;XDva337;c:\windows\system32\XDva337.sys [2010-03-14 68680]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2009-11-27 185640]
R4 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2009-10-15 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-10-01 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20101026.001\IDSvix86.sys [2010-10-19 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-23 102448]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    REG_MULTI_SZ      Akamai
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.nexon.com
uInternet Settings,ProxyServer = socks=
IE: Free YouTube to Mp3 Converter - c:\users\Name\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4
LSP: c:\windows\system32\wpclsp.dll
FF - ProfilePath - c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2040433&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - http://www.trojaner-board.de/91425-t...ntfernbar.html
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\FFExternalAlert.dll
FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}\components\RadioWMPCore.dll
FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\FFExternalAlert.dll
FF - component: c:\users\Name\AppData\Roaming\Mozilla\Firefox\Profiles\mgik1apm.default\extensions\{f1ae9383-9442-4e9c-ab8c-d441fd0021cf}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Nexon\NGM\npNxGame.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
BHO-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
Toolbar-{f1ae9383-9442-4e9c-ab8c-d441fd0021cf} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{F1AE9383-9442-4E9C-AB8C-D441FD0021CF} - (no file)
MSConfigStartUp-ALUAlert - c:\program files\Symantec\LiveUpdate\ALuNotify.exe
MSConfigStartUp-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-27 20:20
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):81,75,47,14,3a,1b,77,e1,50,9b,dc,f2,8c,59,84,d0,17,4e,70,b2,7e,
  59,d6,62,40,16,e3,75,22,d2,8e,50,97,52,71,04,ef,fd,79,30,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-1257661164-1137624066-1645535895-1001_Classes\CLSID\{6766d4e8-cd86-47cc-bdde-12c4c826d8ec}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000154
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
  38,95,44,85,4a,e6,7d,94,e5,01,99,2e,4d,91,eb,9e,ca,8f,8d,42,8d,14,f0,2f,cc,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(3928)
c:\windows\system32\authui.dll
c:\windows\system32\ieframe.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\conime.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-27  20:26:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-27 18:26

Vor Suchlauf: 12 Verzeichnis(se), 422.960.869.376 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 423.245.561.856 Bytes frei

- - End Of File - - 9849295E63ADAB365F778CDCB39D7E82
--- --- ---




PS: Ich weiß nicht ob das das beeinflust aber

als Pc neugestartet ist haben sich automatisch "Unlocker" geöffnet und "Jugenschutz" da es in den autostartprogrammen oder so ist aufjedenfall
habe ich sie beendet


Edit: Merkwürdig war auch das ich Firefox neu zum Standardbrowser machen musste

(Habe Internet Explorer gelöscht damit ihr bescheid wisst vllt ist das ja wichtig oder so...)



Edit2:

Im Editor Name angepasst in Name!

Swisstreasure 28.10.2010 14:57
Wie läufts zur Zeit?


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:34 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131