Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Botnet, wie überprüfe ich meinen PC? (https://www.trojaner-board.de/97176-botnet-ueberpruefe-meinen-pc.html)

Change 05.04.2011 18:39
Botnet, wie überprüfe ich meinen PC?
 
Hallihallo,
hab heute einen Beitrag im TV gesehen. Der gibs über diese Botnetze.
Habe ehrlich gesagt das erste mal was davon gehört und bin ziemlicher Anfänger auf dem Gebiet Maleware, Viren, Trojaner & Co.

Hab mir ein paar Seiten und Threads hier im Forum angeschaut, aber ich konnte da leider nicht viel von verstehen :-(

Es fielen immer Wörter wie Exploit, G-Packs, KeyGen, Infect ect.

Mein Internet Browser stockt in letzter Zeit öfters mal.
Er bleibt einfach ein paar Sekunden im Standbild, das bin ich nicht gewöhnt, auch ist er in letzter Zeit etwas langsam geworden.

Also die Finale Frage, wie kann ich meinen PC überprüfen, ob ich einem solchen Botnet unterstellt bin?

Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/

Ich bedanke mich im Voraus für hilfreiche Tipps (bitte für Anfänger :rolleyes: )

Euer Change

cosinus 07.04.2011 10:43
Hallo und :hallo:

Zitat:
Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/
Softwaretechnisch ("Absicherungsprogramme") reicht das vollkommen.


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Change 08.04.2011 14:26
Hat nicht vor dir schon jemand nen Post geschrieben? Ist ja fies den einfach zu löschen ^^

Also hier die Logs:

Maleware log
PHP-Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6308

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

08.04.2011 14:19:53
mbam-log-2011-04-08 (14-19-53).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 285278
Laufzeit: 1 Stunde(n), 6 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden) 
OTL Log OTL.txt
OTL Logfile:
Code:
OTL logfile created on: 08.04.2011 14:53:42 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\UserXY\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\mIRC\mirc.exe (mIRC Co. Ltd.)
PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\xampp\xampp-control.exe (Apache Friends)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
 
FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.03.26 17:08:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.31 22:37:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.31 22:37:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.31 21:12:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 22:37:25 | 000,000,000 | ---D | M]
 
[2010.11.12 22:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions
[2011.04.07 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions
[2011.03.08 09:57:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.14 00:24:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.12.05 15:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.31 22:37:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.03.31 22:37:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [snp2uvc]  File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] ()
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.08 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes
[2011.04.08 13:10:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.08 13:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.08 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.08 13:10:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.08 13:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.05 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended
[2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended
[2011.03.31 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011.03.31 22:43:47 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack
[2011.03.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\DDMSettings
[2011.03.31 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.03.31 22:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2011.03.31 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\DivX
[2011.03.30 21:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2011.03.30 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2011.03.30 21:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011.03.29 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\vlc
[2011.03.29 01:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.03.29 01:23:38 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2011.03.26 17:20:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone Mobile Connect
[2011.03.26 17:17:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\FLEXnet
[2011.03.26 17:10:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone
[2011.03.26 17:10:20 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys
[2011.03.26 17:10:18 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2011.03.26 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Bytemobile
[2011.03.26 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011.03.26 17:07:18 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll
[2011.03.26 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
[2011.03.20 02:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Ontrack
[2011.03.19 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\SATA Treiber
[2011.03.16 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Dokumente
[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\mIRC
[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Programme\mIRC
[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011.03.10 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\FreePDF_XP
[2011.03.10 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF
[2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP
[2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF
[2011.03.10 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2011.03.10 18:33:36 | 000,000,000 | ---D | C] -- C:\Programme\gs
[2010.12.06 23:09:42 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.12.06 23:09:41 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.08 13:03:45 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.08 13:03:44 | 000,666,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.08 13:03:44 | 000,141,546 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.08 13:03:44 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.08 12:58:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job
[2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.08 12:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.08 12:57:33 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.07 21:23:38 | 009,307,648 | ---- | M] () -- C:\Users\UserXY\Desktop\GuAH.rar
[2011.04.06 22:51:28 | 000,006,452 | ---- | M] () -- C:\Users\UserXY\.recently-used.xbel
[2011.04.05 21:47:25 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.04.05 21:46:19 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011.04.03 22:08:46 | 000,003,862 | ---- | M] () -- C:\Users\UserXY\Desktop\Geburtstag.html
[2011.04.03 03:06:46 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Team.html
[2011.04.02 22:19:43 | 000,025,140 | ---- | M] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt
[2011.04.02 05:28:07 | 000,002,045 | ---- | M] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk
[2011.04.02 04:59:18 | 000,001,022 | ---- | M] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk
[2011.03.31 20:48:04 | 000,000,369 | ---- | M] () -- C:\Users\UserXY\Desktop\Tickets DB.rtf
[2011.03.30 21:08:33 | 000,000,021 | ---- | M] () -- C:\Windows\ø04
[2011.03.29 19:42:15 | 000,006,144 | ---- | M] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.28 22:00:38 | 000,013,422 | ---- | M] () -- C:\Users\UserXY\Desktop\Werbung.ods
[2011.03.26 17:07:18 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll
[2011.03.19 19:43:06 | 000,005,025 | ---- | M] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf
[2011.03.19 17:09:17 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.18 00:43:09 | 000,001,292 | ---- | M] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf
[2011.03.17 05:27:11 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf
 
========== Files Created - No Company Name ==========
 
[2011.04.07 21:23:10 | 009,307,648 | ---- | C] () -- C:\Users\UserXY\Desktop\GuAH.rar
[2011.04.07 00:39:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job
[2011.04.06 22:51:28 | 000,006,452 | ---- | C] () -- C:\Users\UserXY\.recently-used.xbel
[2011.04.02 22:19:42 | 000,025,140 | ---- | C] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt
[2011.04.02 04:59:18 | 000,002,045 | ---- | C] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk
[2011.04.02 04:59:18 | 000,001,022 | ---- | C] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk
[2011.03.31 22:43:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.03.31 22:43:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04
[2011.03.28 20:57:39 | 000,013,422 | ---- | C] () -- C:\Users\UserXY\Desktop\Werbung.ods
[2011.03.19 19:43:06 | 000,005,025 | ---- | C] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf
[2011.03.18 00:43:09 | 000,001,292 | ---- | C] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf
[2011.03.16 19:51:01 | 000,000,421 | ---- | C] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf
[2011.03.10 18:34:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.03.10 18:34:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.01.28 17:46:05 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.28 17:45:55 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.28 17:45:21 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.12.13 14:24:31 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.12.06 23:09:42 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.12.06 23:09:42 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2010.12.06 23:09:41 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.12.06 23:09:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.05 15:33:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.05 03:38:55 | 000,006,144 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.23 18:41:50 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.11.21 17:04:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010.11.17 19:00:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.11.17 19:00:04 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.14 18:53:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.11.14 18:53:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.11.12 21:49:39 | 000,000,680 | ---- | C] () -- C:\Users\UserXY\AppData\Local\d3d9caps.dat
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.01.21 09:15:58 | 000,666,108 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,141,546 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,253,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
--- --- ---


OTL Log Extras.Txt
OTL Logfile:
Code:
OTL Extras logfile created on: 08.04.2011 14:53:42 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\UserXY\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS
Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{082057E1-DA2A-4851-988D-2E02C82A61FC}" = lport=137 | protocol=17 | dir=in | app=system |
"{085ABB05-D427-445F-88AF-5885142FA378}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{195668FE-0AFF-4DB2-86A7-89A346F10C38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2C54D6E6-8FEE-4F4A-9224-2AA06FC24203}" = rport=138 | protocol=17 | dir=out | app=system |
"{317AAA2A-006B-49D1-B134-6E4CB3385BC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35F15898-9B3E-4274-8AE9-CBB711AF420D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{410549BA-C46D-4EB1-9EF4-99DFBEA384B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51D95E50-48EF-41CC-AA40-F09713A590F8}" = lport=139 | protocol=6 | dir=in | app=system |
"{62092309-4945-4F07-B28A-A7C206BB06BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{71488D49-8D57-45EA-AF79-720FFA1557AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7DC38869-D686-488F-9F65-8E02AE621005}" = rport=139 | protocol=6 | dir=out | app=system |
"{836476F3-4A08-49AE-A9DE-185DC8F1CD66}" = rport=137 | protocol=17 | dir=out | app=system |
"{9D16125D-AFEF-4687-B4E2-B4BF846720A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{BCCAE36C-FEC0-4A39-A6C7-BFFFA0AEDE2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D1831A9F-DB0D-48B2-B585-B0CE700325A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6344D9A-75FD-4F90-BA1D-DF7BD1B58CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EDE86F30-7567-4E89-BD88-3359EDF83FE5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F048EA16-D3D8-4B37-A175-2A77C2687A92}" = lport=138 | protocol=17 | dir=in | app=system |
"{F56D6BE4-37C7-431E-84A1-14390E7CA0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18A121F3-2C46-4C1A-BF84-D2F95D9E6441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{20D44E87-FF81-460E-AEC4-30E44858EBF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3905CB25-C78D-488A-9E80-2B44898757F5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3B7EB9F6-29B7-42D9-80A8-3C8B6D9922FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{44395975-C19E-4884-9D62-13723227A96A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{566F4F0F-E2F3-4A2E-A42D-17BECCA37CA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7C06B76E-FC2E-4D86-88BA-7454C66DD4D8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8A31DA49-E7C2-4E51-A068-CC0332B8C2FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{91BEC9BA-706F-4520-A4BF-C11804050734}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{99E5BAD5-15DF-4BFF-A5FE-C85833A5124D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A13B0100-F471-452E-8161-D7EBD3B85FAD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{A55B93E2-F95F-4D94-9496-0271AEC5F240}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{B352AD18-7473-48A8-91B1-A1BED7889219}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{C9BDFEC7-A8B3-4149-93ED-4D643E8D588A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{D2CFEF35-E009-4B6C-B934-32EAFBD2F115}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{EEBB4BBB-98B5-46E4-9E65-EE9B50E8025D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F0FC704B-ABEC-4F4D-884B-FBBAA49A487D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{F32B80AD-1024-4021-8731-4EAC57D4F431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"TCP Query User{0915FD88-778B-432D-89BF-E4FD32A0F1BF}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe |
"TCP Query User{2EC893D1-D51E-4D23-B962-F6194A048EB4}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe |
"TCP Query User{3676B3FD-EE92-401A-AD98-5E5A6E94EA93}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe |
"TCP Query User{41BF4A2A-7EDD-49F2-9EAC-17FC445D69C6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe |
"TCP Query User{45500023-0036-4DA3-B78F-3A774D5AE7D7}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe |
"TCP Query User{497DCF11-B305-41B3-A76C-8BD710C3D788}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{50AAD46C-C652-4991-91EF-196A0AF998C6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe |
"TCP Query User{62CE1318-260F-4C3D-ADB1-BD5CB111598E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{73805122-F62E-4850-BD91-E255465048C2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe |
"TCP Query User{7F0E4E5B-BA5F-4E8A-B0FE-958756B73563}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{8DD3A72E-F650-4F7A-9960-2F5A2046D664}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe |
"TCP Query User{8F43AB5B-0F0E-45F3-9245-63054D4E3827}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{946907A8-0B09-4FE4-9DAC-842C1818B14E}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe |
"TCP Query User{9BD4BDCE-0B4F-4267-8B10-A806071F542E}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe |
"TCP Query User{A11562F4-F346-4B91-A5EE-33C65A9D7E27}C:\program files\tswebeditor\tswebeditor.exe" = protocol=6 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe |
"TCP Query User{C5B0937B-5D7A-4288-9055-F2BCC74BBDC2}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe |
"TCP Query User{D1B511A2-C11A-44C1-A058-A4C6C52406E8}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe |
"TCP Query User{D924792E-5E81-4646-87A3-7C7D27EFB058}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{08718B93-277E-42CA-8529-C9AC14F04FC2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe |
"UDP Query User{0F951912-372E-4EA9-8C13-D4AB69ABB10B}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{2A53B9AD-2F81-42FE-BB6E-4889E8C81575}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe |
"UDP Query User{4BD0F880-ED4E-4B61-A661-94DCF2945FB6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe |
"UDP Query User{4C728C08-5E01-46CC-B2B0-DAE936FB3C77}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe |
"UDP Query User{5824E21F-8453-45C4-9E0A-17A797E11B89}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe |
"UDP Query User{77215D82-E1F6-456F-BF44-9C922816922F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{8A25C818-1C5F-41B9-8702-F0CD6B9400A6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe |
"UDP Query User{8C2FA855-BED0-424F-9B1B-D30C0C9DAF96}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{97B62570-DD02-4961-89B5-00233035892C}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe |
"UDP Query User{A1CD3481-586B-40DB-B9DA-21730BBCE276}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe |
"UDP Query User{B0C4FA83-D395-4B51-9D63-B4E77C7F0F50}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{B839EF48-9CAA-418C-9553-CB1B9CFA4F20}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe |
"UDP Query User{C2A885AC-4463-44C6-BC64-F8710030128C}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe |
"UDP Query User{CAC51CF5-3558-4E61-9E03-DA633AC7A79E}C:\program files\tswebeditor\tswebeditor.exe" = protocol=17 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe |
"UDP Query User{DB253A1D-37AC-4E69-8428-0009D14E729A}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe |
"UDP Query User{DBDFDFAD-82A9-402F-B98C-C6FA8BE52FD3}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{E910EBD3-1AD2-44B6-BF33-282591AB7977}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{29805E39-651D-483D-85DA-A818AE4B1D96}" = World of Warcraft Model Viewer 32-bit
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{58E5BB82-338B-4A48-B1BE-F8BE30F615EC}_is1" = Hyrule City 1.1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Allied Intent Xtended" = Allied Intent Xtended 2.0
"AutoHotkey" = AutoHotkey 1.0.48.05.L61
"AutoItv3" = AutoIt v3.3.6.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Content Uploader" = DivX Content Uploader
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.4.1
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305
"FreePDF_XP" = FreePDF (Remove only)
"Geany" = Geany 0.19.1
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"ProInst" = Intel PROSet Wireless
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.91
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.8
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.04.2011 16:14:22 | Computer Name = UserXY-LT | Source = VSS | ID = 8194
Description =
 
Error - 06.04.2011 14:23:26 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 06.04.2011 14:23:27 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
 
Error - 06.04.2011 21:27:01 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 07.04.2011 05:14:48 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07.04.2011 05:14:52 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
 
Error - 07.04.2011 12:18:04 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 07.04.2011 12:18:06 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
 
Error - 08.04.2011 06:57:54 | Computer Name = UserXY-LT | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 08.04.2011 06:57:55 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 16.01.2011 12:31:28 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
 
Error - 16.01.2011 12:31:43 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
 
Error - 16.01.2011 12:34:27 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.29 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAD0C51E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 17.01.2011 08:39:17 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
 
Error - 17.01.2011 08:39:25 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse
 0016EAD0C51E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
 eine DHCPNACK-Meldung gesendet).
 
Error - 17.01.2011 08:39:31 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.01.2011 07:58:23 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
 
Error - 18.01.2011 07:58:35 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
 
Error - 19.01.2011 07:48:57 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016
Description =
 
Error - 19.01.2011 07:49:20 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

Vielen Dank, Change :-)

cosinus 08.04.2011 14:57
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Change 08.04.2011 15:05
Nein, da steht nur dieser den ich angegeben habe!

Das mit den Hängern manchmal wird immer schlimmer....dann tut sich 10 sec manchmal garnichts!

Liebe Grüße, Change

cosinus 08.04.2011 15:14
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] ()
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Change 08.04.2011 16:35
Was wird denn gefixt?
Gibts ein Problem mit meinem Computer?
Irgendwas kaputt?

Liebe Grüße, Change

cosinus 08.04.2011 17:50
Wenn man dir hier helfen soll, muss du schon den Helfern vertrauen. Soll ich dir jetzt jede Zeile des Scriptes erklären bis du es verstanden hast oder willst du schnell und einfach Windows wieder auf Vordermann bringen?

Change 08.04.2011 18:48
Ganz ehrlich? Ich vertraue euch, das ist keine Frage.
Aber ich bin jemand der nicht einfach gesagt bekommen möchte was er machen soll, ich möchte lernen. Ich möchte wissen was nicht stimmt und lernen diese Probleme zu lösen.

Ich halte wenig von Leuten die ins Forum posten was muss ich tun und dann einfach stupide das tun was gesagt wird.
Ich hinterfrage nicht mangels fehlendem Vertrauen sondern mangels fehlendem Wissen.

Aber ist ja gut, dann werde ich es eben so ausführen. Danke :-)

Liebe Grüße, Change

Change 12.04.2011 14:45
Also, habe nun den Fix mal durchgespielt, scheinen ein zwei Problemchen bei aufgetreten zu sein:

Code:
All processes killed
========== OTL ==========
C:\Windows\ø04 moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File  not found.
File D:\Autorun.exe not found.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.
File F:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.
File D:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.
File F:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jonas
->Temp folder emptied: 199568523 bytes
->Temporary Internet Files folder emptied: 60557249 bytes
->FireFox cache emptied: 82907101 bytes
->Flash cache emptied: 70256 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 18827197 bytes
RecycleBin emptied: 3812925512 bytes
 
Total Files Cleaned = 3.981,00 mb
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.
 
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_153726

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
Was nun?

Liebe Grüße, Change

cosinus 12.04.2011 14:55
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Change 12.04.2011 15:21
Ok, der Scan hat 0 Ergebnisse geliefert und einen Scanlog gab es auch nicht.
Habe hier nur den Log durch "Report" im Nachhinein:

Code:
2011/04/12 16:17:52.0035 5448        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/12 16:17:52.0340 5448        ================================================================================
2011/04/12 16:17:52.0340 5448        SystemInfo:
2011/04/12 16:17:52.0340 5448       
2011/04/12 16:17:52.0340 5448        OS Version: 6.0.6001 ServicePack: 1.0
2011/04/12 16:17:52.0340 5448        Product type: Workstation
2011/04/12 16:17:52.0340 5448        ComputerName: USER-XY
2011/04/12 16:17:52.0340 5448        UserName: USER-XY
2011/04/12 16:17:52.0340 5448        Windows directory: C:\Windows
2011/04/12 16:17:52.0340 5448        System windows directory: C:\Windows
2011/04/12 16:17:52.0340 5448        Processor architecture: Intel x86
2011/04/12 16:17:52.0340 5448        Number of processors: 2
2011/04/12 16:17:52.0340 5448        Page size: 0x1000
2011/04/12 16:17:52.0340 5448        Boot type: Normal boot
2011/04/12 16:17:52.0340 5448        ================================================================================
2011/04/12 16:17:52.0819 5448        Initialize success
2011/04/12 16:17:58.0481 4572        ================================================================================
2011/04/12 16:17:58.0481 4572        Scan started
2011/04/12 16:17:58.0481 4572        Mode: Manual;
2011/04/12 16:17:58.0481 4572        ================================================================================
2011/04/12 16:18:00.0030 4572        acedrv10        (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys
2011/04/12 16:18:00.0150 4572        acehlp10        (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys
2011/04/12 16:18:00.0251 4572        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/04/12 16:18:00.0300 4572        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/04/12 16:18:00.0470 4572        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/04/12 16:18:00.0556 4572        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/04/12 16:18:00.0583 4572        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/04/12 16:18:00.0631 4572        AFD            (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/04/12 16:18:00.0679 4572        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/04/12 16:18:00.0725 4572        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/04/12 16:18:00.0763 4572        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/04/12 16:18:00.0795 4572        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/04/12 16:18:00.0825 4572        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/04/12 16:18:00.0855 4572        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/04/12 16:18:00.0878 4572        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/04/12 16:18:00.0980 4572        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/04/12 16:18:01.0019 4572        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/04/12 16:18:01.0076 4572        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/12 16:18:01.0106 4572        atapi          (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/04/12 16:18:01.0177 4572        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/12 16:18:01.0213 4572        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/12 16:18:01.0273 4572        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/04/12 16:18:01.0317 4572        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/04/12 16:18:01.0422 4572        BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys
2011/04/12 16:18:01.0454 4572        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/12 16:18:01.0491 4572        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/04/12 16:18:01.0519 4572        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/04/12 16:18:01.0555 4572        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/04/12 16:18:01.0585 4572        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/04/12 16:18:01.0625 4572        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/04/12 16:18:01.0644 4572        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/04/12 16:18:01.0680 4572        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/04/12 16:18:01.0778 4572        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/12 16:18:01.0822 4572        cdrom          (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/12 16:18:01.0863 4572        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/04/12 16:18:01.0908 4572        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/04/12 16:18:01.0999 4572        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/12 16:18:02.0050 4572        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/04/12 16:18:02.0077 4572        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/12 16:18:02.0100 4572        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/04/12 16:18:02.0125 4572        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/04/12 16:18:02.0169 4572        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/04/12 16:18:02.0225 4572        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/04/12 16:18:02.0305 4572        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/04/12 16:18:02.0389 4572        DXGKrnl        (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/12 16:18:02.0456 4572        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/04/12 16:18:02.0511 4572        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/04/12 16:18:02.0567 4572        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/04/12 16:18:02.0625 4572        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/04/12 16:18:02.0742 4572        ewusbnet        (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/04/12 16:18:02.0798 4572        exfat          (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/04/12 16:18:02.0834 4572        fastfat        (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/04/12 16:18:02.0902 4572        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/12 16:18:02.0969 4572        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/04/12 16:18:03.0001 4572        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/04/12 16:18:03.0036 4572        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/12 16:18:03.0064 4572        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/04/12 16:18:03.0105 4572        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/12 16:18:03.0132 4572        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/04/12 16:18:03.0222 4572        hamachi        (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/12 16:18:03.0312 4572        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/04/12 16:18:03.0384 4572        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/12 16:18:03.0569 4572        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/04/12 16:18:03.0619 4572        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/04/12 16:18:03.0699 4572        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/12 16:18:03.0737 4572        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/04/12 16:18:03.0814 4572        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/04/12 16:18:03.0969 4572        hwdatacard      (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/04/12 16:18:04.0028 4572        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/04/12 16:18:04.0071 4572        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/12 16:18:04.0101 4572        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/04/12 16:18:04.0146 4572        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/04/12 16:18:04.0275 4572        IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys
2011/04/12 16:18:04.0453 4572        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/04/12 16:18:04.0502 4572        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/12 16:18:04.0541 4572        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/12 16:18:04.0723 4572        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/04/12 16:18:04.0767 4572        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/04/12 16:18:05.0010 4572        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/04/12 16:18:05.0043 4572        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/04/12 16:18:05.0074 4572        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/12 16:18:05.0103 4572        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/04/12 16:18:05.0141 4572        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/04/12 16:18:05.0162 4572        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/12 16:18:05.0185 4572        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/04/12 16:18:05.0254 4572        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/12 16:18:05.0298 4572        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/12 16:18:05.0340 4572        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/04/12 16:18:05.0374 4572        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/04/12 16:18:05.0420 4572        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/04/12 16:18:05.0450 4572        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/04/12 16:18:05.0520 4572        massfilter      (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys
2011/04/12 16:18:05.0571 4572        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/04/12 16:18:05.0618 4572        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/04/12 16:18:05.0723 4572        MIDITECH_01    (96d3a86a4f5b46b3a19b5febfe4071c0) C:\Windows\system32\drivers\mt01drv.sys
2011/04/12 16:18:05.0763 4572        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/04/12 16:18:05.0803 4572        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/12 16:18:05.0839 4572        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/12 16:18:05.0887 4572        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/12 16:18:05.0918 4572        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/04/12 16:18:05.0962 4572        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/04/12 16:18:06.0021 4572        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/12 16:18:06.0059 4572        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/04/12 16:18:06.0089 4572        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/04/12 16:18:06.0154 4572        mrxsmb          (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/12 16:18:06.0173 4572        mrxsmb10        (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/12 16:18:06.0207 4572        mrxsmb20        (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/12 16:18:06.0249 4572        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/04/12 16:18:06.0276 4572        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/04/12 16:18:06.0359 4572        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/04/12 16:18:06.0392 4572        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/04/12 16:18:06.0442 4572        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/12 16:18:06.0464 4572        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/12 16:18:06.0483 4572        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/04/12 16:18:06.0508 4572        MsRPC          (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/04/12 16:18:06.0547 4572        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/12 16:18:06.0570 4572        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/04/12 16:18:06.0595 4572        Mup            (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/04/12 16:18:06.0674 4572        NativeWifiP    (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/12 16:18:06.0725 4572        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/04/12 16:18:06.0750 4572        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/12 16:18:06.0778 4572        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/12 16:18:06.0835 4572        NdisWan        (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/12 16:18:06.0869 4572        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/04/12 16:18:06.0908 4572        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/12 16:18:06.0935 4572        netbt          (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/12 16:18:07.0195 4572        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
2011/04/12 16:18:07.0445 4572        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/04/12 16:18:07.0487 4572        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/04/12 16:18:07.0518 4572        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/12 16:18:07.0580 4572        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/04/12 16:18:07.0679 4572        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/04/12 16:18:07.0704 4572        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/04/12 16:18:07.0772 4572        NVHDA          (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys
2011/04/12 16:18:08.0058 4572        nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/12 16:18:08.0270 4572        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/04/12 16:18:08.0291 4572        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/04/12 16:18:08.0323 4572        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/04/12 16:18:08.0392 4572        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/04/12 16:18:08.0435 4572        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/04/12 16:18:08.0467 4572        partmgr        (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/04/12 16:18:08.0501 4572        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/04/12 16:18:08.0548 4572        pci            (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/04/12 16:18:08.0589 4572        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/04/12 16:18:08.0619 4572        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/04/12 16:18:08.0668 4572        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/04/12 16:18:08.0794 4572        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/12 16:18:08.0826 4572        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/04/12 16:18:08.0903 4572        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/12 16:18:09.0000 4572        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/04/12 16:18:09.0101 4572        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/04/12 16:18:09.0136 4572        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/12 16:18:09.0158 4572        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/12 16:18:09.0190 4572        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/12 16:18:09.0223 4572        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/12 16:18:09.0243 4572        RasSstp        (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/12 16:18:09.0273 4572        rdbss          (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/12 16:18:09.0301 4572        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/12 16:18:09.0342 4572        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/04/12 16:18:09.0368 4572        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/12 16:18:09.0401 4572        RDPWD          (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/04/12 16:18:09.0466 4572        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/12 16:18:09.0537 4572        RTL8169        (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/04/12 16:18:09.0570 4572        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/04/12 16:18:09.0619 4572        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/12 16:18:09.0652 4572        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/04/12 16:18:09.0687 4572        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/04/12 16:18:09.0722 4572        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/04/12 16:18:09.0774 4572        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/04/12 16:18:09.0797 4572        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/12 16:18:09.0826 4572        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/12 16:18:09.0860 4572        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/04/12 16:18:09.0894 4572        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/04/12 16:18:09.0920 4572        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/04/12 16:18:09.0947 4572        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/04/12 16:18:09.0986 4572        Smb            (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/04/12 16:18:10.0143 4572        SNP2UVC        (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/04/12 16:18:10.0301 4572        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/04/12 16:18:10.0389 4572        srv            (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/04/12 16:18:10.0458 4572        srv2            (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/12 16:18:10.0482 4572        srvnet          (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/12 16:18:10.0522 4572        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/12 16:18:10.0609 4572        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/12 16:18:10.0671 4572        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/04/12 16:18:10.0702 4572        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/04/12 16:18:10.0734 4572        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/04/12 16:18:10.0842 4572        Tcpip          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
2011/04/12 16:18:10.0935 4572        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/12 16:18:11.0035 4572        tcpipBM        (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys
2011/04/12 16:18:11.0109 4572        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/12 16:18:11.0412 4572        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/04/12 16:18:11.0546 4572        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/04/12 16:18:11.0591 4572        tdx            (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/12 16:18:11.0622 4572        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/12 16:18:11.0673 4572        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/12 16:18:11.0705 4572        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/04/12 16:18:11.0723 4572        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/12 16:18:11.0749 4572        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/04/12 16:18:11.0773 4572        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/12 16:18:11.0812 4572        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/12 16:18:11.0849 4572        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/04/12 16:18:11.0888 4572        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/04/12 16:18:11.0921 4572        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/04/12 16:18:11.0955 4572        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/12 16:18:12.0041 4572        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/12 16:18:12.0077 4572        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/04/12 16:18:12.0102 4572        usbehci        (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/12 16:18:12.0130 4572        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/12 16:18:12.0157 4572        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/04/12 16:18:12.0176 4572        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/12 16:18:12.0219 4572        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/12 16:18:12.0281 4572        USBSTOR        (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/12 16:18:12.0438 4572        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/12 16:18:12.0535 4572        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/04/12 16:18:12.0582 4572        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/12 16:18:12.0607 4572        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/04/12 16:18:12.0632 4572        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/04/12 16:18:12.0657 4572        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/04/12 16:18:12.0683 4572        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/04/12 16:18:12.0712 4572        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/04/12 16:18:12.0764 4572        volmgrx        (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/04/12 16:18:12.0799 4572        volsnap        (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/04/12 16:18:12.0839 4572        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/04/12 16:18:12.0893 4572        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/04/12 16:18:12.0918 4572        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 16:18:12.0944 4572        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/12 16:18:12.0980 4572        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/04/12 16:18:13.0018 4572        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/12 16:18:13.0125 4572        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/12 16:18:13.0204 4572        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/12 16:18:13.0277 4572        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/12 16:18:13.0362 4572        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/04/12 16:18:13.0622 4572        ZTEusbmdm6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/04/12 16:18:13.0797 4572        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/04/12 16:18:13.0929 4572        ZTEusbser6k    (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/04/12 16:18:13.0991 4572        ================================================================================
2011/04/12 16:18:13.0991 4572        Scan finished
2011/04/12 16:18:13.0991 4572        ================================================================================
Heißt das bei mir ist nichts drauf? :-)

Liebe Grüße, Change

cosinus 12.04.2011 17:13
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Change 12.04.2011 23:11
Also, bin gekommen bis zum Abschluss der ComboFix Datei.

dann kam ein cmd-window mit blauem Hintergrund:
Code:
Bereite Logdatei vor.

Starte keine anderen Programme, bevor ComboFix fertig ist.


This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.
Davor kommt ein Windows-Fenster:
PEV.cfxxe funktioniert nicht mehr

Keine Ahnung ob alles gut funktioniert hat. Nach klicken auf "Programm beenden" kam der Hinweis auf den log:

Code:
ComboFix 11-04-12.01 - UserXY 12.04.2011  23:19:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.3066.1969 [GMT 2:00]
ausgeführt von:: c:\users\UserXY\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-12 bis 2011-04-12  ))))))))))))))))))))))))))))))
.
.
2011-04-12 21:25 . 2011-04-12 21:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-12 21:13 . 2011-04-12 21:13        --------        d-----w-        c:\program files\CCleaner
2011-04-12 13:37 . 2011-04-12 13:37        --------        d-----w-        C:\_OTL
2011-04-12 12:17 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1AE2B9-77DD-42EB-935D-5592E958F1E3}\mpengine.dll
2011-04-11 01:11 . 2011-04-11 01:11        --------        d-----w-        c:\program files\MSXML 4.0
2011-04-08 18:00 . 2011-04-08 18:00        --------        d-----w-        c:\program files\ASIO4ALL v2
2011-04-08 17:43 . 2011-04-08 17:43        --------        d-----w-        c:\windows\usb-audio.deMiditech01
2011-04-08 17:42 . 2007-03-19 21:09        19456        ----a-w-        c:\windows\system32\drivers\mt01drv.sys
2011-04-08 17:38 . 2011-04-08 17:38        --------        d-----w-        c:\program files\ProtectDisc Driver Installer
2011-04-08 17:37 . 2011-04-08 17:37        --------        d-----w-        c:\users\UserXY\AppData\Roaming\MAGIX
2011-04-08 17:35 . 2003-04-18 14:29        82432        ----a-w-        c:\windows\system32\msxml4r.dll
2011-04-08 17:35 . 2003-04-18 14:29        44544        ----a-w-        c:\windows\system32\msxml4a.dll
2011-04-08 17:31 . 2007-04-18 21:07        53248        ----a-w-        c:\windows\system32\mgxasio2.dll
2011-04-08 17:31 . 2006-07-21 15:16        430080        ----a-w-        c:\windows\system32\MXRestore.exe
2011-04-08 17:19 . 2011-04-08 17:28        --------        d-----w-        c:\programdata\MAGIX
2011-04-08 17:18 . 2011-04-08 17:35        --------        d-----w-        c:\program files\MAGIX
2011-04-08 17:18 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\system32\DLLDEV32i.dll
2011-04-08 17:17 . 2011-04-08 17:35        --------        d-----w-        c:\windows\system32\MAGIX
2011-04-08 17:17 . 2007-07-11 09:53        697560        ----a-w-        c:\windows\system32\mgxoschk.dll
2011-04-08 14:01 . 2011-04-08 14:01        --------        d-----w-        c:\program files\Common Files\DivX Shared
2011-04-08 11:11 . 2011-04-08 11:11        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Malwarebytes
2011-04-08 11:10 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-08 11:10 . 2011-04-08 11:10        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-08 11:10 . 2011-04-08 11:10        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-08 11:10 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-03-31 20:43 . 2010-03-15 10:31        165376        ----a-w-        c:\windows\system32\unrar.dll
2011-03-31 20:43 . 2011-03-31 20:44        --------        d-----w-        c:\program files\K-Lite Codec Pack
2011-03-31 20:31 . 2011-04-01 21:33        --------        d-----w-        c:\users\UserXY\AppData\Roaming\DivX
2011-03-30 19:26 . 2011-03-30 19:26        --------        d-----w-        c:\program files\Common Files\PX Storage Engine
2011-03-30 19:26 . 2011-04-08 14:02        --------        d-----w-        c:\program files\DivX
2011-03-28 23:24 . 2011-03-29 08:51        --------        d-----w-        c:\users\UserXY\AppData\Roaming\vlc
2011-03-28 23:23 . 2011-03-28 23:23        --------        d-----w-        c:\program files\VideoLAN
2011-03-26 15:20 . 2011-03-26 15:20        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Vodafone Mobile Connect
2011-03-26 15:17 . 2011-03-26 15:17        --------        d-----w-        c:\users\UserXY\AppData\Roaming\FLEXnet
2011-03-26 15:10 . 2011-03-26 15:10        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Vodafone
2011-03-26 15:10 . 2009-06-29 16:59        112128        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys
2011-03-26 15:10 . 2009-04-09 12:38        102784        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys
2011-03-26 15:09 . 2011-03-26 15:09        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Bytemobile
2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\programdata\Vodafone
2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\programdata\FLEXnet
2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\program files\Vodafone
2011-03-26 15:07 . 2011-03-26 15:07        8464        ----a-w-        c:\windows\system32\SpOrder.dll
2011-03-26 15:07 . 2011-03-26 15:07        --------        d-----w-        c:\users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}
2011-03-20 00:50 . 2011-03-20 00:51        --------        d-----w-        c:\program files\Ontrack
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-05 19:47 . 2011-01-28 15:46        138520        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2011-04-05 19:46 . 2011-01-28 15:45        234536        ----a-w-        c:\windows\system32\PnkBstrB.exe
2011-04-05 19:46 . 2011-01-28 15:45        234536        ----a-w-        c:\windows\system32\PnkBstrB.xtr
2011-03-19 15:09 . 2010-11-12 21:38        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-02 16:11 . 2010-11-13 01:23        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-01-28 15:45 . 2011-01-28 15:45        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-11-10 11:49        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-11-10 11:49        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2008-11-03 13:14        217088        ----a-w-        c:\program files\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]
R3 MIDITECH_01;MIDITECH01 MIDI driver service;c:\windows\system32\drivers\mt01drv.sys [2007-03-19 19456]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]
S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - BMLoad
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube Download - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\UserXY\AppData\Roaming\Mozilla\Firefox\Profiles\cff1zf4c.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe
HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
AddRemove-Allied Intent Xtended - c:\program files\EA GAMES\Battlefield 2 - Backup\AIXuninstaller.exe
AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe
AddRemove-{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04} - c:\program files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-12 23:25
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5252)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
.
Zeit der Fertigstellung: 2011-04-13  00:12:16
ComboFix-quarantined-files.txt  2011-04-12 22:12
.
Vor Suchlauf: 12 Verzeichnis(se), 199.935.758.336 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 199.877.750.784 Bytes frei
.
- - End Of File - - D22AE12B24EFD7EBD46009E221901A8F
Liebe Grüße, Change

cosinus 13.04.2011 09:19
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:34 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131