Trojaner-Board - Botnet, wie überprüfe ich meinen PC?

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Botnet, wie überprüfe ich meinen PC? (https://www.trojaner-board.de/97176-botnet-ueberpruefe-meinen-pc.html)

Botnet, wie überprüfe ich meinen PC?

Hallihallo,
hab heute einen Beitrag im TV gesehen. Der gibs über diese Botnetze.
Habe ehrlich gesagt das erste mal was davon gehört und bin ziemlicher Anfänger auf dem Gebiet Maleware, Viren, Trojaner & Co.

Hab mir ein paar Seiten und Threads hier im Forum angeschaut, aber ich konnte da leider nicht viel von verstehen :-(

Es fielen immer Wörter wie Exploit, G-Packs, KeyGen, Infect ect.

Mein Internet Browser stockt in letzter Zeit öfters mal.
Er bleibt einfach ein paar Sekunden im Standbild, das bin ich nicht gewöhnt, auch ist er in letzter Zeit etwas langsam geworden.

Also die Finale Frage, wie kann ich meinen PC überprüfen, ob ich einem solchen Botnet unterstellt bin?

Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/

Ich bedanke mich im Voraus für hilfreiche Tipps (bitte für Anfänger :rolleyes: )

Euer Change

Hallo und :hallo:

Zitat:

Ich nutze "nur" Avira Antivir Free und denke das das auch in Verbindung mit der WinFirewall (WinVista) nicht optimal ist :-/

Softwaretechnisch ("Absicherungsprogramme") reicht das vollkommen.

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hat nicht vor dir schon jemand nen Post geschrieben? Ist ja fies den einfach zu löschen ^^

Also hier die Logs:

Maleware log

PHP-Code:

   Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 
Datenbank Version: 6308

 
Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

 
08.04.2011 14:19:53

mbam-log-2011-04-08 (14-19-53).txt

 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 285278

Laufzeit: 1 Stunde(n), 6 Minute(n), 26 Sekunde(n)

 
Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0

 
Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)

 
Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)

 
Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)

 
Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)

 
Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)

 
Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

OTL Log OTL.txt
OTL Logfile:

Code:

OTL logfile created on: 08.04.2011 14:53:42 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\UserXY\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS

Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\mIRC\mirc.exe (mIRC Co. Ltd.)

PRC - C:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)

PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)

PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\xampp\xampp-control.exe (Apache Friends)

PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)

PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe (Bytemobile, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\tsnp2uvc.exe ()

PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\UserXY\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)

SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)

SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()

DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)

DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)

DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94

 

FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2011.03.26 17:08:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.31 22:37:26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.31 22:37:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.31 21:12:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.31 22:37:25 | 000,000,000 | ---D | M]

 

[2010.11.12 22:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Extensions

[2011.04.07 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions

[2011.03.08 09:57:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.11.14 00:24:26 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\UserXY\AppData\Roaming\mozilla\Firefox\Profiles\cff1zf4c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.12.05 15:44:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2011.03.31 22:37:26 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO

[2011.03.31 22:37:27 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA

[2011.03.03 13:39:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}

[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)

O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)

O4 - HKLM..\Run: [snp2uvc]  File not found

O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: Free YouTube Download - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found

O13 - gopher Prefix: missing

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]

O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe

O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] ()

O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Install.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.08 13:11:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Malwarebytes

[2011.04.08 13:10:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.08 13:10:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.08 13:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.08 13:10:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.08 13:10:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.05 22:10:53 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended

[2011.04.02 04:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Allied Intent Xtended

[2011.03.31 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack

[2011.03.31 22:43:47 | 000,000,000 | ---D | C] -- C:\Programme\K-Lite Codec Pack

[2011.03.31 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\DDMSettings

[2011.03.31 22:36:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011.03.31 22:36:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared

[2011.03.31 22:31:28 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\DivX

[2011.03.30 21:26:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine

[2011.03.30 21:26:00 | 000,000,000 | ---D | C] -- C:\Programme\DivX

[2011.03.30 21:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX

[2011.03.29 01:24:12 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\vlc

[2011.03.29 01:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2011.03.29 01:23:38 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN

[2011.03.26 17:20:36 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone Mobile Connect

[2011.03.26 17:17:07 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\FLEXnet

[2011.03.26 17:10:31 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Vodafone

[2011.03.26 17:10:20 | 000,112,128 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys

[2011.03.26 17:10:18 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys

[2011.03.26 17:09:52 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Bytemobile

[2011.03.26 17:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet

[2011.03.26 17:07:18 | 000,008,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll

[2011.03.26 17:07:14 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}

[2011.03.20 02:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Ontrack

[2011.03.19 17:14:06 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\SATA Treiber

[2011.03.16 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\UserXY\Desktop\Dokumente

[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\mIRC

[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\Programme\mIRC

[2011.03.13 22:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC

[2011.03.10 18:36:05 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Local\FreePDF_XP

[2011.03.10 18:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF

[2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\Programme\FreePDF_XP

[2011.03.10 18:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\FreePDF

[2011.03.10 18:33:43 | 000,000,000 | ---D | C] -- C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ghostscript

[2011.03.10 18:33:36 | 000,000,000 | ---D | C] -- C:\Programme\gs

[2010.12.06 23:09:42 | 000,225,280 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll

[2010.12.06 23:09:41 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.08 13:03:45 | 000,627,494 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.08 13:03:44 | 000,666,108 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.08 13:03:44 | 000,141,546 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.08 13:03:44 | 000,116,318 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.08 12:58:06 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job

[2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.08 12:57:41 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.08 12:57:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.08 12:57:33 | 3215,855,616 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.07 21:23:38 | 009,307,648 | ---- | M] () -- C:\Users\UserXY\Desktop\GuAH.rar

[2011.04.06 22:51:28 | 000,006,452 | ---- | M] () -- C:\Users\UserXY\.recently-used.xbel

[2011.04.05 21:47:25 | 000,138,520 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.04.05 21:46:19 | 000,234,536 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

[2011.04.03 22:08:46 | 000,003,862 | ---- | M] () -- C:\Users\UserXY\Desktop\Geburtstag.html

[2011.04.03 03:06:46 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Team.html

[2011.04.02 22:19:43 | 000,025,140 | ---- | M] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt

[2011.04.02 05:28:07 | 000,002,045 | ---- | M] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk

[2011.04.02 04:59:18 | 000,001,022 | ---- | M] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk

[2011.03.31 20:48:04 | 000,000,369 | ---- | M] () -- C:\Users\UserXY\Desktop\Tickets DB.rtf

[2011.03.30 21:08:33 | 000,000,021 | ---- | M] () -- C:\Windows\ø04

[2011.03.29 19:42:15 | 000,006,144 | ---- | M] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.28 22:00:38 | 000,013,422 | ---- | M] () -- C:\Users\UserXY\Desktop\Werbung.ods

[2011.03.26 17:07:18 | 000,008,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SpOrder.dll

[2011.03.19 19:43:06 | 000,005,025 | ---- | M] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf

[2011.03.19 17:09:17 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.03.18 00:43:09 | 000,001,292 | ---- | M] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf

[2011.03.17 05:27:11 | 000,000,421 | ---- | M] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf

 
 ========== Files Created - No Company Name ==========

 

[2011.04.07 21:23:10 | 009,307,648 | ---- | C] () -- C:\Users\UserXY\Desktop\GuAH.rar

[2011.04.07 00:39:03 | 000,000,418 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job

[2011.04.06 22:51:28 | 000,006,452 | ---- | C] () -- C:\Users\UserXY\.recently-used.xbel

[2011.04.02 22:19:42 | 000,025,140 | ---- | C] () -- C:\Users\UserXY\Desktop\Unbenannt 1zhzhzh.odt

[2011.04.02 04:59:18 | 000,002,045 | ---- | C] () -- C:\Users\UserXY\Desktop\AIX 2.0.lnk

[2011.04.02 04:59:18 | 000,001,022 | ---- | C] () -- C:\Users\UserXY\Desktop\BF2SPCC.lnk

[2011.03.31 22:43:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.03.31 22:43:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04

[2011.03.28 20:57:39 | 000,013,422 | ---- | C] () -- C:\Users\UserXY\Desktop\Werbung.ods

[2011.03.19 19:43:06 | 000,005,025 | ---- | C] () -- C:\Users\UserXY\Desktop\BUGTRACKER GUIDE.rtf

[2011.03.18 00:43:09 | 000,001,292 | ---- | C] () -- C:\Users\UserXY\Desktop\Osterevent Ideeen.rtf

[2011.03.16 19:51:01 | 000,000,421 | ---- | C] () -- C:\Users\UserXY\Desktop\Bugs in WotlK.rtf

[2011.03.10 18:34:11 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll

[2011.03.10 18:34:11 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe

[2011.01.28 17:46:05 | 000,138,520 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys

[2011.01.28 17:45:55 | 000,234,536 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe

[2011.01.28 17:45:21 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe

[2010.12.13 14:24:31 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2010.12.06 23:09:42 | 001,799,808 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2010.12.06 23:09:42 | 000,233,472 | ---- | C] () -- C:\Windows\tsnp2uvc.exe

[2010.12.06 23:09:41 | 000,028,544 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2010.12.06 23:09:41 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2010.12.05 15:33:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.12.05 03:38:55 | 000,006,144 | ---- | C] () -- C:\Users\UserXY\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.23 18:41:50 | 000,000,132 | ---- | C] () -- C:\Users\UserXY\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010.11.21 17:04:33 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat

[2010.11.17 19:00:05 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2010.11.17 19:00:04 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2010.11.14 18:53:33 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.11.14 18:53:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.11.12 21:49:39 | 000,000,680 | ---- | C] () -- C:\Users\UserXY\AppData\Local\d3d9caps.dat

[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

[2008.09.16 02:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.01.21 09:15:58 | 000,666,108 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,141,546 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,253,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,627,494 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,116,318 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 

< End of report >

--- --- ---

OTL Log Extras.Txt
OTL Logfile:

Code:

OTL Extras logfile created on: 08.04.2011 14:53:42 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\UserXY\Downloads

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 298,08 Gb Total Space | 180,14 Gb Free Space | 60,43% Space Free | Partition Type: NTFS

Drive D: | 4,69 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

 

Computer Name: UserXY-LT | User Name: UserXY | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{082057E1-DA2A-4851-988D-2E02C82A61FC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{085ABB05-D427-445F-88AF-5885142FA378}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{195668FE-0AFF-4DB2-86A7-89A346F10C38}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{2C54D6E6-8FEE-4F4A-9224-2AA06FC24203}" = rport=138 | protocol=17 | dir=out | app=system | 

"{317AAA2A-006B-49D1-B134-6E4CB3385BC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{35F15898-9B3E-4274-8AE9-CBB711AF420D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{410549BA-C46D-4EB1-9EF4-99DFBEA384B6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{51D95E50-48EF-41CC-AA40-F09713A590F8}" = lport=139 | protocol=6 | dir=in | app=system | 

"{62092309-4945-4F07-B28A-A7C206BB06BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{71488D49-8D57-45EA-AF79-720FFA1557AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{7DC38869-D686-488F-9F65-8E02AE621005}" = rport=139 | protocol=6 | dir=out | app=system | 

"{836476F3-4A08-49AE-A9DE-185DC8F1CD66}" = rport=137 | protocol=17 | dir=out | app=system | 

"{9D16125D-AFEF-4687-B4E2-B4BF846720A3}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 

"{BCCAE36C-FEC0-4A39-A6C7-BFFFA0AEDE2A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{D1831A9F-DB0D-48B2-B585-B0CE700325A5}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E6344D9A-75FD-4F90-BA1D-DF7BD1B58CF7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{EDE86F30-7567-4E89-BD88-3359EDF83FE5}" = rport=445 | protocol=6 | dir=out | app=system | 

"{F048EA16-D3D8-4B37-A175-2A77C2687A92}" = lport=138 | protocol=17 | dir=in | app=system | 

"{F56D6BE4-37C7-431E-84A1-14390E7CA0DA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{18A121F3-2C46-4C1A-BF84-D2F95D9E6441}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{20D44E87-FF81-460E-AEC4-30E44858EBF1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3905CB25-C78D-488A-9E80-2B44898757F5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{3B7EB9F6-29B7-42D9-80A8-3C8B6D9922FA}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{44395975-C19E-4884-9D62-13723227A96A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{566F4F0F-E2F3-4A2E-A42D-17BECCA37CA4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{7C06B76E-FC2E-4D86-88BA-7454C66DD4D8}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{8A31DA49-E7C2-4E51-A068-CC0332B8C2FD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{91BEC9BA-706F-4520-A4BF-C11804050734}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{99E5BAD5-15DF-4BFF-A5FE-C85833A5124D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{A13B0100-F471-452E-8161-D7EBD3B85FAD}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{A55B93E2-F95F-4D94-9496-0271AEC5F240}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{B352AD18-7473-48A8-91B1-A1BED7889219}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{C9BDFEC7-A8B3-4149-93ED-4D643E8D588A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"{D2CFEF35-E009-4B6C-B934-32EAFBD2F115}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{EEBB4BBB-98B5-46E4-9E65-EE9B50E8025D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{F0FC704B-ABEC-4F4D-884B-FBBAA49A487D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 

"{F32B80AD-1024-4021-8731-4EAC57D4F431}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 

"TCP Query User{0915FD88-778B-432D-89BF-E4FD32A0F1BF}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe | 

"TCP Query User{2EC893D1-D51E-4D23-B962-F6194A048EB4}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe | 

"TCP Query User{3676B3FD-EE92-401A-AD98-5E5A6E94EA93}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe | 

"TCP Query User{41BF4A2A-7EDD-49F2-9EAC-17FC445D69C6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe | 

"TCP Query User{45500023-0036-4DA3-B78F-3A774D5AE7D7}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe | 

"TCP Query User{497DCF11-B305-41B3-A76C-8BD710C3D788}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | 

"TCP Query User{50AAD46C-C652-4991-91EF-196A0AF998C6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe | 

"TCP Query User{62CE1318-260F-4C3D-ADB1-BD5CB111598E}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 

"TCP Query User{73805122-F62E-4850-BD91-E255465048C2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe | 

"TCP Query User{7F0E4E5B-BA5F-4E8A-B0FE-958756B73563}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{8DD3A72E-F650-4F7A-9960-2F5A2046D664}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe | 

"TCP Query User{8F43AB5B-0F0E-45F3-9245-63054D4E3827}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"TCP Query User{946907A8-0B09-4FE4-9DAC-842C1818B14E}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe | 

"TCP Query User{9BD4BDCE-0B4F-4267-8B10-A806071F542E}C:\xampp\filezillaftp\filezilla server.exe" = protocol=6 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 

"TCP Query User{A11562F4-F346-4B91-A5EE-33C65A9D7E27}C:\program files\tswebeditor\tswebeditor.exe" = protocol=6 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe | 

"TCP Query User{C5B0937B-5D7A-4288-9055-F2BCC74BBDC2}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe | 

"TCP Query User{D1B511A2-C11A-44C1-A058-A4C6C52406E8}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe | 

"TCP Query User{D924792E-5E81-4646-87A3-7C7D27EFB058}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"UDP Query User{08718B93-277E-42CA-8529-C9AC14F04FC2}C:\users\UserXY\desktop\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-world.exe | 

"UDP Query User{0F951912-372E-4EA9-8C13-D4AB69ABB10B}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | 

"UDP Query User{2A53B9AD-2F81-42FE-BB6E-4889E8C81575}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-logonserver.exe | 

"UDP Query User{4BD0F880-ED4E-4B61-A661-94DCF2945FB6}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\server\arcemu-world.exe | 

"UDP Query User{4C728C08-5E01-46CC-B2B0-DAE936FB3C77}C:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki alt\arcemu-logonserver.exe | 

"UDP Query User{5824E21F-8453-45C4-9E0A-17A797E11B89}C:\users\UserXY\desktop\neuer ordner\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-world.exe | 

"UDP Query User{77215D82-E1F6-456F-BF44-9C922816922F}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe | 

"UDP Query User{8A25C818-1C5F-41B9-8702-F0CD6B9400A6}C:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\neuer ordner\arcemu-logonserver.exe | 

"UDP Query User{8C2FA855-BED0-424F-9B1B-D30C0C9DAF96}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 

"UDP Query User{97B62570-DD02-4961-89B5-00233035892C}C:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-logonserver.exe | 

"UDP Query User{A1CD3481-586B-40DB-B9DA-21730BBCE276}C:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki 2\arcemu\mysql\udrive\bin\mysqld-opt.exe | 

"UDP Query User{B0C4FA83-D395-4B51-9D63-B4E77C7F0F50}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 

"UDP Query User{B839EF48-9CAA-418C-9553-CB1B9CFA4F20}C:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\own server\arcemu\arcemu-logonserver.exe | 

"UDP Query User{C2A885AC-4463-44C6-BC64-F8710030128C}C:\users\UserXY\desktop\wow\server honki\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\wow\server honki\arcemu-world.exe | 

"UDP Query User{CAC51CF5-3558-4E61-9E03-DA633AC7A79E}C:\program files\tswebeditor\tswebeditor.exe" = protocol=17 | dir=in | app=c:\program files\tswebeditor\tswebeditor.exe | 

"UDP Query User{DB253A1D-37AC-4E69-8428-0009D14E729A}C:\users\UserXY\desktop\server honki\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\UserXY\desktop\server honki\arcemu-logonserver.exe | 

"UDP Query User{DBDFDFAD-82A9-402F-B98C-C6FA8BE52FD3}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe | 

"UDP Query User{E910EBD3-1AD2-44B6-BF33-282591AB7977}C:\xampp\filezillaftp\filezilla server.exe" = protocol=17 | dir=in | app=c:\xampp\filezillaftp\filezilla server.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319

"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software

"{29805E39-651D-483D-85DA-A818AE4B1D96}" = World of Warcraft Model Viewer 32-bit

"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Foxlink Webcam

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0

"{48B51112-BA23-42F9-AB81-7CC9F7A6E99A}" = tsWebEditor 20060920

"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Bison Webcam

"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces

"{58E5BB82-338B-4A48-B1BE-F8BE30F615EC}_is1" = Hyrule City 1.1

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite

"{7B63B2922B174135AFC0E1377DD81EC2}" = 

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial

"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air

"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch

"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 260.99

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.9.0

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Allied Intent Xtended" = Allied Intent Xtended 2.0

"AutoHotkey" = AutoHotkey 1.0.48.05.L61

"AutoItv3" = AutoIt v3.3.6.1

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"DivX Content Uploader" = DivX Content Uploader

"DivX Setup.divx.com" = DivX-Setup

"FileZilla Client" = FileZilla Client 3.3.4.1

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.34.305

"FreePDF_XP" = FreePDF (Remove only)

"Geany" = Geany 0.19.1

"GPL Ghostscript 9.01" = GPL Ghostscript 9.01

"Hamachi" = Hamachi 1.0.3.0

"InstallShield_{A074DE55-29EB-459C-99C9-3F26C5669ECB}" = EasyRecovery DataRecovery Trial

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.0.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU

"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU

"mIRC" = mIRC

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"ProInst" = Intel PROSet Wireless

"Redirection Port Monitor" = RedMon - Redirection Port Monitor

"Revo Uninstaller" = Revo Uninstaller 1.91

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.8

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 05.04.2011 16:14:22 | Computer Name = UserXY-LT | Source = VSS | ID = 8194

Description = 

 

Error - 06.04.2011 14:23:26 | Computer Name = UserXY-LT | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 06.04.2011 14:23:27 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10

Description = 

 

Error - 06.04.2011 21:27:01 | Computer Name = UserXY-LT | Source = VMCService | ID = 0

Description = GetProcessOwner

 

Error - 07.04.2011 05:14:48 | Computer Name = UserXY-LT | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 07.04.2011 05:14:52 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10

Description = 

 

Error - 07.04.2011 12:18:04 | Computer Name = UserXY-LT | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 07.04.2011 12:18:06 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10

Description = 

 

Error - 08.04.2011 06:57:54 | Computer Name = UserXY-LT | Source = VMCService | ID = 0

Description = conflictManagerTypeValue

 

Error - 08.04.2011 06:57:55 | Computer Name = UserXY-LT | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 16.01.2011 12:31:28 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016

Description = 

 

Error - 16.01.2011 12:31:43 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 16.01.2011 12:34:27 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.178.29 für die Netzwerkkarte mit der Netzwerkadresse

 0016EAD0C51E wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server

 hat eine DHCPNACK-Meldung gesendet).

 

Error - 17.01.2011 08:39:17 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016

Description = 

 

Error - 17.01.2011 08:39:25 | Computer Name = UserXY-LT | Source = Dhcp | ID = 1002

Description = Die IP-Adresslease 192.168.2.102 für die Netzwerkkarte mit der Netzwerkadresse

 0016EAD0C51E wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat

 eine DHCPNACK-Meldung gesendet).

 

Error - 17.01.2011 08:39:31 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 18.01.2011 07:58:23 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016

Description = 

 

Error - 18.01.2011 07:58:35 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 19.01.2011 07:48:57 | Computer Name = UserXY-LT | Source = HTTP | ID = 15016

Description = 

 

Error - 19.01.2011 07:49:20 | Computer Name = UserXY-LT | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

--- --- ---

Vielen Dank, Change :-)

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Nein, da steht nur dieser den ich angegeben habe!

Das mit den Hängern manchmal wird immer schlimmer....dann tut sich 10 sec manchmal garnichts!

Liebe Grüße, Change

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

[2011.03.30 21:08:33 | 000,000,021 | ---- | C] () -- C:\Windows\ø04

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2007.10.23 21:31:11 | 000,000,000 | R--D | M] - D:\autorun -- [ UDF ]

O32 - AutoRun File - [2007.02.02 18:48:45 | 001,196,032 | R--- | M] () - D:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2007.01.11 16:00:44 | 000,000,043 | R--- | M] () - D:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe

O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007.02.02 18:48:45 | 001,196,032 | R--- | M] ()

O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell - "" = AutoRun

O33 - MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Was wird denn gefixt?
Gibts ein Problem mit meinem Computer?
Irgendwas kaputt?

Liebe Grüße, Change

Wenn man dir hier helfen soll, muss du schon den Helfern vertrauen. Soll ich dir jetzt jede Zeile des Scriptes erklären bis du es verstanden hast oder willst du schnell und einfach Windows wieder auf Vordermann bringen?

Ganz ehrlich? Ich vertraue euch, das ist keine Frage.
Aber ich bin jemand der nicht einfach gesagt bekommen möchte was er machen soll, ich möchte lernen. Ich möchte wissen was nicht stimmt und lernen diese Probleme zu lösen.

Ich halte wenig von Leuten die ins Forum posten was muss ich tun und dann einfach stupide das tun was gesagt wird.
Ich hinterfrage nicht mangels fehlendem Vertrauen sondern mangels fehlendem Wissen.

Aber ist ja gut, dann werde ich es eben so ausführen. Danke :-)

Liebe Grüße, Change

Also, habe nun den Fix mal durchgespielt, scheinen ein zwei Problemchen bei aufgetreten zu sein:

Code:

All processes killed

========== OTL ==========

C:\Windows\ø04 moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

File  not found.

File D:\Autorun.exe not found.

File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51349799-10de-11e0-9d2c-806e6f6e6963}\ not found.

File F:\Install.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6569123a-ee93-11df-80d0-806e6f6e6963}\ not found.

File D:\Autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206f4-57b9-11e0-bfe5-ca22a4176b5a}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ba206fe-57b9-11e0-bfe5-001e101fa1f5}\ not found.

File F:\setup_vmc_lite.exe /checkApplicationPresence not found.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Jonas

->Temp folder emptied: 199568523 bytes

->Temporary Internet Files folder emptied: 60557249 bytes

->FireFox cache emptied: 82907101 bytes

->Flash cache emptied: 70256 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18827197 bytes

RecycleBin emptied: 3812925512 bytes

 

Total Files Cleaned = 3.981,00 mb

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

 

OTL by OldTimer - Version 3.2.22.3 log created on 04122011_153726
 

Files\Folders moved on Reboot...

File move failed. D:\autorun.inf scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Was nun?

Liebe Grüße, Change

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Ok, der Scan hat 0 Ergebnisse geliefert und einen Scanlog gab es auch nicht.
Habe hier nur den Log durch "Report" im Nachhinein:

Code:

2011/04/12 16:17:52.0035 5448        TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/04/12 16:17:52.0340 5448        ================================================================================

2011/04/12 16:17:52.0340 5448        SystemInfo:

2011/04/12 16:17:52.0340 5448        

2011/04/12 16:17:52.0340 5448        OS Version: 6.0.6001 ServicePack: 1.0

2011/04/12 16:17:52.0340 5448        Product type: Workstation

2011/04/12 16:17:52.0340 5448        ComputerName: USER-XY

2011/04/12 16:17:52.0340 5448        UserName: USER-XY

2011/04/12 16:17:52.0340 5448        Windows directory: C:\Windows

2011/04/12 16:17:52.0340 5448        System windows directory: C:\Windows

2011/04/12 16:17:52.0340 5448        Processor architecture: Intel x86

2011/04/12 16:17:52.0340 5448        Number of processors: 2

2011/04/12 16:17:52.0340 5448        Page size: 0x1000

2011/04/12 16:17:52.0340 5448        Boot type: Normal boot

2011/04/12 16:17:52.0340 5448        ================================================================================

2011/04/12 16:17:52.0819 5448        Initialize success

2011/04/12 16:17:58.0481 4572        ================================================================================

2011/04/12 16:17:58.0481 4572        Scan started

2011/04/12 16:17:58.0481 4572        Mode: Manual; 

2011/04/12 16:17:58.0481 4572        ================================================================================

2011/04/12 16:18:00.0030 4572        acedrv10        (553ba53445795cbc0d4f9fa37eb855a6) C:\Windows\system32\drivers\acedrv10.sys

2011/04/12 16:18:00.0150 4572        acehlp10        (8ce00b6a46962a1808b19cd1dae5170c) C:\Windows\system32\drivers\acehlp10.sys

2011/04/12 16:18:00.0251 4572        ACPI            (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys

2011/04/12 16:18:00.0300 4572        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/04/12 16:18:00.0470 4572        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/04/12 16:18:00.0556 4572        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/04/12 16:18:00.0583 4572        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/04/12 16:18:00.0631 4572        AFD             (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys

2011/04/12 16:18:00.0679 4572        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/04/12 16:18:00.0725 4572        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/04/12 16:18:00.0763 4572        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/04/12 16:18:00.0795 4572        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/04/12 16:18:00.0825 4572        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/04/12 16:18:00.0855 4572        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/04/12 16:18:00.0878 4572        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/04/12 16:18:00.0980 4572        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/04/12 16:18:01.0019 4572        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/04/12 16:18:01.0076 4572        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/04/12 16:18:01.0106 4572        atapi           (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys

2011/04/12 16:18:01.0177 4572        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys

2011/04/12 16:18:01.0213 4572        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys

2011/04/12 16:18:01.0273 4572        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/04/12 16:18:01.0317 4572        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/04/12 16:18:01.0422 4572        BMLoad          (d002033c1a37f6af51b5f0ba6d0211bc) C:\Windows\system32\drivers\BMLoad.sys

2011/04/12 16:18:01.0454 4572        bowser          (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2011/04/12 16:18:01.0491 4572        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/04/12 16:18:01.0519 4572        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/04/12 16:18:01.0555 4572        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/04/12 16:18:01.0585 4572        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/04/12 16:18:01.0625 4572        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/04/12 16:18:01.0644 4572        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/04/12 16:18:01.0680 4572        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/04/12 16:18:01.0778 4572        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/04/12 16:18:01.0822 4572        cdrom           (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys

2011/04/12 16:18:01.0863 4572        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2011/04/12 16:18:01.0908 4572        CLFS            (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys

2011/04/12 16:18:01.0999 4572        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2011/04/12 16:18:02.0050 4572        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/04/12 16:18:02.0077 4572        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2011/04/12 16:18:02.0100 4572        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/04/12 16:18:02.0125 4572        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/04/12 16:18:02.0169 4572        DfsC            (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys

2011/04/12 16:18:02.0225 4572        disk            (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys

2011/04/12 16:18:02.0305 4572        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/04/12 16:18:02.0389 4572        DXGKrnl         (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys

2011/04/12 16:18:02.0456 4572        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/04/12 16:18:02.0511 4572        Ecache          (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys

2011/04/12 16:18:02.0567 4572        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/04/12 16:18:02.0625 4572        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/04/12 16:18:02.0742 4572        ewusbnet        (0f40e249e4dd0ce47c7ca19c5c8fb48a) C:\Windows\system32\DRIVERS\ewusbnet.sys

2011/04/12 16:18:02.0798 4572        exfat           (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys

2011/04/12 16:18:02.0834 4572        fastfat         (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys

2011/04/12 16:18:02.0902 4572        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/04/12 16:18:02.0969 4572        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/04/12 16:18:03.0001 4572        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/04/12 16:18:03.0036 4572        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/04/12 16:18:03.0064 4572        FltMgr          (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys

2011/04/12 16:18:03.0105 4572        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/04/12 16:18:03.0132 4572        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/04/12 16:18:03.0222 4572        hamachi         (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys

2011/04/12 16:18:03.0312 4572        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/04/12 16:18:03.0384 4572        HDAudBus        (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/04/12 16:18:03.0569 4572        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/04/12 16:18:03.0619 4572        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/04/12 16:18:03.0699 4572        HidUsb          (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys

2011/04/12 16:18:03.0737 4572        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/04/12 16:18:03.0814 4572        HTTP            (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys

2011/04/12 16:18:03.0969 4572        hwdatacard      (92ca47da32009ccc00a5aded04abbd78) C:\Windows\system32\DRIVERS\ewusbmdm.sys

2011/04/12 16:18:04.0028 4572        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/04/12 16:18:04.0071 4572        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/04/12 16:18:04.0101 4572        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/04/12 16:18:04.0146 4572        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/04/12 16:18:04.0275 4572        IntcAzAudAddService (e345ec27c8dff8728f5c6f0413699dc5) C:\Windows\system32\drivers\RTKVHDA.sys

2011/04/12 16:18:04.0453 4572        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/04/12 16:18:04.0502 4572        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/04/12 16:18:04.0541 4572        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/04/12 16:18:04.0723 4572        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/04/12 16:18:04.0767 4572        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/04/12 16:18:05.0010 4572        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/04/12 16:18:05.0043 4572        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/04/12 16:18:05.0074 4572        iScsiPrt        (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/04/12 16:18:05.0103 4572        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/04/12 16:18:05.0141 4572        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/04/12 16:18:05.0162 4572        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/04/12 16:18:05.0185 4572        kbdhid          (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys

2011/04/12 16:18:05.0254 4572        KSecDD          (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys

2011/04/12 16:18:05.0298 4572        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/04/12 16:18:05.0340 4572        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/04/12 16:18:05.0374 4572        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/04/12 16:18:05.0420 4572        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/04/12 16:18:05.0450 4572        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/04/12 16:18:05.0520 4572        massfilter      (567d3cbc0ba3332887d091a237d4fd3c) C:\Windows\system32\drivers\massfilter.sys

2011/04/12 16:18:05.0571 4572        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/04/12 16:18:05.0618 4572        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/04/12 16:18:05.0723 4572        MIDITECH_01     (96d3a86a4f5b46b3a19b5febfe4071c0) C:\Windows\system32\drivers\mt01drv.sys

2011/04/12 16:18:05.0763 4572        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/04/12 16:18:05.0803 4572        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/04/12 16:18:05.0839 4572        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/04/12 16:18:05.0887 4572        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/04/12 16:18:05.0918 4572        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/04/12 16:18:05.0962 4572        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/04/12 16:18:06.0021 4572        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/04/12 16:18:06.0059 4572        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/04/12 16:18:06.0089 4572        MRxDAV          (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys

2011/04/12 16:18:06.0154 4572        mrxsmb          (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/04/12 16:18:06.0173 4572        mrxsmb10        (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/04/12 16:18:06.0207 4572        mrxsmb20        (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/04/12 16:18:06.0249 4572        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys

2011/04/12 16:18:06.0276 4572        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/04/12 16:18:06.0359 4572        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/04/12 16:18:06.0392 4572        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/04/12 16:18:06.0442 4572        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/04/12 16:18:06.0464 4572        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/04/12 16:18:06.0483 4572        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/04/12 16:18:06.0508 4572        MsRPC           (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys

2011/04/12 16:18:06.0547 4572        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/04/12 16:18:06.0570 4572        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/04/12 16:18:06.0595 4572        Mup             (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys

2011/04/12 16:18:06.0674 4572        NativeWifiP     (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys

2011/04/12 16:18:06.0725 4572        NDIS            (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys

2011/04/12 16:18:06.0750 4572        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/04/12 16:18:06.0778 4572        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/04/12 16:18:06.0835 4572        NdisWan         (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/04/12 16:18:06.0869 4572        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/04/12 16:18:06.0908 4572        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/04/12 16:18:06.0935 4572        netbt           (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys

2011/04/12 16:18:07.0195 4572        NETw5v32        (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys

2011/04/12 16:18:07.0445 4572        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/04/12 16:18:07.0487 4572        Npfs            (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys

2011/04/12 16:18:07.0518 4572        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/04/12 16:18:07.0580 4572        Ntfs            (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys

2011/04/12 16:18:07.0679 4572        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/04/12 16:18:07.0704 4572        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/04/12 16:18:07.0772 4572        NVHDA           (0e40ef12bc029ff8b13043f157452c47) C:\Windows\system32\drivers\nvhda32v.sys

2011/04/12 16:18:08.0058 4572        nvlddmkm        (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/04/12 16:18:08.0270 4572        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/04/12 16:18:08.0291 4572        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/04/12 16:18:08.0323 4572        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/04/12 16:18:08.0392 4572        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys

2011/04/12 16:18:08.0435 4572        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/04/12 16:18:08.0467 4572        partmgr         (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys

2011/04/12 16:18:08.0501 4572        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/04/12 16:18:08.0548 4572        pci             (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys

2011/04/12 16:18:08.0589 4572        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/04/12 16:18:08.0619 4572        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/04/12 16:18:08.0668 4572        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/04/12 16:18:08.0794 4572        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/04/12 16:18:08.0826 4572        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/04/12 16:18:08.0903 4572        PSched          (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys

2011/04/12 16:18:09.0000 4572        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/04/12 16:18:09.0101 4572        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/04/12 16:18:09.0136 4572        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/04/12 16:18:09.0158 4572        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/04/12 16:18:09.0190 4572        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/04/12 16:18:09.0223 4572        RasPppoe        (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/04/12 16:18:09.0243 4572        RasSstp         (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys

2011/04/12 16:18:09.0273 4572        rdbss           (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys

2011/04/12 16:18:09.0301 4572        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/04/12 16:18:09.0342 4572        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/04/12 16:18:09.0368 4572        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/04/12 16:18:09.0401 4572        RDPWD           (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys

2011/04/12 16:18:09.0466 4572        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/04/12 16:18:09.0537 4572        RTL8169         (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys

2011/04/12 16:18:09.0570 4572        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/04/12 16:18:09.0619 4572        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/04/12 16:18:09.0652 4572        Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/04/12 16:18:09.0687 4572        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/04/12 16:18:09.0722 4572        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/04/12 16:18:09.0774 4572        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/04/12 16:18:09.0797 4572        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/04/12 16:18:09.0826 4572        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/04/12 16:18:09.0860 4572        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/04/12 16:18:09.0894 4572        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/04/12 16:18:09.0920 4572        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/04/12 16:18:09.0947 4572        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/04/12 16:18:09.0986 4572        Smb             (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys

2011/04/12 16:18:10.0143 4572        SNP2UVC         (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys

2011/04/12 16:18:10.0301 4572        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/04/12 16:18:10.0389 4572        srv             (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys

2011/04/12 16:18:10.0458 4572        srv2            (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys

2011/04/12 16:18:10.0482 4572        srvnet          (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys

2011/04/12 16:18:10.0522 4572        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

2011/04/12 16:18:10.0609 4572        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/04/12 16:18:10.0671 4572        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/04/12 16:18:10.0702 4572        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/04/12 16:18:10.0734 4572        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/04/12 16:18:10.0842 4572        Tcpip           (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys

2011/04/12 16:18:10.0935 4572        Tcpip6          (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys

2011/04/12 16:18:11.0035 4572        tcpipBM         (dcfeb82ca988598ceb8f83148616038e) C:\Windows\system32\drivers\tcpipBM.sys

2011/04/12 16:18:11.0109 4572        tcpipreg        (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys

2011/04/12 16:18:11.0412 4572        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/04/12 16:18:11.0546 4572        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/04/12 16:18:11.0591 4572        tdx             (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys

2011/04/12 16:18:11.0622 4572        TermDD          (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys

2011/04/12 16:18:11.0673 4572        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/04/12 16:18:11.0705 4572        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/04/12 16:18:11.0723 4572        tunnel          (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/04/12 16:18:11.0749 4572        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/04/12 16:18:11.0773 4572        udfs            (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys

2011/04/12 16:18:11.0812 4572        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/04/12 16:18:11.0849 4572        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/04/12 16:18:11.0888 4572        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/04/12 16:18:11.0921 4572        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/04/12 16:18:11.0955 4572        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/04/12 16:18:12.0041 4572        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/04/12 16:18:12.0077 4572        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/04/12 16:18:12.0102 4572        usbehci         (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys

2011/04/12 16:18:12.0130 4572        usbhub          (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys

2011/04/12 16:18:12.0157 4572        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/04/12 16:18:12.0176 4572        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/04/12 16:18:12.0219 4572        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/04/12 16:18:12.0281 4572        USBSTOR         (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/04/12 16:18:12.0438 4572        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/04/12 16:18:12.0535 4572        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys

2011/04/12 16:18:12.0582 4572        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/04/12 16:18:12.0607 4572        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/04/12 16:18:12.0632 4572        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/04/12 16:18:12.0657 4572        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/04/12 16:18:12.0683 4572        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/04/12 16:18:12.0712 4572        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/04/12 16:18:12.0764 4572        volmgrx         (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys

2011/04/12 16:18:12.0799 4572        volsnap         (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys

2011/04/12 16:18:12.0839 4572        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/04/12 16:18:12.0893 4572        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/04/12 16:18:12.0918 4572        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/12 16:18:12.0944 4572        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/04/12 16:18:12.0980 4572        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/04/12 16:18:13.0018 4572        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/04/12 16:18:13.0125 4572        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/04/12 16:18:13.0204 4572        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/04/12 16:18:13.0277 4572        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/04/12 16:18:13.0362 4572        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys

2011/04/12 16:18:13.0622 4572        ZTEusbmdm6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys

2011/04/12 16:18:13.0797 4572        ZTEusbnmea      (f16ce3c7690ab7426dc96520d54a737e) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys

2011/04/12 16:18:13.0929 4572        ZTEusbser6k     (c2215c6ada8b1e9feb507cee9b446661) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys

2011/04/12 16:18:13.0991 4572        ================================================================================

2011/04/12 16:18:13.0991 4572        Scan finished

2011/04/12 16:18:13.0991 4572        ================================================================================

Heißt das bei mir ist nichts drauf? :-)

Liebe Grüße, Change

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Also, bin gekommen bis zum Abschluss der ComboFix Datei.

dann kam ein cmd-window mit blauem Hintergrund:

Code:

Bereite Logdatei vor.
 

Starte keine anderen Programme, bevor ComboFix fertig ist.
 
 

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

Davor kommt ein Windows-Fenster:
PEV.cfxxe funktioniert nicht mehr

Keine Ahnung ob alles gut funktioniert hat. Nach klicken auf "Programm beenden" kam der Hinweis auf den log:

Code:

ComboFix 11-04-12.01 - UserXY 12.04.2011  23:19:35.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3066.1969 [GMT 2:00]

ausgeführt von:: c:\users\UserXY\Desktop\cofi.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-12 bis 2011-04-12  ))))))))))))))))))))))))))))))

.

.

2011-04-12 21:25 . 2011-04-12 21:25        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-12 21:13 . 2011-04-12 21:13        --------        d-----w-        c:\program files\CCleaner

2011-04-12 13:37 . 2011-04-12 13:37        --------        d-----w-        C:\_OTL

2011-04-12 12:17 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D1AE2B9-77DD-42EB-935D-5592E958F1E3}\mpengine.dll

2011-04-11 01:11 . 2011-04-11 01:11        --------        d-----w-        c:\program files\MSXML 4.0

2011-04-08 18:00 . 2011-04-08 18:00        --------        d-----w-        c:\program files\ASIO4ALL v2

2011-04-08 17:43 . 2011-04-08 17:43        --------        d-----w-        c:\windows\usb-audio.deMiditech01

2011-04-08 17:42 . 2007-03-19 21:09        19456        ----a-w-        c:\windows\system32\drivers\mt01drv.sys

2011-04-08 17:38 . 2011-04-08 17:38        --------        d-----w-        c:\program files\ProtectDisc Driver Installer

2011-04-08 17:37 . 2011-04-08 17:37        --------        d-----w-        c:\users\UserXY\AppData\Roaming\MAGIX

2011-04-08 17:35 . 2003-04-18 14:29        82432        ----a-w-        c:\windows\system32\msxml4r.dll

2011-04-08 17:35 . 2003-04-18 14:29        44544        ----a-w-        c:\windows\system32\msxml4a.dll

2011-04-08 17:31 . 2007-04-18 21:07        53248        ----a-w-        c:\windows\system32\mgxasio2.dll

2011-04-08 17:31 . 2006-07-21 15:16        430080        ----a-w-        c:\windows\system32\MXRestore.exe

2011-04-08 17:19 . 2011-04-08 17:28        --------        d-----w-        c:\programdata\MAGIX

2011-04-08 17:18 . 2011-04-08 17:35        --------        d-----w-        c:\program files\MAGIX

2011-04-08 17:18 . 2007-04-27 08:43        120200        ----a-w-        c:\windows\system32\DLLDEV32i.dll

2011-04-08 17:17 . 2011-04-08 17:35        --------        d-----w-        c:\windows\system32\MAGIX

2011-04-08 17:17 . 2007-07-11 09:53        697560        ----a-w-        c:\windows\system32\mgxoschk.dll

2011-04-08 14:01 . 2011-04-08 14:01        --------        d-----w-        c:\program files\Common Files\DivX Shared

2011-04-08 11:11 . 2011-04-08 11:11        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Malwarebytes

2011-04-08 11:10 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-08 11:10 . 2011-04-08 11:10        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-08 11:10 . 2011-04-08 11:10        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-08 11:10 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-03-31 20:43 . 2010-03-15 10:31        165376        ----a-w-        c:\windows\system32\unrar.dll

2011-03-31 20:43 . 2011-03-31 20:44        --------        d-----w-        c:\program files\K-Lite Codec Pack

2011-03-31 20:31 . 2011-04-01 21:33        --------        d-----w-        c:\users\UserXY\AppData\Roaming\DivX

2011-03-30 19:26 . 2011-03-30 19:26        --------        d-----w-        c:\program files\Common Files\PX Storage Engine

2011-03-30 19:26 . 2011-04-08 14:02        --------        d-----w-        c:\program files\DivX

2011-03-28 23:24 . 2011-03-29 08:51        --------        d-----w-        c:\users\UserXY\AppData\Roaming\vlc

2011-03-28 23:23 . 2011-03-28 23:23        --------        d-----w-        c:\program files\VideoLAN

2011-03-26 15:20 . 2011-03-26 15:20        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Vodafone Mobile Connect

2011-03-26 15:17 . 2011-03-26 15:17        --------        d-----w-        c:\users\UserXY\AppData\Roaming\FLEXnet

2011-03-26 15:10 . 2011-03-26 15:10        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Vodafone

2011-03-26 15:10 . 2009-06-29 16:59        112128        ----a-w-        c:\windows\system32\drivers\ewusbnet.sys

2011-03-26 15:10 . 2009-04-09 12:38        102784        ----a-w-        c:\windows\system32\drivers\ewusbmdm.sys

2011-03-26 15:09 . 2011-03-26 15:09        --------        d-----w-        c:\users\UserXY\AppData\Roaming\Bytemobile

2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\programdata\Vodafone

2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\programdata\FLEXnet

2011-03-26 15:08 . 2011-03-26 15:08        --------        d-----w-        c:\program files\Vodafone

2011-03-26 15:07 . 2011-03-26 15:07        8464        ----a-w-        c:\windows\system32\SpOrder.dll

2011-03-26 15:07 . 2011-03-26 15:07        --------        d-----w-        c:\users\UserXY\AppData\Local\{86DD38A2-C8BD-404A-A1BD-907F6B69C913}

2011-03-20 00:50 . 2011-03-20 00:51        --------        d-----w-        c:\program files\Ontrack

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-05 19:47 . 2011-01-28 15:46        138520        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys

2011-04-05 19:46 . 2011-01-28 15:45        234536        ----a-w-        c:\windows\system32\PnkBstrB.exe

2011-04-05 19:46 . 2011-01-28 15:45        234536        ----a-w-        c:\windows\system32\PnkBstrB.xtr

2011-03-19 15:09 . 2010-11-12 21:38        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-02-02 16:11 . 2010-11-13 01:23        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-01-28 15:45 . 2011-01-28 15:45        75064        ----a-w-        c:\windows\system32\PnkBstrA.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2010-03-21 07:55        87304        ----a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]

"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]

"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2010-06-17 370176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]

path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk

backup=c:\windows\pss\hamachi.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^UserXY^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-11-10 11:49        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-11-10 11:49        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]

2008-11-03 13:14        217088        ----a-w-        c:\program files\BisonCam\BsMnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]

2011-01-05 08:18        133432        ----a-w-        c:\program files\ICQ7.2\ICQ.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 112128]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-22 9728]

R3 MIDITECH_01;MIDITECH01 MIDI driver service;c:\windows\system32\drivers\mt01drv.sys [2007-03-19 19456]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 acedrv10;acedrv10;c:\windows\system32\drivers\acedrv10.sys [2007-07-27 330144]

S2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [2007-07-27 251680]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-11 9216]

S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-09-07 123496]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - KLMD25

*Deregistered* - BMLoad

*Deregistered* - klmd25

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs        REG_MULTI_SZ           BthServ

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-11 c:\windows\Tasks\User_Feed_Synchronization-{6A7A0405-BDD3-4B52-87CE-42F20427E624}.job

- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: Free YouTube Download - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm

IE: Free YouTube to MP3 Converter - c:\users\UserXY\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

FF - ProfilePath - c:\users\UserXY\AppData\Roaming\Mozilla\Firefox\Profiles\cff1zf4c.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.de

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKLM-Run-snp2uvc - c:\windows\vsnp2uvc.exe

HKLM-Run-MobileConnect - %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe

AddRemove-Allied Intent Xtended - c:\program files\EA GAMES\Battlefield 2 - Backup\AIXuninstaller.exe

AddRemove-DivX Content Uploader - c:\program files\DivX\DivXContentUploaderUninstall.exe

AddRemove-{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04} - c:\program files\InstallShield Installation Information\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}\setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-12 23:25

Windows 6.0.6001 Service Pack 1 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(5252)

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

.

Zeit der Fertigstellung: 2011-04-13  00:12:16

ComboFix-quarantined-files.txt  2011-04-12 22:12

.

Vor Suchlauf: 12 Verzeichnis(se), 199.935.758.336 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 199.877.750.784 Bytes frei

.

- - End Of File - - D22AE12B24EFD7EBD46009E221901A8F

Liebe Grüße, Change

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

GMER hat sich erst aufgehängt (Programm funktioniert nicht mehr) und mir dann nen bluescreen verpasst -.-

^^ also hier die Logs von OSAM und MBRCheck:

OSAM

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 12:02:02 on 13.04.2011
 

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit

Default Browser: Mozilla Corporation Firefox 3.6.16
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"iproset.cpl" - "Intel(R) Corporation" - C:\Windows\system32\iproset.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"PROSet Tools" - "Intel(R) Corporation" - C:\Windows\System32\iPROSet.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"acedrv10" (acedrv10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv10.sys

"acehlp10" (acehlp10) - "Protect Software GmbH" - C:\Windows\system32\drivers\acehlp10.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys

"Bytemobile Boot Time Load Driver" (BMLoad) - "Bytemobile, Inc." - C:\Windows\System32\drivers\BMLoad.sys

"Bytemobile Kernel Network Provider" (tcpipBM) - "Bytemobile, Inc." - C:\Windows\system32\drivers\tcpipBM.sys

"catchme" (catchme) - ? - C:\Users\UserXY\AppData\Local\Temp\catchme.sys  (File not found)

"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys

"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)

"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)

"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)

"MIDITECH01 MIDI driver service" (MIDITECH_01) - "Ploytec GmbH" - C:\Windows\System32\drivers\mt01drv.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----

{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)

{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)

{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll

{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)

{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll

{30351346-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351347-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351348-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351349-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134A-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134B-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134C-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134D-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134E-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{3035134F-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{30351350-7B7D-4FCC-81B4-1E394CA267EB} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll

{C5994560-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994561-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994562-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994563-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994564-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994565-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994566-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994567-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{C5994568-53D9-4125-87C9-F193FC689CB2} "TortoiseSVN" - "hxxp://tortoisesvn.net" - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
 

[Internet Explorer]

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10l.ocx / hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\UserXY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe

"tsnp2uvc" - ? - C:\Windows\tsnp2uvc.exe
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

"Intel® PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

"Intel® PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe

"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)

"Vodafone Mobile Connect Service" (VMCService) - "Vodafone" - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRCheck

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows Vista Home Premium Edition

Windows Information:                Service Pack 1 (build 6001), 32-bit

Base Board Manufacturer:        MEDION

BIOS Manufacturer:                Phoenix Technologies LTD

System Manufacturer:                MEDION

System Product Name:                P6612

Logical Drives Mask:                0x0000001c
 

Kernel Drivers (total 150):

  0x82050000 \SystemRoot\system32\ntkrnlpa.exe

  0x8201D000 \SystemRoot\system32\hal.dll

  0x8040C000 \SystemRoot\system32\kdcom.dll

  0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x80474000 \SystemRoot\system32\PSHED.dll

  0x80485000 \SystemRoot\system32\BOOTVID.dll

  0x8048D000 \SystemRoot\system32\CLFS.SYS

  0x804CE000 \SystemRoot\system32\CI.dll

  0x8060F000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x8068B000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x80698000 \SystemRoot\system32\drivers\acpi.sys

  0x806DE000 \SystemRoot\system32\drivers\WMILIB.SYS

  0x806E7000 \SystemRoot\system32\drivers\msisadrv.sys

  0x806EF000 \SystemRoot\system32\drivers\pci.sys

  0x80716000 \SystemRoot\System32\drivers\partmgr.sys

  0x80725000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x80728000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x80732000 \SystemRoot\system32\drivers\volmgr.sys

  0x80741000 \SystemRoot\System32\drivers\volmgrx.sys

  0x8078B000 \SystemRoot\System32\drivers\mountmgr.sys

  0x8079B000 \SystemRoot\system32\drivers\atapi.sys

  0x807A3000 \SystemRoot\system32\drivers\ataport.SYS

  0x807C1000 \SystemRoot\system32\drivers\msahci.sys

  0x807CB000 \SystemRoot\system32\drivers\PCIIDEX.SYS

  0x805AE000 \SystemRoot\system32\drivers\fltmgr.sys

  0x807D9000 \SystemRoot\system32\drivers\fileinfo.sys

  0x82604000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x82675000 \SystemRoot\system32\drivers\ndis.sys

  0x82780000 \SystemRoot\system32\drivers\msrpc.sys

  0x827AB000 \SystemRoot\system32\drivers\NETIO.SYS

  0x8A001000 \SystemRoot\System32\drivers\tcpip.sys

  0x8A0EA000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x8A20E000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x8A31D000 \SystemRoot\system32\drivers\volsnap.sys

  0x8A356000 \SystemRoot\System32\Drivers\spldr.sys

  0x8A35E000 \SystemRoot\System32\Drivers\mup.sys

  0x8A36D000 \SystemRoot\System32\drivers\ecache.sys

  0x8A394000 \SystemRoot\system32\drivers\disk.sys

  0x8A3A5000 \SystemRoot\system32\drivers\CLASSPNP.SYS

  0x8A3C6000 \SystemRoot\system32\drivers\crcdisk.sys

  0x8A3CF000 \SystemRoot\system32\drivers\BMLoad.sys

  0x8A200000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x8A3F7000 \SystemRoot\system32\DRIVERS\tunmp.sys

  0x8A105000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x8E00E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

  0x8E9AB000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

  0x8A10E000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x8E9AD000 \SystemRoot\System32\drivers\watchdog.sys

  0x8E9BA000 \SystemRoot\system32\DRIVERS\usbuhci.sys

  0x8A1AD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x8E9C5000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x8E9D4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x8EA04000 \SystemRoot\system32\DRIVERS\NETw5v32.sys

  0x8ED9A000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x8ED9E000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x8EDB1000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x8EDBC000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x8EE02000 \??\C:\Windows\system32\drivers\acehlp10.sys

  0x8EE3E000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x8EE56000 \SystemRoot\system32\DRIVERS\intelppm.sys

  0x8EE65000 \SystemRoot\system32\DRIVERS\msiscsi.sys

  0x8EE93000 \SystemRoot\system32\DRIVERS\storport.sys

  0x8EED4000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x8EEDF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x8EEF6000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x8EF01000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x8EF24000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x8EF33000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x8EF47000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x8EF5C000 \SystemRoot\system32\DRIVERS\hamachi.sys

  0x8EF61000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x8EF71000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x8EF73000 \SystemRoot\system32\DRIVERS\ks.sys

  0x8EF9D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x8EFA7000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x8EFB4000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x8F007000 \SystemRoot\system32\drivers\RTKVHDA.sys

  0x8F290000 \SystemRoot\system32\drivers\portcls.sys

  0x8F2BD000 \SystemRoot\system32\drivers\drmk.sys

  0x8F2E2000 \SystemRoot\system32\drivers\nvhda32v.sys

  0x8F303000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x8F314000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0x8F31D000 \SystemRoot\System32\Drivers\Null.SYS

  0x8F324000 \SystemRoot\System32\Drivers\Beep.SYS

  0x8F32B000 \SystemRoot\System32\drivers\vga.sys

  0x8F337000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x8F358000 \SystemRoot\System32\Drivers\BTHUSB.sys

  0x8F364000 \SystemRoot\System32\Drivers\bthport.sys

  0x8F39E000 \SystemRoot\System32\Drivers\USBD.SYS

  0x8F3A0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0x8F3B2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x8F3BA000 \SystemRoot\system32\DRIVERS\hidusb.sys

  0x8F3C3000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x8F3D3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x8F3DA000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x8F3E2000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x8F3ED000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x8EFE8000 \SystemRoot\System32\DRIVERS\rasacd.sys

  0x8EDC7000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x8F3FB000 \SystemRoot\System32\Drivers\tcpipBM.SYS

  0x8EDDD000 \SystemRoot\system32\DRIVERS\smb.sys

  0x8F60C000 \SystemRoot\system32\drivers\afd.sys

  0x8F654000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x8F686000 \SystemRoot\system32\drivers\ws2ifsl.sys

  0x8F68F000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x8F6A5000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x8F6B3000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x8F6C6000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0x8F6CC000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x8F708000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x8F710000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x8F71A000 \SystemRoot\System32\Drivers\dfsc.sys

  0x8F731000 \SystemRoot\system32\DRIVERS\avipbb.sys

  0x8F757000 \SystemRoot\system32\DRIVERS\rfcomm.sys

  0x8F768000 \SystemRoot\system32\DRIVERS\BthEnum.sys

  0x8F772000 \SystemRoot\system32\DRIVERS\bthpan.sys

  0x8F78C000 \SystemRoot\System32\Drivers\x10ufx2.sys

  0x8F796000 \SystemRoot\system32\DRIVERS\cdfs.sys

  0x8F7AC000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x8F7B9000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x8F7C4000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x96270000 \SystemRoot\System32\win32k.sys

  0x8F7CE000 \SystemRoot\System32\drivers\Dxapi.sys

  0x8F7D8000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x96490000 \SystemRoot\System32\TSDDD.dll

  0x964B0000 \SystemRoot\System32\cdd.dll

  0x8A3D5000 \SystemRoot\system32\drivers\luafv.sys

  0x8F7E7000 \SystemRoot\system32\DRIVERS\avgntflt.sys

  0x9C007000 \SystemRoot\system32\drivers\spsys.sys

  0x9C0B6000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x9C0C6000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x9C0F0000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x9C0FA000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x9C10D000 \SystemRoot\system32\drivers\HTTP.sys

  0x9C17A000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x9C197000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x9C1B0000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x9C1C5000 \SystemRoot\system32\drivers\mrxdav.sys

  0x805E0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x9E001000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x9E03A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x9E052000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x9E07A000 \SystemRoot\System32\DRIVERS\srv.sys

  0x9E0E0000 \??\C:\Windows\system32\drivers\acedrv10.sys

  0x9F20F000 \SystemRoot\system32\drivers\peauth.sys

  0x9F2ED000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x9F2F7000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x9F303000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

  0x9F318000 \SystemRoot\system32\DRIVERS\WUDFPf.sys

  0x77790000 \Windows\System32\ntdll.dll
 

Processes (total 64):

       0 System Idle Process

       4 System

     432 C:\Windows\System32\smss.exe

     560 csrss.exe

     612 C:\Windows\System32\wininit.exe

     620 csrss.exe

     656 C:\Windows\System32\services.exe

     688 C:\Windows\System32\lsass.exe

     696 C:\Windows\System32\lsm.exe

     844 C:\Windows\System32\svchost.exe

     912 C:\Windows\System32\nvvsvc.exe

     940 C:\Windows\System32\svchost.exe

     980 C:\Windows\System32\svchost.exe

    1028 C:\Windows\System32\svchost.exe

    1064 C:\Windows\System32\svchost.exe

    1076 C:\Windows\System32\svchost.exe

    1136 C:\Windows\System32\winlogon.exe

    1224 C:\Windows\System32\audiodg.exe

    1252 C:\Windows\System32\SLsvc.exe

    1324 C:\Windows\System32\svchost.exe

    1424 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

    1436 C:\Windows\System32\nvvsvc.exe

    1692 C:\Windows\System32\svchost.exe

    1860 C:\Windows\System32\wlanext.exe

    2004 C:\Windows\System32\spoolsv.exe

    2044 C:\Program Files\Avira\AntiVir Desktop\sched.exe

     244 C:\Windows\System32\svchost.exe

      12 C:\Windows\System32\dwm.exe

    1244 C:\Windows\explorer.exe

    1724 C:\Windows\System32\taskeng.exe

    1480 C:\Windows\System32\taskeng.exe

    1600 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    1172 C:\Windows\System32\svchost.exe

    1688 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

    2136 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

    2264 C:\Windows\System32\PnkBstrA.exe

    2300 C:\Windows\System32\svchost.exe

    2332 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

    2372 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    2396 C:\Windows\System32\svchost.exe

    2440 C:\Windows\System32\svchost.exe

    2468 C:\Windows\System32\SearchIndexer.exe

    2512 WUDFHost.exe

    2612 C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    3068 WmiPrvSE.exe

    3992 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    4032 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

    4076 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

     568 C:\Windows\tsnp2uvc.exe

    2324 C:\Program Files\FreePDF_XP\fpassist.exe

     288 C:\Program Files\Skype\Phone\Skype.exe

    2688 C:\Windows\System32\mobsync.exe

    2220 C:\Program Files\Mozilla Firefox\firefox.exe

    4008 C:\Program Files\Windows Media Player\wmplayer.exe

    3052 C:\Program Files\Skype\Plugin Manager\skypePM.exe

    4336 C:\Windows\System32\wuauclt.exe

    4444 C:\Program Files\Mozilla Firefox\plugin-container.exe

    4400 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

     264 taskeng.exe

    5408 C:\Windows\System32\SearchProtocolHost.exe

     536 C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe

    4648 C:\Windows\System32\notepad.exe

    3792 C:\Users\UserXY\Desktop\OSAM7\MBRCheck.exe

    1320 C:\Windows\System32\conime.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11
 

      Size  Device Name          MBR Status

  --------------------------------------------

    298 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

LG Change

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Also SuperAntiSpyware hat nichts gefunden...

aber Malewarebates...aufeinmal...

Malewarebates-Log

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 6352
 

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000
 

13.04.2011 20:36:22

mbam-log-2011-04-13 (20-36-11).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 293375

Laufzeit: 1 Stunde(n), 15 Minute(n), 55 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 1

Infizierte Registrierungswerte: 1

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 4
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{48B51112-BA23-42F9-AB81-7CC9F7A6E99A} (Trojan.Agent) -> No action taken.
 

Infizierte Registrierungswerte:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\TSWEBEDITOR\UNINSTALL.EXE (Trojan.Agent) -> Value: UNINSTALL.EXE -> No action taken.
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\program files\k-lite codec pack\Tools\mediainfo.exe (Trojan.Agent) -> No action taken.

c:\program files\teamspeak2_rc2\client_sdk\tscontrol.exe (Trojan.Agent) -> No action taken.

c:\program files\tswebeditor\uninstall.exe (Trojan.Agent) -> No action taken.

c:\Users\UserXY\downloads\ts2_client_rc2_2032.exe (Trojan.Agent) -> No action taken.

Teamspeak soll mit einem Trojaner belegt sein?
Wie soll ich weiter vorgehen?

Vielen Dank, Change

Aus welcher Quelle hast du diese Setups?

tswebeditor weiß ich nicht mher... das Programm nutze ich aber auch schon ewig nicht mehr

TS2 habe ich von der offiziellen TeamSpeak-Site

und das K-Lite Treiber packed habe ich durch nen Link in nem Forum...

Ist die Herkunft denn nun wichtig? Wie reinige ich die Dateien nun?

Danke :-) Change

Zitat:

Ist die Herkunft denn nun wichtig?

Liegt doch auf der Hand!
Vergleiche mal ein setup zu einem Programm von der offiziellen Seite oder aus einer Tauschbörse. Was fällt dir auf? :pfeiff: