Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus, den ich nicht finde.

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.11.2009, 17:48   #1
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Ja.. ich hab heut, seitdem ich den PC anhab, i-wie schon fast im 20Mins.-Tackt einen Virus. Ich hab einfach mal ein Bildchen davon gemacht:



Wie bekomm ich den weg? Ich klick mich dann immer durch den Defender, aber das Ding erscheint immer wieder.

Danke im voraus

Alt 19.11.2009, 17:56   #2
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



aso.. Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:03, on 19.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\PingChanGeR\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SHOUTcast Toolbar Search Class - {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SHOUTcast Loader - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: SHOUTcast Radio Toolbar - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [recinfo793] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Cm106Sound] RunDll32 cm106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S65EF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\PingChanGeR\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} (SeeTooControl Class) - http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c1fd32f2323559bc3&browserVersion=7.0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ProtexisLicensing - Unknown owner - c:\Windows\system32\PSIService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe

--
End of file - 7076 bytes
__________________


Alt 19.11.2009, 18:32   #3
Angel21
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Hallo, na alles klar?

Ich nehme mich dir an, da wir ja schonmal die Gesellschaft miteinander hatten

So.....letz fetz the trojan


1. Starte Malwarebytes, inem du das Setup mit Rechtsklick -> Ziel speichern untr....-> Setup zu blubb.com umbenennst spoeicherst. Danach öffne das Setup, installiere dir Malwarebytes und lass es einen Vollständigen Systemscan durchziehen.

2. Starte die GMER Rootkit Suche. Folge dem blau unterlegten Link und starte GMER so, wie es in der Anleitung hierzu steht.

3. Starte einen Vollständigen Systemscan mit Avira in diesen folgenden Einstellungen: http://www.trojaner-board.de/54192-a...tellungen.html und lass es durchscannen.

Nundenn:
1. Malwarebytes Log
2. Gmer Log
3. Avira Log

Alles gefunde entfernen.....
__________________
__________________

Alt 19.11.2009, 18:39   #4
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



ah hey Angel Dann mach ich das mal eben

Alt 19.11.2009, 20:25   #5
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



So.. bei mir is alles klar^^ Wie geht es denn dir?
Hier deine Logs:

Malware:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6002 Service Pack 2

19.11.2009 20:38:56
mbam-log-2009-11-19 (20-38-56).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 244182
Laufzeit: 54 minute(s), 47 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden

GMER:
GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-19 21:18:57
Windows 6.0.6002 Service Pack 2
Running: d9rj7u4b.exe; Driver: C:\Users\PINGCH~1\AppData\Local\Temp\fxlyiaob.sys


---- System - GMER 1.0.15 ----

SSDT 97A4147C ZwCreateThread
SSDT 97A41468 ZwOpenProcess
SSDT 97A4146D ZwOpenThread
SSDT 97A41477 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81CAC964 4 Bytes [7C, 14, A4, 97] {JL 0x16; MOVSB ; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81CACB34 4 Bytes [68, 14, A4, 97]
.text ntkrnlpa.exe!KeSetEvent + 40D 81CACB50 4 Bytes [6D, 14, A4, 97] {INSD ; ADC AL, 0xa4; XCHG EDI, EAX}
.text ntkrnlpa.exe!KeSetEvent + 621 81CACD64 4 Bytes [77, 14, A4, 97] {JA 0x16; MOVSB ; XCHG EDI, EAX}

---- Devices - GMER 1.0.15 ----

Device \Driver\ViPrt \Device\Ide\ViaIdePort0 [805BC80C] \SystemRoot\system32\DRIVERS\ViPrt.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}
Device \Driver\ViPrt \Device\Ide\ViaIdePort1 [805BC80C] \SystemRoot\system32\DRIVERS\ViPrt.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]}

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\ViPrt.sys suspicious modification

---- EOF - GMER 1.0.15 ----

AntiVir:
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 309507
Anzahl Verzeichnisse: 20774
Anzahl Malware: 0
Anzahl Fehler: 2


Alt 20.11.2009, 13:22   #6
Angel21
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista-User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\ViPrt.sys /s /md5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Code-Tags in Deinen Thread
__________________
--> Virus, den ich nicht finde.

Alt 20.11.2009, 15:45   #7
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



OTL.Txt:
Code:
ATTFilter
OTL logfile created on: 20.11.2009 16:28:55 - Run 1
OTL by OldTimer - Version 3.1.6.0     Folder = C:\Users\PingChanGeR\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,07% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 103,94 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 106,36 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PINGCHANGER-PC
Current User Name: PingChanGeR
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2009.11.20 16:27:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\PingChanGeR\Downloads\OTL.exe
PRC - [2009.11.06 21:38:32 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\PingChanGeR\Program Files\DNA\btdna.exe
PRC - [2009.11.06 05:33:05 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.10.30 14:33:46 | 00,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009.10.30 14:31:24 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009.08.24 15:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.10 22:27:40 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009.04.10 22:27:38 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 12:08:43 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008.01.18 22:38:40 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.18 22:33:42 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008.01.18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 22:33:40 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.18 22:33:16 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007.09.07 14:54:54 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2007.07.17 10:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007.07.17 10:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2007.05.07 14:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2007.03.01 05:01:00 | 00,180,736 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
PRC - [2006.12.08 09:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.03 10:01:16 | 00,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
PRC - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2009.11.20 16:27:47 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Users\PingChanGeR\Downloads\OTL.exe
MOD - [2009.04.10 22:21:40 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2009.11.04 16:59:18 | 00,435,016 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.11.02 22:12:28 | 00,320,760 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.10.30 14:31:24 | 01,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.10.30 14:27:34 | 00,030,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.09.25 02:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.24 15:51:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.07.21 13:34:28 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:18 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.03.29 20:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.18 10:39:22 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2009.02.18 10:38:44 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2009.02.18 10:38:44 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.08.01 05:45:28 | 00,700,416 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008.01.18 22:38:26 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.18 22:33:40 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.18 22:33:10 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr)
SRV - [2007.02.26 18:16:22 | 00,267,824 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.12.14 16:00:00 | 00,544,768 | ---- | M] (Magix AG) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2006.12.08 09:52:04 | 00,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.11.02 19:40:12 | 00,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.11.02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched)
SRV - [2006.11.02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2005.11.17 14:18:52 | 01,527,900 | ---- | M] (MAGIX®) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {14f0d511-36a2-41ca-ae01-ba4f87282c97} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: seetooaddon@seetoo.com:1.2
FF - prefs.js..extensions.enabledItems: {12e4c684-c03e-4e4d-85bc-0c065e7a9489}:5.23.2.10
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.17 12:51:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.11.06 05:33:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.11.06 05:33:07 | 00,000,000 | ---D | M]
 
[2009.09.15 18:38:16 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Extensions
[2009.09.15 18:38:16 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.11.19 17:28:45 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions
[2009.09.21 14:39:11 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.17 16:54:51 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2009.11.04 18:09:15 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.25 15:42:49 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\anycolor.pavlos256@gmail.com
[2009.09.17 15:05:21 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\mozilla\Firefox\Profiles\gsd41ghb.default\extensions\seetooaddon@seetoo.com
[2009.09.21 14:39:17 | 00,001,201 | ---- | M] () -- C:\Users\PingChanGeR\AppData\Roaming\Mozilla\FireFox\Profiles\gsd41ghb.default\searchplugins\winamp-search.xml
[2009.11.09 18:12:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.04 18:08:59 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.11.06 05:33:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.09.15 19:16:46 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009.09.30 13:10:49 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.09 18:12:04 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.11.06 05:33:05 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.11.06 05:33:05 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.13 22:55:22 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2007.04.10 16:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.10.11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.05.13 22:54:50 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009.05.27 03:18:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009.11.06 05:33:05 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 11:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2009.05.13 22:55:22 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009.08.24 20:25:19 | 00,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.08.24 20:25:19 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.08.24 20:25:19 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 20:25:19 | 00,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.08.24 20:25:19 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.08.24 20:25:19 | 00,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SHOUTcast Loader) - {ccec60fc-2608-4e58-9659-3ffc159e8ea9} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (SHOUTcast Radio Toolbar) - {0457331d-8ca6-4f97-9c26-6a9ef2b2dba8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (SHOUTcast Radio Toolbar) - {0457331D-8CA6-4F97-9C26-6A9EF2B2DBA8} - C:\Program Files\SHOUTcast Radio Toolbar\shoutcasttb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cm106Sound]  File not found
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [recinfo793] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\PingChanGeR\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &SHOUTcast Search - C:\ProgramData\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {3188FB46-456D-4C07-8A11-F5F3BBBA8AF2} http://www.seetoo.com/downloadAddon.php?platform=Win32&browser=ie&ref=justintv&c=c1fd32f2323559bc3&browserVersion=7.0 (SeeTooControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.09.16 13:25:43 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
OTL cannot create restorepoints on Vista OSs!
         

Alt 20.11.2009, 15:46   #8
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Teil 2 OTL.Txt:

Code:
ATTFilter
========== Files/Folders - Created Within 14 Days ==========
 
[2009.11.19 19:42:04 | 00,000,000 | ---D | C] -- C:\Users\PingChanGeR\AppData\Roaming\Malwarebytes
[2009.11.19 19:41:59 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.11.19 19:41:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.11.19 19:41:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.19 19:41:57 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.11.19 19:41:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.11.19 18:54:54 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.11.18 00:22:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2009.11.06 22:22:33 | 00,000,000 | ---D | C] -- C:\Users\PingChanGeR\AppData\Local\WarRockDF
[2009.11.06 21:38:32 | 00,000,000 | ---D | C] -- C:\Users\PingChanGeR\Program Files
[2009.11.06 21:12:06 | 00,000,000 | ---D | C] -- C:\Users\PingChanGeR\AppData\Local\DNA
[2009.11.06 21:12:03 | 00,000,000 | ---D | C] -- C:\Users\PingChanGeR\AppData\Roaming\DNA
[2009.11.06 21:12:03 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009.11.06 21:12:01 | 00,000,000 | ---D | C] -- C:\Program Files\GamersFirst
 
========== Files - Modified Within 14 Days ==========
 
[2009.11.20 16:28:29 | 02,359,296 | -HS- | M] () -- C:\Users\PingChanGeR\NTUSER.DAT
[2009.11.20 15:19:12 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.11.20 15:19:12 | 00,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.11.20 13:25:58 | 01,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.11.20 13:25:58 | 00,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2009.11.20 13:25:58 | 00,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.11.20 13:25:58 | 00,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2009.11.20 13:25:58 | 00,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.11.20 13:19:13 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.11.20 13:19:05 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.11.20 13:19:02 | 21,438,21824 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.19 23:02:03 | 00,524,288 | -HS- | M] () -- C:\Users\PingChanGeR\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.11.19 23:02:03 | 00,065,536 | -HS- | M] () -- C:\Users\PingChanGeR\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.11.19 23:01:55 | 02,629,969 | -H-- | M] () -- C:\Users\PingChanGeR\AppData\Local\IconCache.db
[2009.11.19 21:19:51 | 00,001,760 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\Gmer.rtf
[2009.11.19 20:39:15 | 00,001,550 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\AntiVir Log.rtf
[2009.11.19 19:42:01 | 00,000,784 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.19 19:40:37 | 00,044,477 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\51187-anleitung-malwarebytes-anti-malware.html
[2009.11.19 18:54:54 | 00,001,840 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\HijackThis.lnk
[2009.11.19 17:56:42 | 00,069,117 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\Vire.jpg
[2009.11.19 13:33:56 | 00,046,762 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\Unbenannt.jpg
[2009.11.18 00:22:34 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.16 21:49:49 | 00,008,704 | ---- | M] () -- C:\Users\PingChanGeR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.12 17:50:34 | 00,265,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.11.10 22:50:56 | 03,250,500 | ---- | M] () -- C:\Users\PingChanGeR\Desktop\Subway_to_Sally_-_Sieben.mp3
[2009.11.06 21:42:31 | 00,000,735 | ---- | M] () -- C:\Users\Public\Desktop\War Rock.lnk
 
========== Files Created - No Company Name ==========
 
[2009.11.19 21:19:51 | 00,001,760 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\Gmer.rtf
[2009.11.19 19:48:51 | 00,001,550 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\AntiVir Log.rtf
[2009.11.19 19:42:01 | 00,000,784 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.11.19 19:40:36 | 00,044,477 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\51187-anleitung-malwarebytes-anti-malware.html
[2009.11.19 18:54:54 | 00,001,840 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\HijackThis.lnk
[2009.11.19 17:56:42 | 00,069,117 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\Vire.jpg
[2009.11.19 13:33:56 | 00,046,762 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\Unbenannt.jpg
[2009.11.18 00:22:34 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.11.10 22:50:49 | 03,250,500 | ---- | C] () -- C:\Users\PingChanGeR\Desktop\Subway_to_Sally_-_Sieben.mp3
[2009.11.06 21:42:31 | 00,000,735 | ---- | C] () -- C:\Users\Public\Desktop\War Rock.lnk
[2009.10.15 01:01:24 | 00,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.09.17 16:57:54 | 00,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2009.09.17 15:57:06 | 00,008,704 | ---- | C] () -- C:\Users\PingChanGeR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.16 13:36:47 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.15 18:47:23 | 00,139,264 | R--- | C] () -- C:\Windows\Vmix106.dll
[2009.09.15 18:46:38 | 00,241,664 | R--- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2009.09.15 18:46:38 | 00,004,601 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
[2009.09.15 18:46:38 | 00,000,648 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009.09.15 18:46:38 | 00,000,340 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2009.09.15 18:46:36 | 00,002,758 | R--- | C] () -- C:\Windows\cm106.ini
[2009.09.15 18:28:06 | 02,629,969 | -H-- | C] () -- C:\Users\PingChanGeR\AppData\Local\IconCache.db
[2009.09.15 18:22:54 | 00,066,904 | ---- | C] () -- C:\Users\PingChanGeR\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.09.15 18:22:35 | 00,000,680 | ---- | C] () -- C:\Users\PingChanGeR\AppData\Local\d3d9caps.dat
[2008.08.01 05:47:26 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.10.16 21:47:46 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.10.16 21:47:46 | 00,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.10.16 21:38:28 | 00,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2006.11.02 13:50:50 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006.11.02 13:37:35 | 00,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006.11.02 13:37:35 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 13:37:35 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 11:23:31 | 00,000,187 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:27:46 | 00,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006.08.11 08:52:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2009.09.16 18:01:17 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\ATI
[2009.11.20 16:29:42 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\DNA
[2009.10.02 16:42:25 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\gtk-2.0
[2009.09.23 16:42:46 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\ICQ
[2009.09.19 14:01:29 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\MAGIX
[2009.09.30 15:27:29 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\OpenOffice.org
[2009.09.22 21:19:35 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\TeamViewer
[2009.11.04 16:58:47 | 00,000,000 | ---D | M] -- C:\Users\PingChanGeR\AppData\Roaming\TuneUp Software
[2009.11.20 13:19:13 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.11.19 23:02:11 | 00,032,570 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
 
< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2009.04.10 22:28:26 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2006.11.02 10:46:12 | 00,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2008.01.18 22:36:20 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 22:28:26 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2009.04.10 22:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2006.11.02 10:46:11 | 00,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.18 22:35:38 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2009.04.10 22:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
 
< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< %SYSTEMDRIVE%\sceclt.dll /s /md5 >
 
< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >
 
< %SYSTEMDRIVE%\logevent.dll /s /md5 >
 
< %SYSTEMDRIVE%\iaStor.sys /s /md5 >
[2007.07.12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys
[2007.07.12 15:35:02 | 00,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys
 
< %SYSTEMDRIVE%\nvstor.sys /s /md5 >
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2006.11.02 10:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 22:42:10 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2009.04.10 22:32:28 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.09.15 19:42:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2009.09.15 19:42:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2007.10.16 20:56:31 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=DB44893AF257EBB912511B2042B2AD38 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7e854ec8\atapi.sys
[2009.04.10 22:32:28 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2006.11.02 10:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.01.18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2009.09.15 19:42:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2007.10.16 20:56:31 | 00,021,688 | ---- | M] (Microsoft Corporation) MD5=DB44893AF257EBB912511B2042B2AD38 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20619_none_dbd9b7073d80e04e\atapi.sys
[2009.09.15 19:42:43 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2008.01.18 22:41:32 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.04.10 22:32:28 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
 
< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >
 
< %SYSTEMDRIVE%\viasraid.sys /s /md5 >
 
< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2006.11.02 10:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2007.10.16 20:44:58 | 00,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys
[2008.01.18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2007.10.16 20:44:58 | 00,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys
[2008.01.18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 22:42:26 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
 
< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >
 
< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >
 
< %SYSTEMDRIVE%\ViPrt.sys /s /md5 >
[2007.03.26 14:26:00 | 00,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\DRIVER\SATA\VIA\ViPrt.sys
[2007.03.26 14:26:00 | 00,052,224 | ---- | M] (VIA Technologies, Inc.) MD5 -- C:\Windows\System32\drivers\ViPrt.sys
[2007.03.26 14:26:00 | 00,052,224 | ---- | M] (VIA Technologies, Inc.) MD5=A1B7CFFE5F09B825FBA506C4DE9FDAC7 -- C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys
< End of report >
         

Alt 20.11.2009, 15:47   #9
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Extras.Txt:

Code:
ATTFilter
OTL Extras logfile created on: 20.11.2009 16:28:55 - Run 1
OTL by OldTimer - Version 3.1.6.0     Folder = C:\Users\PingChanGeR\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 53,07% Memory free
4,00 Gb Paging File | 2,79 Gb Available in Paging File | 69,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,90 Gb Total Space | 103,94 Gb Free Space | 47,92% Space Free | Partition Type: NTFS
Drive D: | 106,45 Gb Total Space | 106,36 Gb Free Space | 99,91% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PINGCHANGER-PC
Current User Name: PingChanGeR
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DB45FE8C-CAEB-4693-AB44-CF3F644EC757}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E3133B33-D366-446B-A20E-F7D75AD50D41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01FB43A7-C266-4179-B9B6-2E4C8F4EC5A5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0D6CACEC-3E4F-429A-97AD-C3D2AAB7B648}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{1989C1C6-C279-4945-A02A-430BA31B5E27}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{21107AF7-FBD1-45E2-861C-70705D250D26}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{28856146-B660-409E-95E1-5351ACD0291A}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{2D957084-7A52-4004-BE6C-0FD56025247C}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{370E667F-EC79-42F1-8824-13D4DD26E539}" = protocol=58 | dir=in | app=system | 
"{55E37627-C1B6-466A-ACD4-816E74A5BC62}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{578285B9-BB5B-4A53-A0DB-A9539171D9AE}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{5B05E30E-E409-47A7-957B-5816C207146A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"{5FF1E0C0-D9B4-4608-9B35-07D058233A1B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{935FC3B7-1A23-4360-A2C4-80986A3AD071}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{951982E3-000E-4991-8AD5-DA3628B1C250}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe | 
"{9B9DC92C-2E4A-4B26-8FD1-A05A91115578}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{C39B5BF3-F4C3-454C-9F57-1D50D6A7C753}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{C7FD25A0-0967-4E5F-9AFE-2DF52980D8ED}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{CFEAEEC9-EC44-40D2-8BBD-6C521A21EB7A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{D58BB72F-EF52-49CB-BAE3-98155BFB779D}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{D59460FF-C977-4E97-A43C-DA76F3B0D667}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{DA7EAB66-34A3-48E8-80AB-0EE2C00DA9A2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{FA7E3FAF-65AB-4FE7-A0BC-695663126363}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{FBDF0C94-1F23-46D3-B428-6DFCA83FDAFB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{FFCB80E1-3299-4E89-93D7-2045FFA4360B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"TCP Query User{474F029F-F08A-4C84-B809-914F090CC47D}C:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe | 
"TCP Query User{4F694A95-3202-45BE-ACD9-BCD7C42022CD}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{85BE16B1-CE0A-48E7-A34E-F1A57677EE90}C:\users\pingchanger\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pingchanger\program files\dna\btdna.exe | 
"TCP Query User{B8431452-24EA-4EDF-AF4B-8FAB988AAC6F}C:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe | 
"TCP Query User{BA506B42-4864-4D32-B233-CD9E91AB60FF}C:\users\pingchanger\saved games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\pingchanger\saved games\world of warcraft\launcher.exe | 
"TCP Query User{CD5249D0-7BDB-4A9B-9D24-B16BD028A291}C:\users\pingchanger\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\pingchanger\program files\dna\btdna.exe | 
"TCP Query User{D3487283-7CF8-493F-BD42-0EACE8B20F28}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{E22A4628-9FDE-4D7C-AE54-339E940B37B6}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{27872218-0656-40B9-A443-7386EBDC44C2}C:\users\pingchanger\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pingchanger\program files\dna\btdna.exe | 
"UDP Query User{2B8D8BCF-CB2F-4C6F-B5F6-373E41E9251B}C:\users\pingchanger\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\pingchanger\program files\dna\btdna.exe | 
"UDP Query User{468A4294-9B6D-4A3F-B9F5-9649421551CB}C:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe | 
"UDP Query User{5B0CE63E-1706-45E9-B7E4-7C1ED73A3658}C:\users\pingchanger\saved games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\pingchanger\saved games\world of warcraft\launcher.exe | 
"UDP Query User{BEB249BC-8098-418B-A7B7-1F66C995503F}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{BF112310-029E-417F-994C-2145BC804B24}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{C62335CF-78AD-42DD-9D31-A27747C9946F}C:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\valtanator\counter-strike source\hl2.exe | 
"UDP Query User{E23E26C5-1D51-4A44-B41C-71D566B7A6D2}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024CEFCD-E521-56D5-658F-ADF044846CF0}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0C11EA82-8E49-FB7D-4F79-7EDB6C826215}" = CCC Help English
"{1BF6531D-6A30-35DF-0C2D-DD4CFC2E4149}" = ccc-utility
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{288B75D7-08F0-8E9B-8C65-AEF18AF3E486}" = ATI Catalyst Install Manager
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{741FBF89-C33D-D6F7-814E-F60CBDDA915C}" = Catalyst Control Center Graphics Previews Vista
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7ECD470E-E0E3-B649-0C1D-91EB549689A3}" = Catalyst Control Center Graphics Previews Common
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{88976C62-2B62-FFA0-52CF-272094FD5A9C}" = Catalyst Control Center InstallProxy
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{8A713DCA-792C-F4B0-8EA6-2142C2F88C05}" = Catalyst Control Center Localization German
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4055555-C23C-8945-934F-5DD64E632429}" = CCC Help German
"{A434533D-989F-0440-1D1F-A784F64E15F3}" = HydraVision
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4C08007-598E-8CE0-4161-01078860235B}" = Skins
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8DF44AC-B758-967A-E48C-9B352D4B6545}" = Catalyst Control Center Graphics Full Existing
"{CB84FC3F-5A5D-7E1D-0116-5803F58844ED}" = Catalyst Control Center Graphics Light
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E397F6F0-AEE4-4236-BB05-1351350F8365}" = War Rock
"{E9C13FD7-6D55-F919-E0BD-A02A2E1404F2}" = Catalyst Control Center Graphics Full New
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6D4FD3F-5C79-331D-1807-5B1480A1D98D}" = Catalyst Control Center HydraVision Full
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FAE4CD9E-9EFD-A24B-296F-F6D4DF4C15D1}" = Catalyst Control Center Core Implementation
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C-Media CM106 Like Sound Driver" = C-Media CM106 Like Sound Device
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Hamachi" = Hamachi 1.0.3.0
"HijackThis" = HijackThis 2.0.2
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.79 (D)
"MAGIX Media Suite D" = MAGIX Media Suite 1.12.0.89 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.2.0.144 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX Ringtone Maker SE D" = MAGIX Ringtone Maker SE 3.1.0.4 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"NVIDIA Drivers" = NVIDIA Drivers
"SHOUTcast Radio Toolbar" = SHOUTcast Radio Toolbar
"SHOUTcastDSP" = SHOUTcast Source DSP 1.9.1 (remove only)
"Steam App 240" = Counter-Strike: Source
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TuneUp Utilities" = TuneUp Utilities
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.11.2009 17:27:06 | Computer Name = PingChanGeR-PC | Source = Application Hang | ID = 1002
Description = Programm WarRock.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 11b8  Anfangszeit: 01ca5fe9e20095de  Zeitpunkt der Beendigung:
 222
 
Error - 09.11.2009 18:32:42 | Computer Name = PingChanGeR-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 13.11.2009 08:51:04 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 13.11.2009 08:51:04 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 14.11.2009 11:51:25 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 14.11.2009 11:51:25 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 14.11.2009 13:21:17 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 14.11.2009 13:21:38 | Computer Name = PingChanGeR-PC | Source = WindowsLiveMessenger | ID = 15728647
Description = 
 
Error - 15.11.2009 07:06:33 | Computer Name = PingChanGeR-PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 15.11.2009 18:49:36 | Computer Name = PingChanGeR-PC | Source = EventSystem | ID = 4621
Description = 
 
[ System Events ]
Error - 06.10.2009 15:26:38 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.10.2009 um 21:25:05 unerwartet heruntergefahren.
 
Error - 07.10.2009 13:36:10 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.10.2009 um 19:35:06 unerwartet heruntergefahren.
 
Error - 07.10.2009 13:42:26 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.10.2009 um 19:41:02 unerwartet heruntergefahren.
 
Error - 07.10.2009 14:24:54 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.10.2009 um 20:22:18 unerwartet heruntergefahren.
 
Error - 08.10.2009 07:30:53 | Computer Name = PingChanGeR-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 08.10.2009 08:51:36 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.10.2009 um 14:42:48 unerwartet heruntergefahren.
 
Error - 08.10.2009 14:19:21 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 08.10.2009 um 20:17:28 unerwartet heruntergefahren.
 
Error - 09.10.2009 05:50:54 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.10.2009 um 11:49:25 unerwartet heruntergefahren.
 
Error - 09.10.2009 05:51:20 | Computer Name = PingChanGeR-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{EB785E70-0C19-4C66-8BCA-229237954D47} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 09.10.2009 13:52:12 | Computer Name = PingChanGeR-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 09.10.2009 um 19:50:45 unerwartet heruntergefahren.
 
 
< End of report >
         

Alt 20.11.2009, 16:12   #10
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Noch eine kleine Frage: Kann es sein, dass ich mit diesem Vorgang i-welche Treiber ausgestellt habe? Merke nämlich, dass die Sondertasten meiner Maus nicht mehr funktionieren. (:

Alt 20.11.2009, 18:20   #11
Angel21
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Hast Du eine Windows CD?

start --> ausführen (Vista User: suche starten) --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
@echo off
cd \
copy C:\Windows\System32\DriverStore\FileRepository\viprt.inf_86543378\ViPrt.sys C:\
         
Speichere diese unter service.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Bei Codierung bitte ANSI auswählen.
Doppelklick auf die service.bat
Vista- User: Mit Rechtsklick "als Administrator starten" ausführen.

......................................................................................................................

Anleitung Avenger (by swandog46)

Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
  • Doppelklick auf das Avenger-Symbol
  • Kopiere nun folgenden Text in das weiße Feld bei -> "input script here"
Code:
ATTFilter
Files to move:
C:\ViPrt.sys | C:\Windows\System32\drivers\ViPrt.sys
         
  • Schliesse nun alle Programme und Browser-Fenster
  • Um den Avenger zu starten klicke auf -> Execute
  • Dann bestätigen mit "Yes" das der Rechner neu startet
  • Nachdem das System neu gestartet ist, findest du einen Report vom Avenger unter -> C:\avenger.txt
  • Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Geändert von Angel21 (20.11.2009 um 18:55 Uhr)

Alt 20.11.2009, 18:28   #12
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Falls du diese RecoveryCDs meinst; Ja, die hab ich (:

Hier der Log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not move file "C:\ViPrt.sys"
File move operation "C:\ViPrt.sys|C:\Windows\System32\drivers\ViPrt.sys" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)


Completed script processing.

*******************

Finished! Terminate.

Alt 20.11.2009, 18:29   #13
Angel21
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Hast du auch die Batch Datei ausgeführt? Also bevor Du Avenger startest.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Alt 20.11.2009, 18:31   #14
crippcid
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Jap, hab ich. Ist es auch normal, dass die dann nur so 0,2sek. offen bleibt?

Alt 20.11.2009, 18:32   #15
Angel21
 
Virus, den ich nicht finde. - Standard

Virus, den ich nicht finde.



Ja. Batches sind nur kleine Datein.
__________________
Avira Upgrade 10 ist auf dem Markt!
Agressive Einstellung von Avira

What goes around comes around!

Antwort

Themen zu Virus, den ich nicht finde.
defender, einfach, erschein, erscheint, klick, seitdem, virus



Ähnliche Themen: Virus, den ich nicht finde.


  1. Finde Schädling nicht
    Log-Analyse und Auswertung - 07.11.2012 (1)
  2. Trojaner gefunden ( nur ich finde ihn nicht :(( )
    Log-Analyse und Auswertung - 11.07.2012 (1)
  3. Polizei Virus finde die datei nicht
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (35)
  4. Facebook-pic Virus - Finde die Datei nicht?
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (10)
  5. Virus vermutet, finde ihn aber nicht!
    Log-Analyse und Auswertung - 16.12.2010 (1)
  6. Virus über MSN, finde ihn nicht zum löschen
    Plagegeister aller Art und deren Bekämpfung - 31.03.2010 (1)
  7. Trojaner aber ich finde ihn nicht
    Plagegeister aller Art und deren Bekämpfung - 29.07.2009 (4)
  8. finde recycler Datei nicht/kann Ordner nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 09.06.2009 (1)
  9. Ich finde den Fehler nicht und weiß nicht weiter!!
    Log-Analyse und Auswertung - 24.01.2009 (40)
  10. Ich finde den Dailer nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2008 (6)
  11. finde das Problem nicht....
    Log-Analyse und Auswertung - 26.03.2007 (3)
  12. Trojaner eingefangen und finde ihn nicht
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (2)
  13. Finde ihn nicht
    Plagegeister aller Art und deren Bekämpfung - 13.01.2006 (1)
  14. Finde bullseye nicht
    Plagegeister aller Art und deren Bekämpfung - 04.02.2005 (3)
  15. finde den plagegeist nicht (microsoft-ds)
    Plagegeister aller Art und deren Bekämpfung - 09.12.2004 (1)
  16. finde die infizierten dateien nicht :(
    Plagegeister aller Art und deren Bekämpfung - 24.11.2004 (7)
  17. Finde Fehler nicht (mit Log)
    Log-Analyse und Auswertung - 21.11.2004 (9)

Zum Thema Virus, den ich nicht finde. - Ja.. ich hab heut, seitdem ich den PC anhab, i-wie schon fast im 20Mins.-Tackt einen Virus. Ich hab einfach mal ein Bildchen davon gemacht: Wie bekomm ich den weg? Ich - Virus, den ich nicht finde....
Archiv
Du betrachtest: Virus, den ich nicht finde. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.