Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Wlan Unterbrechungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.11.2010, 22:08   #1
Haba
 
Wlan Unterbrechungen - Ausrufezeichen

Wlan Unterbrechungen



Hallo liebe Community,

seit ca. 4 Tagen habe ich große Internet Probleme. Am Anfang dachte ich, dass es am Router/Provider liegt. Aber andere in meiner WG haben keine Probleme.
Es ist so, dass ich zwar connecten kann, aber es keinen Internetzugriff gibt. Dazwischen habe ich dann wieder für ca 5 Minuten Internet. Ich wollte erst auf einen Wiederherstellungspunkt resetten, aber das lies Windows nicht zu (angeblich sei ein Antivirenprogramm dafür verantwortlich und ich solle das deaktivieren- hat aber nichts genützt.)

Mein System:

Sony Vaio VGN-FW4 Laptop
Windows 7 Ultimate
Antivir
Windows Firewall


Ich hatte Antivir schon einen Systemscan machen lassen - nichts.



Ich habe Load runtergeladen und die Anweisungen befolgt.

Bei Gmer, gab es jedoch ein Problem. Kurz nachdem ich den Scan gestartet habe: "Gmer.exe funktioniert nicht mehr bla bla" (Appcrash) - und mein erster Bluescreen, der war zu schnell weg, als dass ich da was lesen konnte.

Auch bei meinem zweiten Versuch ein crash, aber kein Bluescreen.
Die anderen Tools hab ich drüber laufen lassen.
Den Beitrag musste ich jetzt sogar von einem anderen PC aus posten,weil einfach gar nichts mehr funktionierte.

Vielen Dank im Voraus.


Hier die Logs:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5016

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.11.2010 20:39:51
mbam-log-2010-11-01 (20-39-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136791
Laufzeit: 6 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:41 on 01/11/2010 (****)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.11.2010 21:04:22 - Run 1
         
Code:
ATTFilter
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Public\Desktop\MFtools
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 74,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 198,44 Gb Total Space | 15,26 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
Drive D: | 86,74 Gb Total Space | 7,41 Gb Free Space | 8,55% Space Free | Partition Type: NTFS
 
Computer Name: ****-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[COLOR=navy]========== Processes (SafeList) ==========
 
PRC - [2010.11.01 20:25:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.06 09:05:23 | 002,969,496 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.08 14:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Wacom_Tablet.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.22 12:09:00 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.10.22 12:09:00 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:46 | 000,334,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2009.07.14 02:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2007.11.21 12:17:02 | 000,017,408 | ---- | M] () -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.11.01 20:25:21 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.09.08 05:28:01 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.14 02:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.10.07 09:47:04 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.08 14:47:06 | 005,010,288 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.10.22 12:09:00 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.20 11:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2007.11.21 12:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.06.18 17:09:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.06 12:58:46 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2010.05.06 12:58:42 | 000,135,168 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010.05.06 12:58:38 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.10.22 13:55:16 | 004,231,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.10.22 12:09:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.09.21 14:29:22 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:13:46 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009.07.13 23:13:45 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009.07.13 23:13:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009.07.13 23:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.08.03 04:36:10 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007.02.16 09:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 50 B5 B9 09 0B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {4217f6d7-406e-4b66-856d-d1a373e4f41a}:2.6.42
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.01 18:39:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.01 18:39:07 | 000,000,000 | ---D | M]
 
[2010.06.14 22:54:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.10.31 22:26:19 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions
[2010.06.28 16:27:42 | 000,000,000 | ---D | M] (StOgame) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{4217f6d7-406e-4b66-856d-d1a373e4f41a}
[2010.07.01 15:24:39 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.08.27 23:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.01 15:45:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\pm1g36qs.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.08.15 16:36:50 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.08.15 16:36:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Hercules DJ Series] C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] c:\spiele\steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f0f4aa78-7af3-11df-be1f-002433724ed8}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f4aa78-7af3-11df-be1f-002433724ed8}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 0
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.01 20:32:50 | 000,000,000 | ---D | C] -- C:\01.11.2010
[2010.11.01 20:31:38 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.11.01 20:26:31 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes
[2010.11.01 20:26:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.01 20:26:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.01 20:26:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.01 20:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.01 20:24:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.10.31 13:11:36 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\INT LAW
[2010.10.30 10:37:56 | 000,000,000 | ---D | C] -- C:\Programme\Steinberg
[2010.10.24 20:17:20 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Logitech
[2010.10.24 20:17:11 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.10.24 20:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.10.24 20:14:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logishrd
[2010.10.24 20:14:43 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.10.24 20:14:29 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.10.24 15:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010.10.24 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010.10.24 15:23:16 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Sports Interactive
[2010.10.24 15:23:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Sports Interactive
[2010.10.21 17:38:58 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\OneNote-Notizbücher
[2010.10.21 03:04:52 | 000,000,000 | ---D | C] -- C:\Programme\World of Warcraft
[2010.10.21 03:04:52 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.10.21 03:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.10.20 11:03:20 | 000,000,000 | ---D | C] -- C:\Games
[2010.10.20 10:58:40 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\FIFA 10
[2010.10.19 18:59:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ElevatedDiagnostics
[2010.10.17 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Sachen von ****
[2010.10.17 13:47:46 | 000,000,000 | ---D | C] -- C:\AMD
[2010.10.17 01:40:09 | 000,000,000 | ---D | C] -- C:\Programme\TeamSpeak 3 Client
[2010.10.17 01:11:15 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Ventrilo
[2010.10.17 01:10:39 | 000,000,000 | ---D | C] -- C:\Programme\Ventrilo
[2010.10.16 21:54:23 | 000,348,160 | ---- | C] (AMD) -- C:\Windows\System32\atieclxx.exe
[2010.10.16 21:54:23 | 000,176,128 | ---- | C] (AMD) -- C:\Windows\System32\atiesrxx.exe
[2010.10.16 21:54:23 | 000,159,744 | ---- | C] (AMD) -- C:\Windows\System32\atitmmxx.dll
[2010.10.16 21:54:23 | 000,011,776 | ---- | C] (AMD) -- C:\Windows\System32\atimuixx.dll
[2010.10.16 21:26:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010.10.16 21:26:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE
[2010.10.16 21:23:59 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Eidos
[2010.10.16 21:10:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010.10.08 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\Bioshock
[2010.10.08 19:41:24 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Bioshock
[2010.10.08 19:41:19 | 000,000,000 | RH-D | C] -- C:\Users\****\AppData\Roaming\SecuROM
[2010.10.08 19:17:02 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Bioshock
[2010.10.06 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\The Lord of the Rings Online
[2010.10.06 21:53:50 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\The Lord of the Rings Online
[2010.10.06 21:15:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Turbine
[2010.10.06 21:14:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Turbine
[2010.10.06 19:15:13 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ApplicationHistory
[2010.10.06 19:12:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010.10.06 18:42:26 | 000,000,000 | ---D | C] -- C:\Programme\Codemasters
[2010.10.06 09:05:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\PMB Files
[2010.10.06 09:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.10.06 09:05:19 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.01 21:03:07 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.01 21:03:07 | 000,014,608 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.01 20:51:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.01 20:50:39 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.01 20:41:43 | 000,000,176 | ---- | M] () -- C:\Users\****\defogger_reenable
[2010.11.01 20:31:38 | 000,000,894 | ---- | M] () -- C:\Users\****\Desktop\NTREGOPT.lnk
[2010.11.01 20:31:38 | 000,000,875 | ---- | M] () -- C:\Users\****\Desktop\ERUNT.lnk
[2010.11.01 20:26:19 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.01 20:24:14 | 000,050,477 | ---- | M] () -- C:\Users\****\Desktop\defogger.exe
[2010.11.01 20:24:13 | 000,286,404 | ---- | M] () -- C:\Users\****\Desktop\Gmer.zip
[2010.11.01 20:21:30 | 000,471,642 | ---- | M] () -- C:\Users\****\Desktop\Load.exe
[2010.10.31 23:19:25 | 000,694,806 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010.10.31 23:19:25 | 000,693,840 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010.10.31 23:19:25 | 000,691,458 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2010.10.31 23:19:25 | 000,690,234 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2010.10.31 23:19:25 | 000,675,896 | ---- | M] () -- C:\Windows\System32\perfh019.dat
[2010.10.31 23:19:25 | 000,654,334 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.31 23:19:25 | 000,615,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.31 23:19:25 | 000,139,278 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010.10.31 23:19:25 | 000,134,528 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2010.10.31 23:19:25 | 000,133,672 | ---- | M] () -- C:\Windows\System32\perfc019.dat
[2010.10.31 23:19:25 | 000,131,932 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010.10.31 23:19:25 | 000,131,158 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.31 23:19:25 | 000,129,054 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2010.10.31 23:19:25 | 000,107,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.31 16:47:25 | 000,030,766 | ---- | M] () -- C:\Users\****\Desktop\wow_eu_cd_key_tbc_61178283_JNHCRMLU.jpg
[2010.10.31 15:28:15 | 000,434,262 | ---- | M] () -- C:\Users\****\Desktop\Funky.wav.asd
[2010.10.31 15:24:59 | 066,546,616 | ---- | M] () -- C:\Users\****\Desktop\Funky.wav
[2010.10.26 13:29:32 | 000,308,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.25 11:31:34 | 000,700,327 | ---- | M] () -- C:\Users\****\Desktop\201009 Front Office Manual.pdf
[2010.10.24 20:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.10.24 20:16:15 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.10.24 20:16:11 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.10.22 19:38:23 | 000,025,136 | ---- | M] () -- C:\Users\****\Desktop\wow_eu_cd_key_36669695_YZMLSCPP.jpg
[2010.10.22 17:55:09 | 000,010,613 | ---- | M] () -- C:\Users\****\Desktop\Philosophischer Ansatz zur Spaßsucht.docx
[2010.10.21 20:37:37 | 000,941,701 | ---- | M] () -- C:\Users\****\Desktop\*****_1011_M1_MA_*******-****-*****.docx
[2010.10.21 18:10:05 | 000,939,923 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment finally !!!!!.docx
[2010.10.21 18:05:41 | 000,000,162 | -H-- | M] () -- C:\Users\****\Desktop\~$dule Assignment finally !!!!!.docx
[2010.10.21 17:37:38 | 000,951,914 | ---- | M] () -- C:\Users\****\Desktop\Module Assignmentfinal.docx
[2010.10.21 17:33:17 | 000,934,983 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment !!!!!.docx
[2010.10.20 20:29:56 | 000,595,628 | ---- | M] () -- C:\Users\****\Desktop\Everything.wav.asd
[2010.10.20 17:30:33 | 000,937,591 | ---- | M] () -- C:\Users\****\Desktop\Module Assignment.docx
[2010.10.20 16:59:55 | 003,994,624 | ---- | M] () -- C:\Users\****\Desktop\Module Ssinment.doc
[2010.10.20 16:56:20 | 000,024,586 | ---- | M] () -- C:\Users\****\Desktop\Borislav Modul Assl.docx
[2010.10.20 16:48:42 | 009,433,875 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt.psd
[2010.10.20 15:47:23 | 034,799,416 | ---- | M] () -- C:\Users\****\Desktop\Deckblatt copy.bmp
[2010.10.19 21:15:13 | 000,546,924 | ---- | M] () -- C:\Users\****\Desktop\Lody Module Ass.docx
[2010.10.19 16:00:08 | 000,294,912 | ---- | M] () -- C:\Users\****\Desktop\gmer.exe
[2010.10.17 17:57:34 | 000,054,784 | ---- | M] () -- C:\Users\****\Desktop\a lack of debt available in the market.doc
[2010.10.17 17:57:27 | 000,112,640 | ---- | M] () -- C:\Users\****\Desktop\New Benchmark Options.doc
[2010.10.17 16:39:17 | 000,571,844 | ---- | M] () -- C:\Users\****\Desktop\Girls eat cake.wav.asd
[2010.10.17 12:00:03 | 000,046,592 | ---- | M] () -- C:\Users\****\Desktop\Necessary steps for a new Housekeeping Plan.doc
[2010.10.17 01:10:43 | 000,000,262 | ---- | M] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.07 18:34:14 | 000,017,768 | ---- | M] () -- C:\Users\****\Desktop\Cleaning Plan.docx
[2010.10.07 18:20:01 | 000,010,423 | ---- | M] () -- C:\Users\****\Documents\Module Assignment Front Page.docx
[2010.10.07 16:53:42 | 002,159,104 | ---- | M] () -- C:\Users\****\Desktop\Types of hotels2 18.06.doc
[2010.10.06 19:15:13 | 000,000,094 | ---- | M] () -- C:\Users\****\AppData\Local\fusioncache.dat
 
========== Files Created - No Company Name ==========
 
[2010.11.01 20:46:29 | 000,294,912 | ---- | C] () -- C:\Users\****\Desktop\gmer.exe
[2010.11.01 20:41:34 | 000,000,176 | ---- | C] () -- C:\Users\****\defogger_reenable
[2010.11.01 20:31:38 | 000,000,894 | ---- | C] () -- C:\Users\****\Desktop\NTREGOPT.lnk
[2010.11.01 20:31:38 | 000,000,875 | ---- | C] () -- C:\Users\****\Desktop\ERUNT.lnk
[2010.11.01 20:26:19 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.01 20:24:14 | 000,050,477 | ---- | C] () -- C:\Users\****\Desktop\defogger.exe
[2010.11.01 20:24:08 | 000,286,404 | ---- | C] () -- C:\Users\****\Desktop\Gmer.zip
[2010.11.01 20:21:29 | 000,471,642 | ---- | C] () -- C:\Users\****\Desktop\Load.exe
[2010.11.01 18:51:12 | 000,001,339 | ---- | C] () -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010.10.31 16:47:24 | 000,030,766 | ---- | C] () -- C:\Users\****\Desktop\wow_eu_cd_key_tbc_61178283_JNHCRMLU.jpg
[2010.10.31 15:28:15 | 000,434,262 | ---- | C] () -- C:\Users\****\Desktop\Funky.wav.asd
[2010.10.31 15:24:58 | 066,546,616 | ---- | C] () -- C:\Users\****\Desktop\Funky.wav
[2010.10.24 20:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010.10.24 20:16:15 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010.10.24 20:16:11 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2010.10.23 16:07:42 | 000,700,327 | ---- | C] () -- C:\Users\****\Desktop\201009 Front Office Manual.pdf
[2010.10.22 19:38:21 | 000,025,136 | ---- | C] () -- C:\Users\****\Desktop\wow_eu_cd_key_36669695_YZMLSCPP.jpg
[2010.10.22 17:49:59 | 000,010,613 | ---- | C] () -- C:\Users\****\Desktop\Philosophischer Ansatz zur Spaßsucht.docx
[2010.10.21 20:37:37 | 000,941,701 | ---- | C] () -- C:\Users\****\Desktop\*****_1011_M1_MA_*******-*****-*****.docx
[2010.10.21 18:05:41 | 000,000,162 | -H-- | C] () -- C:\Users\****\Desktop\~$dule Assignment finally !!!!!.docx
[2010.10.21 17:33:33 | 000,939,923 | ---- | C] () -- C:\Users\****\Desktop\Module Assignment finally !!!!!.docx
[2010.10.21 16:50:17 | 000,934,983 | ---- | C] () -- C:\Users\****\Desktop\Module Assignment !!!!!.docx
[2010.10.21 16:22:12 | 000,951,914 | ---- | C] () -- C:\Users\****\Desktop\Module Assignmentfinal.docx
[2010.10.20 20:29:56 | 000,595,628 | ---- | C] () -- C:\Users\****\Desktop\Everything.wav.asd
[2010.10.20 16:50:25 | 000,024,586 | ---- | C] () -- C:\Users\****\Desktop\Borislav Modul Assl.docx
[2010.10.20 15:47:17 | 034,799,416 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt copy.bmp
[2010.10.20 14:53:58 | 009,433,875 | ---- | C] () -- C:\Users\****\Desktop\Deckblatt.psd
[2010.10.19 19:04:26 | 000,546,924 | ---- | C] () -- C:\Users\****\Desktop\Lody Module Ass.docx
[2010.10.17 17:57:18 | 000,054,784 | ---- | C] () -- C:\Users\****\Desktop\a lack of debt available in the market.doc
[2010.10.17 17:57:06 | 000,112,640 | ---- | C] () -- C:\Users\****\Desktop\New Benchmark Options.doc
[2010.10.17 16:39:17 | 000,571,844 | ---- | C] () -- C:\Users\****\Desktop\Girls eat cake.wav.asd
[2010.10.17 12:00:02 | 000,046,592 | ---- | C] () -- C:\Users\****\Desktop\Necessary steps for a new Housekeeping Plan.doc
[2010.10.17 01:10:35 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.16 21:54:23 | 000,018,432 | ---- | C] () -- C:\Windows\atiogl.xml
[2010.10.07 18:19:05 | 000,017,768 | ---- | C] () -- C:\Users\****\Desktop\Cleaning Plan.docx
[2010.10.07 18:18:55 | 003,994,624 | ---- | C] () -- C:\Users\****\Desktop\Module Ssinment.doc
[2010.10.07 16:52:58 | 002,159,104 | ---- | C] () -- C:\Users\****\Desktop\Types of hotels2 18.06.doc
[2010.10.07 15:35:11 | 000,010,423 | ---- | C] () -- C:\Users\****\Documents\Module Assignment Front Page.docx
[2010.10.06 19:15:13 | 000,000,094 | ---- | C] () -- C:\Users\****\AppData\Local\fusioncache.dat
[2010.08.15 16:43:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2010.06.15 18:46:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Ableton
[2010.10.20 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Audacity
[2010.10.09 14:38:06 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Bioshock
[2010.06.18 17:13:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DAEMON Tools Lite
[2010.08.27 23:08:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.20 21:46:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\HandBrake
[2010.10.15 18:40:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ICQ
[2010.10.24 20:17:11 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Leadertech
[2010.06.26 03:09:58 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.06.13 16:59:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Opera
[2010.10.24 15:23:15 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Sports Interactive
[2010.10.06 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\Turbine
[2010.10.16 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\uTorrent
[2010.09.24 19:26:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.06.14 01:05:41 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.02.24 20:22:32 | 000,000,750 | ---- | M] () -- C:\deltaStartup.log
[2010.11.01 20:50:39 | 2389,983,232 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.01 20:55:13 | 3186,647,040 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 02:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006.10.26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.04.17 00:45:28 | 000,307,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-26 12:25:40
 
< End of report >
         
--- --- ---


Jetzt kann ich doch noch einen log posten, aber nur weil ich GMER manuell gestoppt hat. Das tool bleibt immer bei C:/***/Shadowcopy (vielleicht heißt es auch geringfügig anders) hängen. Also wahrscheinlich hätte das tool noch mehr gefunden, aber weiter kann ich es nicht laufen lassen, sonst crasht das tool oder das ganze system.


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-02 12:17:32
Windows 6.1.7600 
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\uxryqpod.sys
 
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text  ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                       82C57599 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                82C7BF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                              section is writeable [0x9183B000, 0x2D556C, 0xE8000020]
PAGE   spsys.sys!?SPRevision@@3PADA + 4F90                                                                   A4A3A000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE   spsys.sys!?SPRevision@@3PADA + 50B3                                                                   A4A3A123 629 Bytes  [55, A3, A4, FE, 05, 34, 55, ...]
PAGE   spsys.sys!?SPRevision@@3PADA + 5329                                                                   A4A3A399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE   spsys.sys!?SPRevision@@3PADA + 538F                                                                   A4A3A3FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE   spsys.sys!?SPRevision@@3PADA + 543B                                                                   A4A3A4AB 2228 Bytes  [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE   ...                                                                                                   
 
---- User code sections - GMER 1.0.15 ----
 
.text  C:\Program Files\Pando Networks\Media Booster\PMB.exe[2916] kernel32.dll!SetUnhandledExceptionFilter  76053162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---



Es wäre so nett, wenn jemand Hilfe wüsste!

Alt 02.11.2010, 15:39   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten.
__________________

__________________

Alt 02.11.2010, 16:59   #3
Haba
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Es gibt nur die eine Logdatei. Gefunden im Reiter Logdateien, und sie öffnet sich ja automatisch nach einen scan. Ich habe sicherheitshalber nochmal einen gemacht:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5016

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.11.2010 16:56:05
mbam-log-2010-11-02 (16-56-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137218
Laufzeit: 6 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 02.11.2010, 17:44   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.11.2010, 20:52   #5
Haba
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Bitte :


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5016

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.11.2010 20:48:09
mbam-log-2010-11-02 (20-48-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 417260
Laufzeit: 1 Stunde(n), 38 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alt 03.11.2010, 12:40   #6
Haba
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Hi,

ich hatte ja anfangs versucht mein system wieder herzustellen, was ja nicht funktioniert hatte. Ich dachte mir, das daher auch das Problem mit GMER käme, weil er sich ja immer bei Shadowvolume aufhing. Jetzt konnte ich den Wiederherstellungspunkt rückgängig machen,
was natürlich meinem Problem weiterhin nicht hilft: Ich habe weiter hin kaum Internet.
Bei der Wiederherstlung wurden jetzt ein paar der Tools gelöscht, aber die Scans stehen ja bereits oben. Aber deswegen war auch die Emulierungssoftware Daemon tools wieder aktiv.


Ich hoffe wirklich ihr könnt mir helfen!

Danke





GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15477 - hxxp://www.gmer.net
Rootkit scan 2010-11-03 12:30:16
Windows 6.1.7600 
Running: gmer.exe; Driver: C:\Users\****\AppData\Local\Temp\uxryqpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                     82C81599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82CA5F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\spie.sys                                                                                           Das System kann den angegebenen Pfad nicht finden. !
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x9183F000, 0x2D556C, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                               91F4ACA0 4 Bytes  JMP 86750450 
.text           a7pac3hs.SYS                                                                                                        92B22000 12 Bytes  [44, C8, C0, 82, EE, C6, C0, ...]
.text           a7pac3hs.SYS                                                                                                        92B2200D 9 Bytes  [A7, C0, 82, 48, CB, C0, 82, ...]
.text           a7pac3hs.SYS                                                                                                        92B22017 20 Bytes  [00, DE, E7, 11, 8B, E6, E5, ...]
.text           a7pac3hs.SYS                                                                                                        92B2202C 149 Bytes  [00, 00, 00, 00, D0, C1, C7, ...]
.text           a7pac3hs.SYS                                                                                                        92B220C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                 

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Pando Networks\Media Booster\PMB.exe[3368] kernel32.dll!SetUnhandledExceptionFilter                771A3162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              8554D1F8
Device          \Driver\sptd \Device\523065061                                                                                      spie.sys
Device          \Driver\volmgr \Device\VolMgrControl                                                                                855481F8
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                    86760500
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                    86760500
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                    86760500
Device          \Driver\usbehci \Device\USBPDO-3                                                                                    85572500
Device          \Driver\PCI_PNP3058 \Device\00000054                                                                                spie.sys
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                    86760500
Device          \Driver\usbuhci \Device\USBPDO-5                                                                                    86760500
Device          \Driver\ACPI_HAL \Device\00000049                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                    86760500
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                              855481F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\usbehci \Device\USBPDO-7                                                                                    85572500
Device          \Driver\volmgr \Device\HarddiskVolume2                                                                              855481F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                        855A8500
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         8554A1F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  8554A1F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  8554A1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1                                                                         8554A1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel0                                                                          8554B1F8
Device          \Driver\msahci \Device\Ide\PciIde0Channel1                                                                          8554B1F8
Device          \Driver\cdrom \Device\CdRom1                                                                                        855A8500
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                              855481F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{11064605-D534-4660-8EE6-790A4D410712}                                            8670C1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                             8670C1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9631D02B-5D3B-437E-BF19-639231377AD4}                                            8670C1F8
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                    86760500
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                    86760500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                    86760500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                    85572500
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                    86760500
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                    86760500
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                    86760500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                    85572500
Device          \Driver\a7pac3hs \Device\Scsi\a7pac3hs1                                                                             8682F500
Device          \Driver\a7pac3hs \Device\Scsi\a7pac3hs1Port2Path0Target0Lun0                                                        8682F500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433724ed8                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002433724ed8@701a041dc3a2                            0x53 0x74 0xF1 0xF0 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x9A 0x6E 0x2A 0xFD ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF6 0x9D 0xF6 0xEA ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x32 0xA9 0x33 0x76 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433724ed8 (not active ControlSet)                     
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002433724ed8@701a041dc3a2                                0x53 0x74 0xF1 0xF0 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xAB 0x92 0xB7 0x4E ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF6 0x9D 0xF6 0xEA ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x32 0xA9 0x33 0x76 ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 03.11.2010, 14:07   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Wlan Unterbrechungen - Standard

Wlan Unterbrechungen



Das OTL-Log ist unauffällig. Hast Du irgendwas vor vier tagen gemacht, da funktionierte WLAN ja noch einwandfrei?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Wlan Unterbrechungen
0 bytes, 5 minuten, adobe, anfang, autorun, avgntflt.sys, avira, bho, bluescreen, bonjour, canon, components, conduit, converter, corp./icp, defender, desktop, drahtloses netzwerk, excel.exe, explorer, firefox, fontcache, format, funktioniert nicht mehr, hkcu\~\run values retrieved., infizierte dateien, internet, internet abbruch, langs, laufzeit, location, logfile, malware, mozilla, nvstor.sys, object, oldtimer, otl logfile, pando media booster, programdata, programm, registry, required, searchplugins, security, senden, software, sptd.sys, start menu, system, teamspeak, unterbrechungen, webcheck, windows, wlan




Ähnliche Themen: Wlan Unterbrechungen


  1. Win7 - WLAN Verbindungsabbrüche, Router flutet PC mit Anfragen über ARP Protokoll, Unbekannte Geräte im WLAN Repeater
    Plagegeister aller Art und deren Bekämpfung - 23.08.2015 (5)
  2. Windows 7: Firefox reagiert nicht, nicht antwortendes Skript, und mehr lästige Unterbrechungen.
    Log-Analyse und Auswertung - 11.11.2014 (7)
  3. WLan Verbindungsprobleme
    Netzwerk und Hardware - 16.01.2014 (14)
  4. WLan über Kabelmodem Thomson und Zyxel DSL WLAN Modem 200
    Netzwerk und Hardware - 04.04.2013 (11)
  5. WLAN spint
    Netzwerk und Hardware - 20.11.2012 (1)
  6. WLAN-Unterbrechungen trotz grünem Symbol auf OK
    Log-Analyse und Auswertung - 25.12.2009 (2)
  7. Problem mit wlan :((
    Alles rund um Windows - 09.11.2009 (6)
  8. wlan problem
    Überwachung, Datenschutz und Spam - 12.09.2009 (16)
  9. Wlan - Verbindungsprobleme
    Alles rund um Windows - 11.08.2007 (3)
  10. WLAN+LAN gleichzeitig...
    Netzwerk und Hardware - 16.02.2007 (7)
  11. WLAN und Aol?
    Netzwerk und Hardware - 09.01.2007 (4)
  12. DoS auf Wlan
    Netzwerk und Hardware - 25.10.2006 (1)
  13. Wlan Router
    Netzwerk und Hardware - 22.10.2006 (2)
  14. WLAN Router
    Netzwerk und Hardware - 19.01.2006 (2)
  15. WLAN wie mach ich das
    Netzwerk und Hardware - 03.01.2006 (3)
  16. Andauernde Dsl Unterbrechungen,Spy oder Backdoor?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2005 (3)

Zum Thema Wlan Unterbrechungen - Hallo liebe Community, seit ca. 4 Tagen habe ich große Internet Probleme. Am Anfang dachte ich, dass es am Router/Provider liegt. Aber andere in meiner WG haben keine Probleme. Es - Wlan Unterbrechungen...
Archiv
Du betrachtest: Wlan Unterbrechungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.