Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme

Antiviren-, Firewall- und andere Schutzprogramme: Internet lahmgelegt - Ddos / Anpingen?

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 13.03.2011, 10:42   #1
morfer
 
Internet lahmgelegt - Ddos / Anpingen? - Frage

Internet lahmgelegt - Ddos / Anpingen?



Hallo liebes TB-Team,


Also mein Problem ist folgendes:
Seit gestern Abend ist mein Internet sogut wie lahmgelegt. Seiten aufzubauen dauern sehr lange und bricht oftmals einfach ab. Ich Downloade nicht mehr mit voller Geschwindigkeit ( zumindest meiner Meinung nach ), und der Ping schwankt beispielwesie bein Onlinegames von normal zb. 30 hoch auf 150, mal wiede runter auf 75 wieder hoch etc. , sprich wilkürlich.

Die Vermutung das es daran liegt das ich von einem anderen Rechner geDosd werde oder ähnliches, liegt daran, dass ich gestern mit drei Freunden in einem Voicechatt war, wir gegen ein gegnerisches Team gespielt haben, und nach deren vermeindlichen Niederlage bei allen dreien von uns das Internet wie oben beschrieben so gut wie down ist. Router RR bringt 2-5 Minuten was aber auch nicht ernsthaft irgendwelche Besserungen.

Ich kenne mich leider nicht sehr gut aus mit solchen Beschwerden, und hoffe das ich hier vielleicht schnelle und gute Hilfe bekommen kann =/
Was mir persönlich noch aufgefallen ist wenn ich per cmd - netstate öffne steht dort zu haufe
TCP 192.168.178.35:49170 217.118.170.204:http FIN_WARTEN_1
TCP 192.168.178.35:49171 217.118.170.204:http FIN_WARTEN_1
TCP 192.168.178.35:49172 217.118.170.204:http FIN_WARTEN_1
TCP 192.168.178.35:49173... usw.

War der erste Anhaltspunkt der mir eingefallen ist, da ich wie gesagt, mich da leider nicht so wahnsinnig gut auskenne.

Anbei dürften die Log Daten von MAM sein, sowie die von OTL
Benutzen tue ich die FritzBox 7270.
Bin natürlich für alle Fragen offen!

Mit freundlichen Grüßen
Jakob

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6039

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.03.2011 10:28:29
mbam-log-2011-03-13 (10-28-29).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 159351
Laufzeit: 1 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 2
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 6
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> 1688 -> Not selected for removal.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> 2932 -> Not selected for removal.

Infizierte Speichermodule:
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Application Updater (PUP.Dealio) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Not selected for removal.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE (PUP.Dealio) -> Value: APPLICATIONUPDATER.EXE -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings (PUP.Dealio) -> Value: SearchSettings -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE (PUP.Dealio) -> Value: SEARCHSETTINGS.EXE -> Not selected for removal.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\application updater\applicationupdater.exe (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files (x86)\pdfforge toolbar\IE\4.3\pdfforgetoolbarie.dll (PUP.Dealio) -> Not selected for removal.
c:\program files (x86)\common files\Spigot\search settings\searchsettings.exe (PUP.Dealio) -> Not selected for removal.
         
Code:
ATTFilter
OTL logfile created on: 13.03.2011 09:01:49 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jakob\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 468,71 Gb Free Space | 78,63% Space Free | Partition Type: NTFS
 
Computer Name: JAKOB-PC | User Name: Jakob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jakob\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jakob\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Creative HOAL Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (ESLWireAC) -- C:\Windows\SysNative\drivers\ESLWireACD.sys (<Turtle Entertainment>)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (hidusbf) -- C:\Windows\SysNative\drivers\hidusbf.sys (SweetLow)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (ESLvnic1) -- C:\Windows\SysNative\drivers\ESLvnic.sys (Turtle Entertainment GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SSHDRV76) -- C:\Windows\SysWOW64\drivers\SSHDRV76.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6D 59 F8 72 37 70 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.05 09:43:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.05 09:43:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.01.03 17:25:07 | 000,000,000 | ---D | M]
 
[2010.10.21 20:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Extensions
[2010.10.21 20:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.03.12 21:14:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions
[2010.12.13 18:55:22 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.11.22 22:49:40 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.10.21 18:15:40 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.28 10:32:13 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.02.28 10:32:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.09 17:27:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.02.28 10:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jakob\AppData\Roaming\mozilla\Firefox\Profiles\01v8ntna.default\extensions\staged-xpis
[2011.03.08 22:00:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.20 17:13:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.22 22:46:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.02.28 10:06:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.08 22:00:13 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.03.08 22:00:13 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.12 21:24:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.12 21:24:52 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.12 21:24:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.12 21:24:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.12 21:24:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.06 20:45:56 | 000,424,779 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14636 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CookiePatrol] C:\PROGRA~2\PESTPA~1\CookiePatrol.exe (Computer Associates International)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PestPatrol Control Center] C:\PROGRA~2\PESTPA~1\PPControl.exe ()
O4 - HKLM..\Run: [PestPatrolCL]  File not found
O4 - HKLM..\Run: [PPMemCheck] C:\PROGRA~2\PESTPA~1\PPMemCheck.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\USB Headsets\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Updater.exe] C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0cba7d49-4bd5-11e0-8472-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{0cba7d49-4bd5-11e0-8472-00ff01000001}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{f42bb76a-2eec-11e0-a52f-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{f42bb76a-2eec-11e0-a52f-00ff01000001}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.13 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Malwarebytes
[2011.03.13 08:56:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.03.13 08:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.03.13 08:56:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.03.13 08:56:04 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.03.13 08:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.03.13 08:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011.03.13 07:45:43 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PestPatrol
[2011.03.13 07:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PestPatrol
[2011.03.13 07:45:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PestPatrol
[2011.03.13 01:34:56 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\TrojanHunter
[2011.03.13 01:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrojanHunter 5.3
[2011.03.13 01:30:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojancheck 6
[2011.03.13 00:51:12 | 000,000,000 | ---D | C] -- C:\kav
[2011.03.12 22:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.03.12 11:42:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2011.03.12 11:42:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2011.03.12 11:42:18 | 000,000,000 | -HSD | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011
[2011.03.11 16:09:29 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Desktop\bin
[2011.03.09 16:38:05 | 000,000,000 | R--D | C] -- C:\Users\Jakob\Dropbox
[2011.03.09 16:37:04 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.03.09 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Dropbox
[2011.03.09 06:57:00 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 06:57:00 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 06:57:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 06:57:00 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 06:56:59 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 06:56:58 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 06:56:58 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 06:56:58 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 06:56:58 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 06:56:58 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 06:56:58 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 06:56:58 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 06:56:57 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 06:56:57 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 06:56:57 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 06:56:57 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.08 22:00:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011.03.08 22:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.03.08 22:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011.03.08 21:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011.03.08 21:59:45 | 001,071,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2011.03.08 21:59:45 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX
[2011.03.08 21:59:44 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCMCDE.DLL
[2011.03.08 21:59:44 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6DE.DLL
[2011.03.08 21:59:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCC2DE.DLL
[2011.03.08 21:59:44 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL
[2011.03.08 21:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2011.02.28 10:06:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.02.28 10:06:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.02.28 10:06:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.02.28 08:48:17 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\.minecraft
[2011.02.28 08:38:08 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Sun
[2011.02.26 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\InstallShield Installation Information
[2011.02.26 14:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unreal Tournament 3 (LG)
[2011.02.26 14:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unreal Tournament 3 (LG)
[2011.02.25 23:48:42 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.02.25 23:48:38 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.02.25 23:48:37 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.02.25 23:48:37 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.02.25 23:48:37 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.02.25 23:48:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011
[2011.02.25 23:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011
[2011.02.25 23:47:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011.02.24 20:48:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\r.u.s.e
[2011.02.24 17:07:00 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Documents\Roaming
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-TW
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\zh-CN
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Virtual PC
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\tr-TR
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\th-TH
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\sv-SE
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ru-RU
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ro-RO
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-PT
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pt-BR
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\pl-PL
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nl-NL
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\nb-NO
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ko-KR
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ja-JP
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\it-IT
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\hu-HU
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\he-IL
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fr-FR
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\fi-FI
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\es-ES
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\el-GR
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\da-DK
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\cs-CZ
[2011.02.24 15:49:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\ar-SA
[2011.02.24 15:47:20 | 004,514,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpc.exe
[2011.02.24 15:47:20 | 002,264,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCWizard.exe
[2011.02.24 15:47:20 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMWindow.exe
[2011.02.24 15:47:20 | 000,360,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcvmm.sys
[2011.02.24 15:32:54 | 000,066,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcnfltr.sys
[2011.02.24 15:32:54 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcvmm.sys.mui
[2011.02.24 15:32:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcnfltr.sys.mui
[2011.02.24 15:32:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vmsal.exe
[2011.02.24 15:32:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpchbus.sys.mui
[2011.02.24 15:32:53 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpchbus.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcnfltr.sys.mui
[2011.02.24 15:32:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcnfltr.sys.mui
[2011.02.24 15:32:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcnfltr.sys.mui
[2011.02.24 15:32:51 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpchbus.sys
[2011.02.24 15:32:51 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vpcusb.sys
[2011.02.24 15:32:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpchbus.sys.mui
[2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcuxd.sys.mui
[2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcuxd.sys.mui
[2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ru-RU\vpcusb.sys.mui
[2011.02.24 15:32:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cs-CZ\vpcusb.sys.mui
[2011.02.24 15:32:50 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VPCSettings.exe
[2011.02.24 15:32:50 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VMCPropertyHandler.dll
[2011.02.24 15:32:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vpchbuspipe.dll
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcuxd.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-TW\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\zh-CN\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\th-TH\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sv-SE\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nb-NO\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ko-KR\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ja-JP\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\he-IL\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\en-US\vpcusb.sys.mui
[2011.02.24 15:32:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fi-FI\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pl-PL\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hu-HU\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\el-GR\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tr-TR\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\nl-NL\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ar-SA\vpcuxd.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ro-RO\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-PT\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pt-BR\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\it-IT\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fr-FR\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\es-ES\vpcusb.sys.mui
[2011.02.24 15:32:47 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\da-DK\vpcusb.sys.mui
[2011.02.24 15:32:46 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vmsal.exe
[2011.02.24 15:20:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011.02.24 15:20:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011.02.24 15:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SSI
[2011.02.24 15:06:04 | 000,305,664 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2011.02.23 22:50:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Interactive
[2011.02.23 15:46:11 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.02.23 15:46:11 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.02.23 15:46:11 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.02.23 15:46:11 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.02.16 10:33:41 | 000,000,000 | ---D | C] -- C:\Users\Jakob\Desktop\Sourcejunkies
[2011.02.15 15:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4PL-Insight
[2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CoffeeCup Software
[2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\CoffeeCup Software
[2011.02.13 22:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\CoffeeCup Software
[2011.02.13 22:32:28 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
[2011.02.13 22:32:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
[2011.02.13 22:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoffeeCup Software
[2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Roaming\GlobalSCAPE
[2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\Users\Jakob\AppData\Local\GlobalSCAPE
[2011.02.13 22:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\GlobalSCAPE
[2011.02.11 12:17:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.13 08:56:07 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 07:45:51 | 000,001,736 | ---- | M] () -- C:\Windows\SetupPestPatrolCorporate.mif
[2011.03.13 07:20:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 07:20:02 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.13 07:17:21 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.13 07:17:21 | 000,655,802 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.13 07:17:21 | 000,616,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.13 07:17:21 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.13 07:17:21 | 000,106,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.13 07:12:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.13 07:12:43 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.13 01:32:11 | 000,059,392 | R--- | M] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.03.11 16:11:52 | 000,096,220 | ---- | M] () -- C:\Users\Jakob\Desktop\ItemslistV110.png
[2011.03.11 08:33:51 | 000,149,504 | ---- | M] () -- C:\Users\Jakob\AppData\Roaming\SharedSettings.ccs
[2011.02.21 16:59:58 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.21 16:59:52 | 000,669,184 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.21 16:59:52 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.19 07:37:10 | 001,540,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.02.19 07:36:49 | 000,902,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.02.19 06:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.02.19 06:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.02.18 13:10:36 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.02.18 13:06:02 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.02.18 13:06:00 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.02.18 13:05:56 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.02.18 13:05:52 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.02.14 15:47:10 | 000,005,120 | ---- | M] () -- C:\Users\Jakob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.03.13 08:56:07 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.13 07:45:21 | 000,001,736 | ---- | C] () -- C:\Windows\SetupPestPatrolCorporate.mif
[2011.03.13 01:32:06 | 000,059,392 | R--- | C] () -- C:\Windows\SysWow64\streamhlp.dll
[2011.03.11 16:11:51 | 000,096,220 | ---- | C] () -- C:\Users\Jakob\Desktop\ItemslistV110.png
[2011.03.08 21:59:45 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2011.02.25 23:48:37 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk
[2011.02.21 16:59:54 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.02.21 16:59:52 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.02.21 16:59:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.02.13 22:32:32 | 000,149,504 | ---- | C] () -- C:\Users\Jakob\AppData\Roaming\SharedSettings.ccs
[2011.02.08 16:20:03 | 000,001,129 | ---- | C] () -- C:\Windows\Settings.ini
[2011.01.24 09:24:14 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\GkSui18.EXE
[2011.01.21 17:52:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.03 23:13:16 | 000,000,132 | ---- | C] () -- C:\Users\Jakob\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.01.03 19:00:03 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfot.dat
[2010.12.04 19:26:58 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.04 19:26:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.23 17:01:23 | 000,001,442 | ---- | C] () -- C:\Windows\cwxdbb48.ini
[2010.11.23 17:01:22 | 000,004,303 | ---- | C] () -- C:\Windows\jcxq_pzk48.ini
[2010.11.12 21:29:00 | 000,005,120 | ---- | C] () -- C:\Users\Jakob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.10 16:11:45 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\drivers\SSHDRV76.sys
[2010.10.20 09:44:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.20 09:42:17 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.09.19 00:49:26 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2008.09.19 00:49:24 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2007.12.06 08:53:48 | 000,001,209 | R--- | C] () -- C:\Windows\xfiskcfg.ini
 
========== LOP Check ==========
 
[2011.03.11 16:10:49 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\.minecraft
[2011.02.13 22:49:02 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\CoffeeCup Software
[2010.10.30 11:53:48 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\DAEMON Tools Lite
[2011.03.10 08:39:41 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Dropbox
[2011.02.19 18:12:46 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\FileZilla
[2010.11.27 11:53:05 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\GHISLER
[2011.02.13 22:17:51 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\GlobalSCAPE
[2011.03.13 01:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\HLSW
[2011.03.07 10:58:58 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\ICQ
[2011.03.13 01:24:43 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\IrfanView
[2011.02.06 19:42:31 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Octoshape
[2010.10.20 17:15:12 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\OpenOffice.org
[2011.01.30 20:39:47 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Publish Providers
[2011.03.13 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Rainmeter
[2011.01.30 20:39:45 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Sony
[2011.01.31 15:30:46 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Sony Creative Software Inc
[2010.10.21 20:52:32 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\Thunderbird
[2011.03.13 01:34:56 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TrojanHunter
[2011.03.13 01:24:42 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TS3Client
[2011.02.25 23:48:31 | 000,000,000 | ---D | M] -- C:\Users\Jakob\AppData\Roaming\TuneUp Software
[2011.01.18 13:43:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.03.2011 09:01:49 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jakob\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 468,71 Gb Free Space | 78,63% Space Free | Partition Type: NTFS
 
Computer Name: JAKOB-PC | User Name: Jakob | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{203DE003-C392-FF19-BCA2-3F775477BC94}" = AMD Drag and Drop Transcoding
"{33A49BF2-CB4F-5E54-D7F5-25502CAB6B70}" = ATI AVIVO64 Codecs
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{397878FC-1B1B-EED7-04A8-3184CE494A3B}" = ATI Catalyst Install Manager
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{752CCAEE-8E33-DE50-9454-B377A2205193}" = ccc-utility64
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{D3A82E80-D0A5-11DF-B425-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{D81C035E-D0A5-11DF-9450-0013D3D69929}" = MSVCRT Redists
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ESL Wire_is1" = ESL Wire 1.9.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00FE2654-4377-8F53-55F4-83B70EE44C73}" = CCC Help Dutch
"{01DD9D3D-FA8A-E148-008D-5CDF1BE8911F}" = CCC Help Korean
"{02F5BD83-B529-37E3-B5DF-32ABC7EC63C4}" = ccc-core-static
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{072224C5-0C98-0902-9A71-89D4A8F3E810}" = CCC Help Thai
"{1229D58B-9185-4F85-71B2-4B34EBF8AD17}" = CCC Help Italian
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{27C6CB2E-415B-6020-91FC-BA5CE3B912AC}" = CCC Help Russian
"{29656550-8463-258C-55BA-5C4F7950DBDE}" = CCC Help Portuguese
"{41B21B1F-950E-13FC-57C7-2AC44B196223}" = Catalyst Control Center Graphics Previews Vista
"{48D5DBBA-7B60-B832-59DB-BE252C2E5A23}" = CCC Help Finnish
"{490F45FA-738D-5D4A-6B9D-DC1373ACF794}" = CCC Help Polish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53AFCE35-1653-91F4-8991-900731F32111}" = CCC Help Norwegian
"{568EF3B9-C672-E82A-BCD4-A88072578521}" = CCC Help Swedish
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5B3A354B-C059-4861-A85B-CA46F1089E15}" = Creative USB Headsets
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{654733F2-22EC-776F-9C2D-CF3C4F578768}" = CCC Help Danish
"{67ABC7E8-A241-F90D-0B04-5BB03428AF96}" = CCC Help Greek
"{6AA30800-F713-BB43-EDA2-1C380FE7FD63}" = Catalyst Control Center Localization All
"{6F235FE4-8EC6-3FAB-1739-A434BFE76E27}" = CCC Help Chinese Standard
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85090727-99E2-F1DC-1589-83D5AC986F3E}" = CCC Help Spanish
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9EEA437C-F436-755C-6B39-1840A33F45CF}" = Catalyst Control Center InstallProxy
"{A05EF3DC-AAFA-6903-433D-0F383F5F4EC3}" = CCC Help German
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{A317EF8E-66FB-94B6-C4FA-96A0AED1AB2F}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch
"{B2AF5585-FACF-7760-5C68-F2DC6BBACE47}" = CCC Help Czech
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCA434F2-A541-F63E-890C-F5D14E5B33D0}" = CCC Help English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4406DB6-A28D-8047-7704-94A8DE7F6A68}" = CCC Help Hungarian
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D5134D14-A38D-A217-4310-5C8B6DFA08D0}" = HydraVision
"{D79E2563-3FDD-0A62-187A-5BE5F920F317}" = CCC Help Turkish
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F538505D-D29C-6259-682C-E607D659B4B4}" = Catalyst Control Center Graphics Previews Common
"{F820F894-EC5F-D52A-F862-5B472EAFE69A}" = CCC Help French
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"{FFB4E67D-DEF9-30BC-39F6-E9C1B05539F9}" = CCC Help Japanese
"4PL-Insight" = 4PL-Insight!
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CoffeeCup Free FTP 4.3.2" = CoffeeCup Free FTP
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Fraps" = Fraps (remove only)
"Free YouTube Download_is1" = Free YouTube Download version 2.10.31
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GameWiz32" = GameWiz32
"HLSW_is1" = HLSW v1.3.3.7b
"Host OpenAL" = Host OpenAL
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Rainmeter" = Rainmeter (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"StarCraft II" = StarCraft II
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 80" = Counter-Strike: Condition Zero
"SysInfo" = Creative Systeminformationen
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.4
"VTFEdit_is1" = VTFEdit 1.2.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FileZilla Client" = FileZilla Client 3.3.5.1
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.03.2011 11:03:09 | Computer Name = Jakob-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.03.2011 06:38:56 | Computer Name = Jakob-PC | Source = VSS | ID = 8194
Description = 
 
Error - 12.03.2011 08:22:01 | Computer Name = Jakob-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.03.2011 20:18:27 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 12.03.2011 20:21:43 | Computer Name = Jakob-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 12.03.2011 20:22:15 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 12.03.2011 20:22:50 | Computer Name = Jakob-PC | Source = System Restore | ID = 8200
Description = 
 
Error - 12.03.2011 20:25:44 | Computer Name = Jakob-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 12.03.2011 20:33:07 | Computer Name = Jakob-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: tc6.exe, Version: 6.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00001f63  ID des fehlerhaften Prozesses:
 0xdc  Startzeit der fehlerhaften Anwendung: 0x01cbe11603776749  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Trojancheck 6\tc6.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files (x86)\Trojancheck 6\tc6.exe  Berichtskennung: 76ed4894-4d09-11e0-ace8-00ff01000001
 
Error - 13.03.2011 02:45:03 | Computer Name = Jakob-PC | Source = MsiInstaller | ID = 10005
Description = 
 
[ System Events ]
Error - 13.03.2011 02:12:41 | Computer Name = Jakob-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\SSHDRV76.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.03.2011 02:13:08 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.03.2011 02:13:19 | Computer Name = Jakob-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         

Alt 13.03.2011, 15:14   #2
Noutbuk
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Hey morfer,

laut den Verbindungen wirst nicht du "gedost", sondern du dost die IP 217.118.170.204, welche zu wer-kennt-wen.de gehört.
Lad dir mal TCPView runter technet.microsoft.com/de-de/sysinternals/bb897437, damit lässt sich dann feststellen, welcher Prozess für die Verbindungen verantwortlich ist.
Seltsam erscheint mir auf jeden Fall folgende Datei:
C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe

Mfg,
Noutbuk
__________________


Geändert von Noutbuk (13.03.2011 um 15:18 Uhr) Grund: Link

Alt 13.03.2011, 16:00   #3
morfer
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Zitat:
Zitat von Noutbuk Beitrag anzeigen
Hey morfer,

laut den Verbindungen wirst nicht du "gedost", sondern du dost die IP 217.118.170.204, welche zu wer-kennt-wen.de gehört.
Wow, okay das ist defenitiv nicht mein Verdienst =/

Zitat:
Zitat von Noutbuk Beitrag anzeigen
Lad dir mal TCPView runter technet.microsoft.com/de-de/sysinternals/bb897437, damit lässt sich dann feststellen, welcher Prozess für die Verbindungen verantwortlich ist.
Seltsam erscheint mir auf jeden Fall folgende Datei:
C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe
Okay ich hatte vorhin ZoneAlarm gezogen, und diese IP bzw. diesen Sendeantrag geblockt. Meine netstat anzeige war wieder normal, Internet war wieder wie gewohnt schnell und wie oben erwähnt die Ip tauchte nicht mehr auf.
Hab das eben nochmal deaktiviert damit ich per TCPView mir den Verlauf anschauen kann, und siehe da wie du es vermutet hast das Verzeichniss is exakt das oben genannte.
Wenn ich nun allerdings in den Roaming Ordner gehe sehe ich diesen Ordner nicht, nur der normale Microsoftordner ist vorhanden =/

Danke schonmal bis hierhin, hast du nun weitere Vorschläge?



edit: So hab ihn per Interner Suche gefunden, und so den Pfad öffnen können. In dem Ordner liegt einmal die Updater Anwendung (805KB groß) und eine Autorun VBscript-Skriptdatei.
Diese Datei geöffnet mit dem Edior zeigt folgendes an :
Code:
ATTFilter
Set MyShell = CreateObject("Wscript.Shell")
on error resume next
MyShell.Regwrite "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater.exe", Chr(34) & "C:\Users\Jakob\AppData\Roaming\Microsoft_Updates_2011\Updater.exe" & Chr(34), "REG_SZ"
         
Weiteres Verfahren? =/
__________________

Geändert von morfer (13.03.2011 um 16:06 Uhr)

Alt 13.03.2011, 16:07   #4
Noutbuk
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Hast du auch im Explorer die Optionen für "Ausgeblendete Dateien, Ordner und Laufwerke anzeigen" aktiviert sowie für "Geschützte Systemdateien ausblenden(empfohlen)" deaktiviert?

Edit:
Die .vbs datei legt nur einen Autostarteintrag an.
Zu finden dann in der Registry unter dem Schlüssel "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater.exe".
Die Updater.exe evtl. mal bei virustotal.com hochladen und gucken, was dabei rauskommt.

Alt 13.03.2011, 16:24   #5
morfer
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Zitat:
Zitat von Noutbuk Beitrag anzeigen
Hast du auch im Explorer die Optionen für "Ausgeblendete Dateien, Ordner und Laufwerke anzeigen" aktiviert sowie für "Geschützte Systemdateien ausblenden(empfohlen)" deaktiviert?
Perfekt, danke damit sehe ich nun auch den Ordner ( Geschütze Systemdateien ausblenden )


Zitat:
Zitat von Noutbuk Beitrag anzeigen
Edit:
Die .vbs datei legt nur einen Autostarteintrag an.
Zu finden dann in der Registry unter dem Schlüssel "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Updater.exe".
Die Updater.exe evtl. mal bei virustotal.com hochladen und gucken, was dabei rauskommt.
Soll ich diese Reg-Schlüssel löschen?

Bei Virustotal ist das hier rausgekommen

Code:
ATTFilter
Antivirus 	Version 	Last Update 	Result
AhnLab-V3 	2011.03.13.00 	2011.03.12 	-
AntiVir 	7.11.4.177 	2011.03.12 	-
Antiy-AVL 	2.0.3.7 	2011.03.12 	-
Avast 	4.8.1351.0 	2011.03.13 	-
Avast5 	5.0.677.0 	2011.03.13 	-
AVG 	10.0.0.1190 	2011.03.13 	-
BitDefender 	7.2 	2011.03.13 	-
CAT-QuickHeal 	11.00 	2011.03.13 	-
ClamAV 	0.96.4.0 	2011.03.13 	-
Commtouch 	5.2.11.5 	2011.03.12 	-
Comodo 	7967 	2011.03.13 	-
DrWeb 	5.0.2.03300 	2011.03.13 	-
Emsisoft 	5.1.0.2 	2011.03.13 	-
eSafe 	7.0.17.0 	2011.03.13 	-
eTrust-Vet 	36.1.8211 	2011.03.11 	-
F-Prot 	4.6.2.117 	2011.03.12 	-
F-Secure 	9.0.16440.0 	2011.03.13 	-
Fortinet 	4.2.254.0 	2011.03.13 	-
GData 	21 	2011.03.13 	-
Ikarus 	T3.1.1.97.0 	2011.03.13 	-
Jiangmin 	13.0.900 	2011.03.13 	-
K7AntiVirus 	9.93.4087 	2011.03.11 	-
Kaspersky 	7.0.0.125 	2011.03.13 	-
McAfee 	5.400.0.1158 	2011.03.13 	-
McAfee-GW-Edition 	2010.1C 	2011.03.13 	-
Microsoft 	1.6603 	2011.03.13 	-
NOD32 	5949 	2011.03.13 	-
Norman 	6.07.03 	2011.03.12 	-
nProtect 	2011-02-10.01 	2011.02.15 	-
Panda 	10.0.3.5 	2011.03.13 	-
PCTools 	7.0.3.5 	2011.03.11 	-
Prevx 	3.0 	2011.03.13 	-
Rising 	23.48.05.03 	2011.03.12 	-
Sophos 	4.63.0 	2011.03.13 	-
SUPERAntiSpyware 	4.40.0.1006 	2011.03.13 	-
Symantec 	20101.3.0.103 	2011.03.13 	-
TheHacker 	6.7.0.1.149 	2011.03.12 	-
TrendMicro 	9.200.0.1012 	2011.03.13 	Possible_Virus
TrendMicro-HouseCall 	9.200.0.1012 	2011.03.13 	Possible_Virus
VBA32 	3.12.14.3 	2011.03.12 	-
VIPRE 	8691 	2011.03.13 	-
ViRobot 	2011.3.12.4354 	2011.03.13 	-
VirusBuster 	13.6.248.0 	2011.03.13
         
Hoffe man kann es einigermaßen erkennen, bei TrendMicro und TrendMicro-Housecall schläg er möglicherweise an.

Danke nochmals bis hierhin!
Weitere Ideen?


Alt 13.03.2011, 16:35   #6
Noutbuk
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Den Reg-Schlüssel auf jeden fall löschen.
Dann müsste auch noch ein Prozess im Task-Manager laufen, der auch "Updater.exe" heißt, welchen du auch beenden kannst.
Prüfe dann mal nach einem Neustart, ob der Prozess wieder läuft oder nicht.

Alt 14.03.2011, 14:21   #7
morfer
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Zitat:
Zitat von Noutbuk Beitrag anzeigen
Den Reg-Schlüssel auf jeden fall löschen.
Dann müsste auch noch ein Prozess im Task-Manager laufen, der auch "Updater.exe" heißt, welchen du auch beenden kannst.
Prüfe dann mal nach einem Neustart, ob der Prozess wieder läuft oder nicht.


Hey, so sorry das ich dir erst jetzt antworte, da ich gestern noch weg musste

Ich muss dir echt mega danken Noutbuk, hat alles wunderbar geklappt und der scheiß scheint gelöscht zu sein. Nachdem ich dann ZoneAlarm wieder runtergehauen habe, tauchte das Problem auch nicht mehr auf!

Werde zwar vorsichtshalber im näheren Zeitraum den Pc neu aufsetzen da ich keine Lust auf nen Backdoor Zeugs habe, aber jetzt habe ich erstmal etwas ruhe!


Wirklich vielen vielen dank an dich das du mir direkt nach deiner Anmeldung helfen konntest! Mal wieder ne Bestätigung warum ich hier soviel mitlese

Alt 15.03.2011, 14:23   #8
Noutbuk
 
Internet lahmgelegt - Ddos / Anpingen? - Standard

Internet lahmgelegt - Ddos / Anpingen?



Freut mich, dass ich dir erstmal helfen konnte
Neu aufsetzen ist wirklich eine sinnvolle Maßnahme, man kann ja nie wissen, ob da nicht doch noch was geblieben ist.

Gruß Noutbuk

Antwort

Themen zu Internet lahmgelegt - Ddos / Anpingen?
64-bit, adblock, antivir, avgntflt.sys, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, converter, desktop, error, firefox, flash player, helper, home, install.exe, jdownloader, kaspersky, langs, location, logfile, mozilla thunderbird, mp3, msiinstaller, msvcrt, oldtimer, otl.exe, pdfforge toolbar, popup, problem, programdata, realtek, registry, richtlinie, safer networking, saver, sched.exe, searchplugins, security, shell32.dll, shortcut, software, spigot, sptd.sys, start menu, system, syswow64, teamspeak, updates, webcheck



Ähnliche Themen: Internet lahmgelegt - Ddos / Anpingen?


  1. Windows Vista - Internet wird lahmgelegt, sobald sich Windows 7 Pc in den Router wählt
    Log-Analyse und Auswertung - 03.02.2015 (7)
  2. Computer von Viren lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 17.07.2013 (4)
  3. Virenprogramm lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 15.06.2013 (28)
  4. McAfee lahmgelegt und rundll32.exe mehrfach
    Log-Analyse und Auswertung - 17.01.2013 (7)
  5. AKM 100 Euro Virus hat meinen PC lahmgelegt
    Log-Analyse und Auswertung - 30.05.2012 (1)
  6. trojaner windows lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (1)
  7. BKA Trojaner Laptop lahmgelegt
    Log-Analyse und Auswertung - 04.03.2012 (1)
  8. BKA-Virus! Bundeskriminalamt hat PC lahmgelegt.
    Log-Analyse und Auswertung - 09.09.2011 (25)
  9. Mein PC mit TR/Shutdowner.fft (kd.dll) infiziert und lahmgelegt :(
    Plagegeister aller Art und deren Bekämpfung - 27.12.2010 (7)
  10. a.exe und msa.exe haben pc lahmgelegt
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (1)
  11. Virus hat pc lahmgelegt! Unbekannt
    Plagegeister aller Art und deren Bekämpfung - 11.04.2009 (2)
  12. Übles Virus (kein Internet, Wallpaper verändert, Avira lahmgelegt)
    Plagegeister aller Art und deren Bekämpfung - 20.03.2009 (4)
  13. Google Suche lahmgelegt?
    Log-Analyse und Auswertung - 18.09.2008 (1)
  14. System lahmgelegt, was war das???
    Plagegeister aller Art und deren Bekämpfung - 07.08.2008 (2)
  15. XP durch löschen von RegistryEinträgen lahmgelegt
    Alles rund um Windows - 01.06.2008 (3)
  16. Bin völlig lahmgelegt--Bitte helft mir!!!
    Log-Analyse und Auswertung - 24.10.2004 (2)
  17. Lahmgelegt
    Log-Analyse und Auswertung - 24.10.2004 (1)

Zum Thema Internet lahmgelegt - Ddos / Anpingen? - Hallo liebes TB-Team, Also mein Problem ist folgendes: Seit gestern Abend ist mein Internet sogut wie lahmgelegt. Seiten aufzubauen dauern sehr lange und bricht oftmals einfach ab. Ich Downloade nicht - Internet lahmgelegt - Ddos / Anpingen?...
Archiv
Du betrachtest: Internet lahmgelegt - Ddos / Anpingen? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.