Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google deutlich langsamer

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 24.05.2011, 17:06   #1
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Hallo Trojaner-Board-Team

In letzter Zeit ist mir aufgefallen das speziel die Googlesuche und andere Internetdienste um einiges langsamer sind , machmal klappt die Googlesuche sogar nach 3-4min. nicht ,was aber nur Einzelfälle sind.
Andere Seiten sind auch ein wenig langsamer , was mir aber auch nur so vor kommen kann .
Als Browser benutze ich die neuste Version von Firefox mit einer 62k WLAN-Verbindung.
Es kann sich vielleicht auch um nichts handeln doch machen mich diese zum Teil langen Ladezeiten bei Google schon etwas stutsig.

(Aus irgendeinem Grund wird mein loaclhost auch nicht mehr in HijackThis-Log angezeigt .... für das ich aber auch ein eigenes Thema aufmachen kann )

Malwarebytes-Log
Zitat:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6661

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

24.05.2011 16:35:50
mbam-log-2011-05-24 (16-35-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 168240
Laufzeit: 9 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL-Extra
Zitat:
OTL Extras logfile created on: 24.05.2011 16:50:47 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Admin\Documents\Antivir Tool
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 18,63 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RB_GAMBLER
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004690F9-447C-4FB7-9ED1-53AE76437BA5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{06861CD2-E806-4547-B8AC-68171AA01342}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{07C7FB87-4959-4DAA-8EBF-CB00A3C99704}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{08333E65-8030-49C8-B563-5594ACF8AC92}" = rport=5358 | protocol=6 | dir=out | app=system |
"{08406D0A-B624-48E8-806C-23951AF66841}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{0B762A8E-A972-48B9-878C-C7F60F7F5285}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |
"{0D1BAAD5-5CF0-49FE-AB36-540D341A5FE0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0ED7231E-D701-41EF-8B08-AB2A56BD96DE}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{116462A5-7163-469D-AB24-7C8117C6DEFA}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{18CB71CD-17FE-4050-8607-E6B86E74ACA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1BF3C460-F588-47B2-81F3-B358FAB04095}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2075C100-ADA4-48CB-80AF-0CEBC8D5D377}" = lport=2302 | protocol=17 | dir=in | name=tw |
"{282722E4-825A-4C35-BF3B-62A987E6F8B4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2B90447C-C065-421D-BEC2-FEF8317BD927}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2EAEA566-E42E-478B-B8AF-79A7F1357439}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EB0DB70-7335-4E38-B25D-20557BE8C886}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{31E612F6-537D-46B4-8396-AFDEEE417089}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{34BC93A8-A20E-4B84-BB62-7C5103022F38}" = rport=5357 | protocol=6 | dir=out | app=system |
"{37188D1A-8180-49D2-AE50-163B9BF435E5}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{381C5751-389F-4D0C-BC9B-5880DB348D3F}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{3BA0D792-8D02-4317-8AFA-43CC9899C5DE}" = lport=8303 | protocol=17 | dir=in | name=tw |
"{43D0FB36-DBED-4F0E-BB00-15C9FC093B1C}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{44F5A563-7F51-480A-886E-F255A2C93906}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{450A8278-34C7-42DC-AEB2-B88150156ADE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4FD97A67-796A-4813-B604-86F4C623EE73}" = lport=28008 | protocol=6 | dir=in | name=s4 2 |
"{52A5B528-2428-4A19-89F1-B667B418E452}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5A2A5E9D-21A9-4788-981F-C894DB443158}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BD58991-342F-42EE-B4A8-6720BBF7898C}" = lport=5358 | protocol=6 | dir=in | app=system |
"{5F029063-B117-4990-9549-87D46F84C476}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{624715C9-1B5D-487C-96E3-F909B8B96DA9}" = lport=12975 | protocol=6 | dir=in | name=hamachi tcp |
"{62DCB292-2DCE-44C6-87FC-F4345794F1E8}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{65658618-4A48-461D-8C4A-2A2353511878}" = lport=3390 | protocol=6 | dir=in | app=system |
"{656F617B-BC90-4531-A1CC-06254D120462}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{70F50DC3-CC9B-4F45-886B-8DFF27A2A81F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{777BAC55-7819-4AAF-8630-4A3ADA662089}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{80DCAD05-1AB0-48D8-9E2D-972F650CF63D}" = lport=12975 | protocol=17 | dir=in | name=hamachi udp |
"{84BBF896-8428-40AB-A148-F4F84E90C44F}" = lport=8303 | protocol=6 | dir=in | name=tw 8303 |
"{8764415A-91EB-4A8F-A8C3-329F8B20BA35}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{879E0E17-0C48-4225-BA41-A43557BDA4C2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8B3B0828-F65D-42BF-9AB7-96C52034B5D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9135F484-4E6D-4DEF-AFD0-2DDBAE35841E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{930AC879-1159-4692-B26A-0675BA81262F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{96E35966-33D1-43E2-978F-D021EAF8EF8F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{985B7133-C7D7-466F-8E1A-85D9B2289D48}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{99E760DE-81C4-4A66-AA45-4E274DD13EDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9AC1C82B-E4B0-461A-AA26-EFC7C40936F7}" = lport=28012 | protocol=6 | dir=in | name=s4 3 |
"{9AE7A09B-47FC-4AAB-B7EE-49E89181A154}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{9C837893-F5A1-433E-9AD3-7020AD122043}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1933B21-5A75-4D17-A0FB-D541145D90EE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2889F28-A55A-47AD-9D85-8CAD37FFCFF8}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{A41C235B-6620-4DE0-B38E-3B57857AA08C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A741D6D9-3FD0-4D71-A013-17E72281EFF2}" = rport=10244 | protocol=6 | dir=out | app=system |
"{AD5BB069-A931-40F1-9DE4-E00E58501244}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AF450CCA-492B-4E7B-9BA1-5BE9ABB47ADF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B1020F3C-8E8A-461A-8CF8-1EE41AD140E8}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{B4C3A972-8DEC-4407-8B85-CA44ABA09E61}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5D543C1-DFB5-4858-81BF-1AC1E96C1A14}" = lport=10244 | protocol=6 | dir=in | app=system |
"{BB59F853-9C92-40B4-9224-0270FEFE021B}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C7EB228B-A45A-4687-9055-D835C60D2567}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe |
"{CD4C6D05-88D1-4667-A97C-7DC090161C96}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF8A55D4-4E23-4D8F-BB0F-944A8D5279BA}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CFA169DE-5F38-44F2-B7B6-8074B0D63662}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{D06610F6-0300-4658-8654-A80434F1B656}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D1FBA46D-5A14-40C5-AA34-F297ED345F8A}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe |
"{D527F141-2C99-4F7D-820E-E2530C64D4C4}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC6B014B-3EB5-4C73-A479-B086351C81A4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD3950F1-5D82-490E-B8D3-AAF9CBE3E4BA}" = lport=28002 | protocol=6 | dir=in | name=s4 1 |
"{DE543CB2-3E64-43D9-AA77-0D973C4B549B}" = lport=2303 | protocol=17 | dir=in | name=tw ha |
"{DF53D547-9BAC-48DA-BDB2-363523411403}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E2328F57-D768-4176-BC8A-1DA311AF33A7}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe |
"{E9B0140C-37DB-407C-8D27-0BA6F8DA5A3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ECFE14DA-444F-4A6B-B73D-E22C3FF91E37}" = lport=28013 | protocol=6 | dir=in | name=s4 4 |
"{EE4C577E-8DEB-4F51-B436-78C1B133A4DF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFC0FCB4-E9D7-4272-B8A8-2038C1DB2E04}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{F6AEE217-F67E-432A-853A-5B693CB74436}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8AA787C-C282-4A70-8C5B-81FA2EE48627}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{FC13EB8A-A829-43AC-8816-1FE63AFD3D8F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FC2A0125-B8D5-48C4-A02C-5959A11C217D}" = lport=5357 | protocol=6 | dir=in | app=system |
"{FCE3F5EE-F8AE-4599-ACC1-DE38769F5CA6}" = lport=3390 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0327151D-878D-4A38-9BD2-0EE076F3A093}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{04B74CC0-7825-4008-A503-54ED2A07C512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0628B977-3468-4C96-9D5A-46E258443190}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1204C3BC-D2AE-43E2-9A37-F519A7478D5B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{1948DEBF-2042-4815-B730-47F8FB9EA0D4}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{21D59BA6-36DD-4005-9468-2B15518AB91C}" = protocol=6 | dir=in | app=c:\windows\system32\pnpunattend.exe |
"{26108CDB-062A-40E6-BA9A-66A0C99D62F5}" = protocol=17 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe |
"{275DF17D-9FBF-4B9D-A413-BCB206AB5B2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E95F510-6754-4AE3-92A1-376FA964B97C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FF05309-7267-4BB4-AF3E-99A6AC66FB37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{31969B82-7954-4160-837F-DE3B92C26BB8}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe |
"{3BA2E277-A511-48EF-B3A2-DAEC8F8A5680}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{3CB056B3-291E-453D-9B49-9B8BF2192E3E}" = protocol=17 | dir=in | app=c:\windows\system32\pnpunattend.exe |
"{4DB713A7-2CB7-4E09-B7BD-4F12616D1B32}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{50183B46-C4F9-4E68-862D-B4CC7353490D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{559AA041-7D61-4203-9D04-C4DF17578DED}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5929EA80-5EBD-450C-807B-A4910F032163}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{648045F7-F298-4F2A-8538-D594784B502F}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{68B213FD-3325-4E69-A0FC-B073FB9A81F2}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{6D5C6C05-E9F4-4CBB-9F34-8F4FD1336056}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{73B1059D-D081-41DF-A9C3-13A50E52A78F}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{7E2F362C-0404-407D-8FAE-C28A28660E33}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{7F0510E1-CE09-4652-9BDB-0FD623C64924}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{8F6A4F45-5B1D-4E7A-A87E-FF45D2A1506A}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{998E2665-F187-4D54-910B-60DE1935FE65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB20826-7B07-4DB3-90CA-38A0A60C236A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{9E36F3D0-BED4-413E-91DB-784281D166D7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9FD8BA97-2C67-4412-82CD-A0755C5AF461}" = protocol=6 | dir=out | app=system |
"{A0640273-C524-4B97-A8D1-C8CDF809689E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4EDBB36-0E54-4CDA-A9B4-1A1C890BD6A3}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{B8339E83-7B88-46E2-A1DF-C63B18CCAB1A}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{BA9A59C5-9613-4F29-8942-20256EF83C43}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA582380-A665-4DF6-8C3A-0A085CD7A7B1}" = protocol=6 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe |
"{CEBFE0B5-61BC-46C9-B5AE-4267F6732D4A}" = protocol=17 | dir=in | app=e:\tobit clipinc\player\clipinc-player.exe |
"{D1A025E8-E92F-4821-956C-BE0932CF93A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D63359B8-B2DF-4065-ACAE-3F2611FB90F3}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"{D8322E90-180B-4AB7-BCFD-FFE38A296C6E}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{DD2B8940-3DBB-4437-AFD9-1F79DA324B8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE12A357-B4D5-483F-89FD-1A3B2250D1E6}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{DEF3BFAA-B422-4084-B443-1AF64D750C1B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{E0D4823C-EB42-4F2E-86DF-FE875715D769}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe |
"{E359B177-E828-4183-958B-A412D0710C50}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{E65782AB-D379-4EC7-9EE6-BB8D9682F3E0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EBFC21CC-35BD-40BE-9614-60BD20F9DAA9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EEEFEA88-E9BA-4133-963C-8A93DB01D1B0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{F02B80AC-C02B-4CDB-9F0E-7CEB45C2990A}" = protocol=6 | dir=in | app=e:\tobit clipinc\server\clipinc-server.exe |
"{F3D93D41-1185-4AE7-9678-C400415280B8}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe |
"{F79A74B4-9132-4CDB-9347-2508BB614A94}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe |
"TCP Query User{0C3B7740-E651-4FE1-AEF9-7AAD8BE294E3}E:\halo\halo.exe" = protocol=6 | dir=in | app=e:\halo\halo.exe |
"TCP Query User{145A8518-F08D-4CA1-AEC7-A48ED032BAAA}C:\ut2004\system\ut2004.exe" = protocol=6 | dir=in | app=c:\ut2004\system\ut2004.exe |
"TCP Query User{1547E639-B596-4400-9A4A-1A8C7B2B8AF7}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{1ACD749B-0095-45D0-B683-29B964D62FC7}C:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv_race.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv_race.exe |
"TCP Query User{20148DD9-3012-434C-8D88-24DCB3E9F2AB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2332112C-D8F1-4B92-828A-3FC07EFB4FCE}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{2D8CF95C-C4DF-4ABC-814A-053D507B53B3}C:\program files\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\halo\halo.exe |
"TCP Query User{3582CF39-0063-4A6F-A2F5-5B7713D84E75}C:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=6 | dir=in | app=c:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"TCP Query User{3BC687D5-46EB-4567-B6C0-AE4D6A5CF72E}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{4C36D7E9-2627-46BE-A455-CB1BE27E4B9D}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{4DD9F5EA-439E-4A08-ABE3-3BEB4E2A3B76}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe" = protocol=6 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe |
"TCP Query User{52C555F5-C906-4415-BAD6-B0E1E83F7E46}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe" = protocol=6 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe |
"TCP Query User{560E03FC-278B-4EFC-8EFB-67D3E1C9872F}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5AEB5DBA-72C5-44EE-B311-4175FEC57FE1}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{6F0581C6-3427-4932-9683-082CCBC88D1E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{71BEC26B-64F0-4D29-BB40-15C01113CD0D}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"TCP Query User{92F34CB6-6FE6-4059-AD7F-56DCBEB0D38B}C:\program files\icq7.4\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"TCP Query User{938467A5-DCDC-47B3-8B5A-98D4F26FE0B9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{94E65B69-60AD-445C-8FC2-E4B65633365E}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D5331248-FD44-41D8-9DF9-5F6708CFD034}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"TCP Query User{DCC35BD8-84C4-4880-9DBD-0DA67BF86A05}C:\program files\halo\halo.exe" = protocol=6 | dir=in | app=c:\program files\halo\halo.exe |
"TCP Query User{EFCD25FD-2FEC-4E61-829A-088F10B497C7}C:\users\admin\documents\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=6 | dir=in | app=c:\users\admin\documents\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"TCP Query User{F62B4F78-C690-446E-9091-8DCF1EE2F4D1}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{F72FE1A6-8362-4A2C-87B3-DE3A9B683B07}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{FD833759-8692-4242-A75F-340E5CAE2349}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0361781A-E9BB-4D41-A0F2-282C4EA02501}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{06ECF41A-F2C7-40B8-9498-2767975495D2}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{0B23CEFA-0FD6-4E36-9D49-A756EB1447A4}C:\users\admin\documents\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=c:\users\admin\documents\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"UDP Query User{0E942797-37B4-455F-9705-5B3F8FB5F3A9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0EDD6DEC-C90D-40CA-AAFA-F550E09D69CC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{0F2507DC-F8A9-42A5-AF8C-2FC127655328}C:\program files\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\halo\halo.exe |
"UDP Query User{2B130B26-D385-4395-A525-833A3EC4B2EA}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2BFCC1EA-F6CD-4D12-9367-4592E11583FA}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2DC78727-2A77-4D15-9DB2-979E9E0ECF69}C:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv_race.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv_race.exe |
"UDP Query User{34F8C4DC-F504-4B94-B654-97400BF295D0}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"UDP Query User{40BC453A-387E-4641-B787-41B859670259}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{50E7FE7C-AE5A-4CD5-928C-AE7FA4209B06}C:\ut2004\system\ut2004.exe" = protocol=17 | dir=in | app=c:\ut2004\system\ut2004.exe |
"UDP Query User{6A52BF22-01BC-45BE-9190-D387DDF4BF33}C:\program files\icq7.4\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"UDP Query User{6C91AEC2-5E2B-447F-9382-0905BD74125E}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{71FB3A61-471B-4729-AE4E-76E7DE704231}E:\halo\halo.exe" = protocol=17 | dir=in | app=e:\halo\halo.exe |
"UDP Query User{75B0EF3F-0E9B-4648-A81D-3FF3516A8A9F}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe" = protocol=17 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe |
"UDP Query User{7F127658-EBD4-4A36-B816-8543515657A7}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe" = protocol=17 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_instagib.exe |
"UDP Query User{826DBA50-07C5-453B-B46D-F49333F53002}C:\program files\halo\halo.exe" = protocol=17 | dir=in | app=c:\program files\halo\halo.exe |
"UDP Query User{94209750-FBD8-4BAC-868B-80E6E3FE7BD2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{A3B0384C-DB30-47B5-AFFF-216C71ABD8B5}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{C233AA79-263D-4B96-BA35-9DF201AE5057}C:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe" = protocol=17 | dir=in | app=c:\program files\teeworlds\teeworlds-0.5.2-win32\teeworlds_srv_catch.exe |
"UDP Query User{D0034551-B8F1-4120-B9E3-7F21F2DFE0A7}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D15A36A3-4EF0-4BC5-902D-73E5C2FD449D}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{EC68CC30-084A-4EAE-890C-63A410DC0A76}C:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe" = protocol=17 | dir=in | app=c:\users\admin\desktop\teeworlds-0.5.1-win32\teeworlds_srv.exe |
"UDP Query User{F3859FB9-752A-4206-BB4E-D996F5E3BC41}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{282C4EAA-F162-F52F-7BAF-C7B50DAAA00A}" = ccc-utility
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"HijackThis" = HijackThis 2.0.2
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"SMSERIAL" = Motorola SM56 Data Fax Modem
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
OTL
Zitat:
OTL logfile created on: 24.05.2011 16:50:47 - Run 2
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Users\Admin\Documents\Antivir Tool
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,05 Gb Total Space | 18,63 Gb Free Space | 12,50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RB_GAMBLER
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\Admin\Documents\Antivir Tool\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Admin\Documents\Antivir Tool\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LckFldService) -- C:\Windows\System32\LckFldService.exe File not found
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (XDva380) -- C:\Windows\System32\XDva380.sys File not found
DRV - (XDva370) -- C:\Windows\System32\XDva370.sys File not found
DRV - (XDva362) -- C:\Windows\System32\XDva362.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MotioninJoyUSBFilter) -- C:\Windows\System32\DRIVERS\MijUfilt.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Admin\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) NVIDIA nForce(tm) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()
DRV - (SilverLink) Texas Instruments SilverLink (USB GraphLink) -- C:\Windows\System32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (RRamdisk) -- C:\Windows\system32\DRIVERS\rramdisk.sys (gavotte)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (dsreader) MaxDrive Driver (dsreader.sys) -- C:\Windows\System32\drivers\dsreader.sys (Thesycon GmbH, Germany)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 32 28 C5 44 D6 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://uk.ign.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: IncredibleBookmarks@visibotech.com:0.7.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.3
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3
FF - prefs.js..extensions.enabledItems: foxdie_ext_ocelot@foxdie.us:3.6.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: FoxdieGraphite@tanjihay.com:3.6.4
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110329release
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.19 17:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.19 17:48:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 10:15:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.15 16:04:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.09.09 14:50:59 | 000,000,000 | ---D | M]

[2009.08.17 17:09:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2011.05.24 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions
[2011.02.18 15:20:05 | 000,000,000 | ---D | M] (ANTHEM) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2011.05.09 18:45:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.27 17:06:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\ALone-live@ya.ru
[2011.04.21 16:18:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\bug489729@alice0775
[2011.04.29 19:31:18 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\fbdislike@doweb.fr
[2010.12.08 17:56:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\firefox@facebook.com
[2011.04.14 18:17:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\phcr2h4c.default\extensions\personas@christopher.beard
[2010.02.16 17:36:20 | 000,002,055 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\daemon-search.xml
[2011.05.09 18:45:43 | 000,000,168 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\icqplugin.gif
[2011.05.09 18:45:43 | 000,000,618 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\icqplugin.src
[2011.05.18 16:09:01 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\icqplugin.xml
[2010.07.06 18:16:14 | 000,001,196 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\phcr2h4c.default\searchplugins\winamp-search.xml
[2011.04.14 18:41:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.19 17:06:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 17:38:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.08 17:51:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.25 16:01:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.15 15:58:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.30 10:15:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

Hosts file not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Admin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.24 16:34:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\DDMSettings
[2011.05.21 17:23:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\.minecraft
[2011.05.19 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\DivX
[2011.05.19 17:47:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.05.19 17:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.05.17 17:50:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.04.28 10:29:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.28 10:29:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.28 10:28:47 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll

========== Files - Modified Within 30 Days ==========

[2011.05.24 16:51:33 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job
[2011.05.24 16:49:41 | 002,883,584 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT
[2011.05.24 15:53:32 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.24 15:53:32 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.24 15:53:24 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011.05.24 15:53:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.24 15:31:06 | 000,524,288 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2011.05.24 15:31:06 | 000,065,536 | -HS- | M] () -- C:\Users\Admin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.05.24 15:31:03 | 002,928,237 | -H-- | M] () -- C:\Users\Admin\AppData\Local\IconCache.db
[2011.05.24 14:31:19 | 000,119,296 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.24 13:25:01 | 000,003,731 | ---- | M] () -- C:\Users\Admin\Desktop\10202
[2011.05.23 20:53:33 | 000,648,704 | ---- | M] () -- C:\Users\Admin\Desktop\MicrosoftFixit50267.msi
[2011.05.19 17:33:35 | 000,030,208 | ---- | M] () -- C:\Windows\System32\msdt32.dll
[2011.05.17 17:50:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.17 16:36:51 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011.05.17 16:36:51 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.05.17 16:36:51 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.05.17 16:36:51 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.05.17 16:36:51 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.29 18:58:14 | 090,535,118 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2011.05.24 13:25:01 | 000,003,731 | ---- | C] () -- C:\Users\Admin\Desktop\10202
[2011.05.23 20:53:30 | 000,648,704 | ---- | C] () -- C:\Users\Admin\Desktop\MicrosoftFixit50267.msi
[2011.05.19 17:33:34 | 000,030,208 | ---- | C] () -- C:\Windows\System32\msdt32.dll
[2011.04.29 18:58:14 | 090,535,118 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.03.20 22:39:54 | 000,017,408 | ---- | C] () -- C:\Users\Admin\AppData\Local\WebpageIcons.db
[2010.12.30 19:22:40 | 000,374,272 | ---- | C] () -- C:\Windows\mss32.dll
[2010.02.19 16:37:07 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.02.16 17:25:51 | 000,436,792 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.13 12:57:56 | 000,000,032 | ---- | C] () -- C:\Windows\System32\Mlkf.dll
[2010.01.16 14:00:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.01.16 14:00:40 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.12.19 18:44:25 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.11.08 15:32:48 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2009.10.22 13:40:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.08 18:08:48 | 000,554,496 | ---- | C] () -- C:\Windows\System32\dvmsg.dll
[2009.05.21 12:00:04 | 000,024,206 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2009.05.20 18:25:30 | 000,119,296 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.04 21:43:41 | 000,000,680 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2009.04.22 01:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.02.02 15:01:32 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI

========== LOP Check ==========

[2011.05.21 17:25:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.minecraft
[2011.05.09 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2009.11.24 17:01:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org
[2011.04.10 15:44:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TeamViewer
[2010.10.31 15:00:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Teeworlds
[2011.01.02 15:25:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2011.05.24 15:31:10 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.24 16:51:33 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job

========== Purity Check ==========


< End of report >
Ich hoffe ihr Könnt mir helfen


Mit Freundlich Grüßen


PSIch frag mich was die Teeworlds Server Angaben da machen ich habe das Ding schon seit Zeiten nicht mehr göffnet)

Alt 24.05.2011, 20:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 25.05.2011, 16:47   #3
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Ohman die hab ich einmal gelöscht .....
Das waren aber nur welche von einem dahmaligen Virenfund mehr nicht ......
ich werde mal gucken ob ich sie noch habe :S

//EDIT
also ich habe einige gefunden es wurde in den die vorhanden sind nicht eine infizierte Datei gefunden , weil es auch oft nur Scans von einzelnen Datein sind.
Es handelt sich hierbei um 12 Log die ich leider hier nicht Uploaden kann da .rar oder .7zip Datein nicht unterstützt werden :S
__________________

Geändert von RB_Gambler (25.05.2011 um 17:09 Uhr)

Alt 25.05.2011, 17:11   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2011, 17:39   #5
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



So ich habe den Suchlauf gemacht und er hat auch was verdächtiges gefunden .... wie man im Log auch sieht hab ich mit dem Eintrag noch nichts gemacht da ich keine vielleicht wichtigen Daten zerstören will .
Also ich kann auf alles zugreifen werde das Unhide-Tool dennoch starten !

Zitat:
2011/05/25 17:33:22.0483 3224 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 17:33:22.0795 3224 ================================================================================
2011/05/25 17:33:22.0795 3224 SystemInfo:
2011/05/25 17:33:22.0795 3224
2011/05/25 17:33:22.0795 3224 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/25 17:33:22.0795 3224 Product type: Workstation
2011/05/25 17:33:22.0795 3224 ComputerName: RB_GAMBLER
2011/05/25 17:33:22.0795 3224 UserName: Admin
2011/05/25 17:33:22.0795 3224 Windows directory: C:\Windows
2011/05/25 17:33:22.0795 3224 System windows directory: C:\Windows
2011/05/25 17:33:22.0795 3224 Processor architecture: Intel x86
2011/05/25 17:33:22.0795 3224 Number of processors: 2
2011/05/25 17:33:22.0795 3224 Page size: 0x1000
2011/05/25 17:33:22.0795 3224 Boot type: Normal boot
2011/05/25 17:33:22.0795 3224 ================================================================================
2011/05/25 17:33:24.0620 3224 Initialize success
2011/05/25 17:33:27.0226 1052 ================================================================================
2011/05/25 17:33:27.0226 1052 Scan started
2011/05/25 17:33:27.0226 1052 Mode: Manual;
2011/05/25 17:33:27.0226 1052 ================================================================================
2011/05/25 17:33:29.0082 1052 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/25 17:33:29.0316 1052 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/25 17:33:29.0378 1052 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/25 17:33:29.0488 1052 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/25 17:33:29.0628 1052 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/25 17:33:29.0768 1052 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/25 17:33:29.0846 1052 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/05/25 17:33:29.0940 1052 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/25 17:33:30.0049 1052 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/05/25 17:33:30.0112 1052 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/05/25 17:33:30.0205 1052 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/05/25 17:33:30.0268 1052 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/25 17:33:30.0330 1052 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/25 17:33:30.0455 1052 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/25 17:33:30.0564 1052 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/25 17:33:30.0673 1052 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
2011/05/25 17:33:30.0767 1052 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/25 17:33:30.0845 1052 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/25 17:33:31.0079 1052 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys
2011/05/25 17:33:31.0781 1052 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 17:33:32.0046 1052 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/25 17:33:32.0218 1052 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/25 17:33:32.0452 1052 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/25 17:33:32.0545 1052 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/25 17:33:32.0654 1052 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/25 17:33:32.0748 1052 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/25 17:33:32.0826 1052 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/25 17:33:32.0904 1052 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/25 17:33:32.0982 1052 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/25 17:33:33.0091 1052 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/25 17:33:33.0169 1052 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/25 17:33:33.0216 1052 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/25 17:33:33.0450 1052 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/25 17:33:33.0528 1052 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/25 17:33:33.0606 1052 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/25 17:33:33.0684 1052 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/25 17:33:33.0793 1052 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/25 17:33:33.0887 1052 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/05/25 17:33:33.0934 1052 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/25 17:33:34.0105 1052 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/25 17:33:34.0246 1052 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/25 17:33:34.0495 1052 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/25 17:33:34.0604 1052 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/25 17:33:34.0729 1052 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/25 17:33:34.0823 1052 dsreader (05a74d2be6f493c65d7221d1d0e8a23c) C:\Windows\system32\Drivers\dsreader.sys
2011/05/25 17:33:34.0979 1052 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/25 17:33:35.0072 1052 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/25 17:33:35.0182 1052 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/25 17:33:35.0291 1052 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/25 17:33:35.0447 1052 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/25 17:33:35.0509 1052 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/25 17:33:35.0556 1052 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/25 17:33:35.0665 1052 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/25 17:33:35.0728 1052 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/25 17:33:35.0774 1052 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/25 17:33:35.0868 1052 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/25 17:33:35.0977 1052 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/25 17:33:36.0040 1052 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/25 17:33:36.0102 1052 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/05/25 17:33:36.0227 1052 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/05/25 17:33:36.0305 1052 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/25 17:33:36.0383 1052 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/25 17:33:36.0461 1052 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/25 17:33:36.0523 1052 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/25 17:33:36.0617 1052 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/25 17:33:36.0679 1052 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/25 17:33:36.0773 1052 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/25 17:33:36.0835 1052 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/25 17:33:36.0913 1052 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/25 17:33:36.0976 1052 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/25 17:33:37.0054 1052 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/25 17:33:37.0225 1052 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/25 17:33:37.0366 1052 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/05/25 17:33:37.0428 1052 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/25 17:33:37.0522 1052 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/25 17:33:37.0709 1052 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/25 17:33:37.0818 1052 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/25 17:33:37.0896 1052 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/25 17:33:37.0958 1052 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/05/25 17:33:38.0068 1052 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/25 17:33:38.0286 1052 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/25 17:33:38.0380 1052 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/25 17:33:38.0551 1052 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/25 17:33:38.0723 1052 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
2011/05/25 17:33:38.0894 1052 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/25 17:33:39.0206 1052 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\Windows\system32\drivers\libusb0.sys
2011/05/25 17:33:39.0284 1052 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/25 17:33:39.0487 1052 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/25 17:33:39.0581 1052 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/25 17:33:39.0643 1052 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/25 17:33:39.0815 1052 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/25 17:33:39.0908 1052 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/25 17:33:40.0049 1052 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/25 17:33:40.0174 1052 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/25 17:33:40.0345 1052 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/25 17:33:40.0454 1052 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/25 17:33:40.0579 1052 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/25 17:33:40.0657 1052 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/25 17:33:40.0782 1052 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/25 17:33:40.0891 1052 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/25 17:33:41.0032 1052 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/25 17:33:41.0203 1052 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/25 17:33:41.0250 1052 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/25 17:33:41.0328 1052 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/25 17:33:41.0390 1052 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/05/25 17:33:41.0468 1052 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/25 17:33:41.0624 1052 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/25 17:33:41.0702 1052 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/25 17:33:41.0874 1052 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/25 17:33:41.0983 1052 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/25 17:33:42.0046 1052 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/25 17:33:42.0124 1052 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/25 17:33:42.0202 1052 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/25 17:33:42.0342 1052 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/25 17:33:42.0420 1052 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/25 17:33:42.0529 1052 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/25 17:33:42.0654 1052 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/25 17:33:42.0748 1052 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/25 17:33:42.0857 1052 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/25 17:33:42.0966 1052 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/25 17:33:43.0060 1052 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/25 17:33:43.0138 1052 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/25 17:33:43.0325 1052 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/25 17:33:43.0684 1052 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/25 17:33:43.0808 1052 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/25 17:33:43.0902 1052 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/25 17:33:44.0214 1052 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/25 17:33:44.0308 1052 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/25 17:33:44.0370 1052 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/25 17:33:44.0417 1052 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
2011/05/25 17:33:44.0510 1052 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
2011/05/25 17:33:44.0651 1052 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/05/25 17:33:44.0854 1052 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/25 17:33:44.0994 1052 PAC207 (dca942c0a19a0ad2abcd9acf94eb4b10) C:\Windows\system32\DRIVERS\PFC027.SYS
2011/05/25 17:33:45.0072 1052 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/25 17:33:45.0150 1052 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/25 17:33:45.0212 1052 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/25 17:33:45.0275 1052 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/25 17:33:45.0368 1052 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/25 17:33:45.0431 1052 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/25 17:33:45.0524 1052 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/25 17:33:45.0992 1052 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/25 17:33:46.0070 1052 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/25 17:33:46.0258 1052 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/25 17:33:46.0523 1052 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/25 17:33:46.0616 1052 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/25 17:33:46.0694 1052 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/25 17:33:47.0069 1052 R300 (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/25 17:33:47.0303 1052 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/25 17:33:47.0412 1052 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/25 17:33:47.0521 1052 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/25 17:33:47.0646 1052 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/25 17:33:47.0802 1052 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/25 17:33:47.0880 1052 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/25 17:33:48.0052 1052 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/05/25 17:33:48.0098 1052 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/25 17:33:48.0317 1052 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/25 17:33:48.0504 1052 RRamdisk (3762a37c7ddd4afce6bd75aef790a920) C:\Windows\system32\DRIVERS\rramdisk.sys
2011/05/25 17:33:48.0582 1052 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/25 17:33:48.0707 1052 RTL8169 (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/25 17:33:48.0816 1052 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/25 17:33:48.0863 1052 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/25 17:33:48.0941 1052 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/25 17:33:49.0112 1052 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/25 17:33:49.0222 1052 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/25 17:33:49.0284 1052 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/25 17:33:49.0378 1052 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/25 17:33:49.0596 1052 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/05/25 17:33:49.0643 1052 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/25 17:33:49.0721 1052 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/25 17:33:49.0799 1052 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/25 17:33:49.0970 1052 SilverLink (392834adb35deb199b03ae6a6caab23a) C:\Windows\system32\Drivers\SilvrLnk.sys
2011/05/25 17:33:50.0048 1052 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/05/25 17:33:50.0095 1052 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/25 17:33:50.0158 1052 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/25 17:33:50.0376 1052 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/25 17:33:50.0672 1052 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2011/05/25 17:33:50.0875 1052 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/25 17:33:50.0984 1052 sptd (a199171385be17973fd800fa91f8f78a) C:\Windows\system32\Drivers\sptd.sys
2011/05/25 17:33:50.0984 1052 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: a199171385be17973fd800fa91f8f78a
2011/05/25 17:33:51.0016 1052 sptd - detected LockedFile.Multi.Generic (1)
2011/05/25 17:33:51.0140 1052 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/25 17:33:51.0203 1052 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/25 17:33:51.0406 1052 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/25 17:33:51.0655 1052 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/25 17:33:51.0749 1052 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/25 17:33:51.0874 1052 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/25 17:33:51.0952 1052 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/25 17:33:52.0014 1052 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/25 17:33:52.0217 1052 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/25 17:33:52.0326 1052 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/25 17:33:52.0435 1052 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/25 17:33:52.0513 1052 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/25 17:33:52.0591 1052 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/25 17:33:52.0716 1052 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/25 17:33:52.0810 1052 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/25 17:33:53.0106 1052 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/25 17:33:53.0215 1052 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/25 17:33:53.0356 1052 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/25 17:33:53.0434 1052 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/25 17:33:53.0605 1052 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/25 17:33:53.0746 1052 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/25 17:33:53.0902 1052 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/25 17:33:53.0980 1052 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/25 17:33:54.0120 1052 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/25 17:33:54.0229 1052 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/25 17:33:54.0354 1052 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2011/05/25 17:33:54.0650 1052 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/25 17:33:54.0775 1052 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/25 17:33:54.0869 1052 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/25 17:33:54.0947 1052 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/25 17:33:55.0025 1052 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/25 17:33:55.0134 1052 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/25 17:33:55.0196 1052 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/25 17:33:55.0259 1052 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/25 17:33:55.0321 1052 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/25 17:33:55.0446 1052 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/25 17:33:55.0524 1052 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/25 17:33:55.0618 1052 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/05/25 17:33:55.0711 1052 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/25 17:33:55.0789 1052 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/05/25 17:33:55.0867 1052 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/25 17:33:55.0930 1052 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/25 17:33:55.0992 1052 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/25 17:33:56.0101 1052 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/25 17:33:56.0273 1052 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/25 17:33:56.0335 1052 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 17:33:56.0366 1052 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/25 17:33:56.0476 1052 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/25 17:33:56.0554 1052 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/25 17:33:56.0928 1052 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/25 17:33:57.0084 1052 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/25 17:33:57.0162 1052 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/25 17:33:57.0334 1052 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/25 17:33:57.0646 1052 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/25 17:33:57.0677 1052 ================================================================================
2011/05/25 17:33:57.0677 1052 Scan finished
2011/05/25 17:33:57.0677 1052 ================================================================================
2011/05/25 17:33:57.0724 1796 Detected object count: 1
2011/05/25 17:33:57.0724 1796 Actual detected object count: 1
2011/05/25 17:34:20.0905 1796 LockedFile.Multi.Generic(sptd) - User select action: Skip


Alt 25.05.2011, 19:22   #6
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Leider ist die 1 Stundenfrist für das Editieren vom Beitrag vergangen, deshalb der doppelte Post.

Ich hab ein neues Syntome entdeckt und zwar manchmal wenn ich die Website:
Zitat:
www.giga.de
besuche werde ich auf eine Bigpoint-Browsergameseite umgeleitet , da ich der obrigen Website vertraue und diese auch sehr serious ist vermute ich das der Virus/Rootkit hier seine Finger im Spiel hat :S

Alt 25.05.2011, 22:23   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.05.2011, 17:35   #8
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



So der Scan lief ohne Probleme durch
und hier ist er auch (beidem Scan von Kaspersky vorhin sollte ich die Datei nicht löschen oder ? )

..... mir ist was aufgefallen nachdem Scan mit ComboFix brauch ich , wenn ich ein Programm als Administrator
starte, keine Bestätigung (Fortsetzen oder Abbrechen) mehr zu drücken

Zitat:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-25.03 - Admin 26.05.2011  17:11:02.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1917.1229 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\fldlckun.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-26 bis 2011-05-26  ))))))))))))))))))))))))))))))
.
.
2011-05-26 15:20 . 2011-05-26 15:21	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2011-05-26 15:20 . 2011-05-26 15:20	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-05-26 15:20 . 2011-05-26 15:20	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2011-05-26 15:20 . 2011-05-26 15:20	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-05-26 15:20 . 2011-05-26 15:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-25 15:02 . 2011-05-25 15:02	--------	d-----w-	c:\program files\7-Zip
2011-05-24 17:41 . 2011-05-26 14:40	--------	d-----r-	c:\users\Admin\Dropbox
2011-05-24 17:38 . 2011-05-26 14:40	--------	d-----w-	c:\users\Admin\AppData\Roaming\Dropbox
2011-05-24 14:34 . 2011-05-24 14:34	--------	d-----w-	c:\users\Admin\AppData\Local\DDMSettings
2011-05-24 11:17 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0C71CC3-81A4-4567-A868-2EA488CAF5C3}\mpengine.dll
2011-05-19 15:48 . 2011-05-21 15:36	--------	d-----w-	c:\users\Admin\AppData\Roaming\DivX
2011-05-19 15:47 . 2011-05-19 15:47	--------	d-----w-	c:\program files\Common Files\DivX Shared
2011-05-19 15:45 . 2011-05-19 15:48	--------	d-----w-	c:\program files\DivX
2011-05-19 15:33 . 2011-05-19 15:33	30208	----a-w-	c:\windows\system32\msdt32.dll
2011-05-17 15:50 . 2011-05-17 15:50	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 09:50 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 08:29 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 08:29 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 08:28 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 15:44 . 2009-05-16 17:52	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 21:44	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 21:44	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 21:44	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 08:29	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 08:29	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 08:29	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 08:29	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 21:44	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 21:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-30 08:15 . 2011-04-14 16:41	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-21 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\Drivers\dsreader.sys [2001-01-02 19677]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 XDva362;XDva362;c:\windows\system32\XDva362.sys [x]
R3 XDva370;XDva370;c:\windows\system32\XDva370.sys [x]
R3 XDva380;XDva380;c:\windows\system32\XDva380.sys [x]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-14 436792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-26 c:\windows\Tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://uk.ign.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-26 17:21
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
.
c:\windows\TEMP\TMP0000006AF27FA735590BB416 524288 bytes
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 1
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1175276797-2601807085-756336648-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7F93640-397B-A91D-B9D4-576FCE95F75A}*]
"pafmdmgopkhknaieoehjbfehodboemip"=hex:6b,61,70,66,6f,6d,6b,6b,64,6d,6f,70,65,
   6b,6d,66,6e,68,69,68,67,6d,00,00
"ablmcghpmjhmdphkceeamdamdmncimjmca"=hex:6a,61,61,67,6d,6f,65,6e,64,66,6a,6b,
   63,65,6b,6a,6e,61,64,66,00,e2
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-05-26  17:27:08
ComboFix-quarantined-files.txt  2011-05-26 15:27
ComboFix2.txt  2010-09-16 18:45
.
Vor Suchlauf: 13 Verzeichnis(se), 22.608.879.616 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 24.684.273.664 Bytes frei
.
- - End Of File - - A3CE8CA38571DB304280A03AE92764B0
         
--- --- ---

Geändert von RB_Gambler (26.05.2011 um 17:49 Uhr)

Alt 26.05.2011, 20:23   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Nach CF erstmal den Rechner neu starten, bestimmte Sachen laufen dann nicht immer wie gewohnt. Anschließend gehts weiter:

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Regnull::
[HKEY_USERS\S-1-5-21-1175276797-2601807085-756336648-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F7F93640-397B-A91D-B9D4-576FCE95F75A}*]

File::
c:\windows\system32\XDva362.sys
c:\windows\system32\XDva370.sys
c:\windows\system32\XDva380.sys

Driver::
XDva362
XDva370
XDva380
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.05.2011, 21:20   #10
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Müsste eigentlich alles geklappt haben hier ist auch schon der Log !

Zitat:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-25.03 - Admin 26.05.2011  20:51:47.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1917.1281 [GMT 2:00]
ausgeführt von:: c:\users\Admin\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\Admin\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\XDva362.sys"
"c:\windows\system32\XDva370.sys"
"c:\windows\system32\XDva380.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_XDVA362
-------\Legacy_XDVA370
-------\Legacy_XDVA380
-------\Service_XDva362
-------\Service_XDva370
-------\Service_XDva380
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-26 bis 2011-05-26  ))))))))))))))))))))))))))))))
.
.
2011-05-26 19:04 . 2011-05-26 19:06	--------	d-----w-	c:\users\Admin\AppData\Local\temp
2011-05-26 19:04 . 2011-05-26 19:04	--------	d-----w-	c:\users\Public\AppData\Local\temp
2011-05-26 19:04 . 2011-05-26 19:04	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2011-05-26 19:04 . 2011-05-26 19:04	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-05-26 19:04 . 2011-05-26 19:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-26 18:47 . 2011-05-26 18:48	--------	d-----w-	C:\cofi7881c
2011-05-26 15:06 . 2011-05-26 15:27	--------	d-----w-	C:\cofi29779c
2011-05-25 15:02 . 2011-05-25 15:02	--------	d-----w-	c:\program files\7-Zip
2011-05-24 17:41 . 2011-05-26 18:41	--------	d-----r-	c:\users\Admin\Dropbox
2011-05-24 17:38 . 2011-05-26 18:41	--------	d-----w-	c:\users\Admin\AppData\Roaming\Dropbox
2011-05-24 14:34 . 2011-05-24 14:34	--------	d-----w-	c:\users\Admin\AppData\Local\DDMSettings
2011-05-24 11:17 . 2011-05-09 20:46	6962000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F0C71CC3-81A4-4567-A868-2EA488CAF5C3}\mpengine.dll
2011-05-19 15:48 . 2011-05-21 15:36	--------	d-----w-	c:\users\Admin\AppData\Roaming\DivX
2011-05-19 15:47 . 2011-05-19 15:47	--------	d-----w-	c:\program files\Common Files\DivX Shared
2011-05-19 15:45 . 2011-05-19 15:48	--------	d-----w-	c:\program files\DivX
2011-05-19 15:33 . 2011-05-19 15:33	30208	----a-w-	c:\windows\system32\msdt32.dll
2011-05-17 15:50 . 2011-05-17 15:50	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 09:50 . 2011-04-07 12:01	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-04-28 08:29 . 2011-03-03 15:40	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-04-28 08:29 . 2011-03-03 13:35	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 08:28 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 15:44 . 2009-05-16 17:52	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-10 17:03 . 2011-04-15 21:44	1162240	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 21:44	1136640	----a-w-	c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 21:44	739328	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 08:29	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 08:29	542720	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 08:29	458752	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 08:29	2159616	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 21:44	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 21:44	86528	----a-w-	c:\windows\system32\dnsrslvr.dll
2011-04-30 08:15 . 2011-04-14 16:41	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-10 281768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-21 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 dsreader;MaxDrive Driver (dsreader.sys);c:\windows\system32\Drivers\dsreader.sys [2001-01-02 19677]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RRamdisk;Ramdisk Driver;c:\windows\system32\DRIVERS\rramdisk.sys [2003-12-09 10368]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-14 436792]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-18 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-02 136360]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-01 2271608]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-26 c:\windows\Tasks\User_Feed_Synchronization-{E344691F-2FFF-42F0-ADBE-68C5906C099B}.job
- c:\windows\system32\msfeedssync.exe [2011-04-15 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\phcr2h4c.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://uk.ign.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(868)
c:\users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-26  21:13:25 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-26 19:12
ComboFix2.txt  2011-05-26 15:27
ComboFix3.txt  2010-09-16 18:45
.
Vor Suchlauf: 14 Verzeichnis(se), 24.702.091.264 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 24.479.338.496 Bytes frei
.
- - End Of File - - B3CA2CFB9780FC513236497163F123BC
         
--- --- ---

Alt 26.05.2011, 21:33   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2011, 16:20   #12
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



So die Logs sind hier ! nur gibt es ein Problem der Link für die MBRCheck.exe funktioniert nicht und das nicht nur auf dem infizierten PC !?


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:06:55 on 27.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 4.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"TIControlPanel.cpl" - "Texas Instruments Incorporated" - C:\Windows\system32\TIControlPanel.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a97kuy8z" (a97kuy8z) - "Microsoft Corporation" - C:\Windows\system32\drivers\a97kuy8z.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi22193c\catchme.sys  (File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys  (File not found)
"LibUsb-Win32 - Kernel Driver, Version 0.1.10.1" (libusb0) - ? - C:\Windows\System32\drivers\libusb0.sys
"MaxDrive Driver (dsreader.sys)" (dsreader) - "Thesycon GmbH, Germany" - C:\Windows\System32\Drivers\dsreader.sys
"MotioninJoy USB Filter Driver" (MotioninJoyUSBFilter) - ? - C:\Windows\System32\DRIVERS\MijUfilt.sys  (File not found)
"Ramdisk Driver" (RRamdisk) - "gavotte" - C:\Windows\System32\DRIVERS\rramdisk.sys
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{28465D9A-DE2F-4627-B520-29968CC3C372} "FaJo XP File Security Extension" - ? -   (File not found | COM-object registry key not found)
{3FCEF010-09A4-11D4-8D3B-D12F9D3D8B02} "FileTimeShlExt Class" - "Texas Instruments Incorporated" - C:\PROGRA~1\COMMON~1\TISHAR~1\TICONN~1\TIShlExt.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\netsession_win_8832f4b.dll  (File found, but it contains no detailed information)
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"LckFldService" (LckFldService) - ? - C:\Windows\system32\LckFldService.exe  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"TeamViewer 6" (TeamViewer6) - "TeamViewer GmbH" - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15627 - hxxp://www.gmer.net
Rootkit scan 2011-05-27 15:52:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-07RST0 rev.04.01G04
Running: dteke983.exe; Driver: C:\Users\Admin\AppData\Local\Temp\ugtiauod.sys


---- System - GMER 1.0.15 ----

INT 0x51  ?                                                                                                                   84777CC8
INT 0x62  ?                                                                                                                   860E2F00
INT 0x72  ?                                                                                                                   860E2F00
INT 0x92  ?                                                                                                                   860E2F00
INT 0xA2  ?                                                                                                                   84777CC8
INT 0xB2  ?                                                                                                                   84777CC8

---- Kernel code sections - GMER 1.0.15 ----

.text     sptd.sys                                                                                                            80609000 32 Bytes  [06, 51, 5E, 82, 60, BF, 5D, ...]
.text     sptd.sys                                                                                                            80609024 4 Bytes  [D2, 83, 73, 80]
.text     sptd.sys                                                                                                            8060902C 100 Bytes  [92, 45, 43, 82, F3, C8, 3C, ...]
.text     sptd.sys                                                                                                            80609091 99 Bytes  [71, 26, 82, 81, BB, 2C, 82, ...]
.text     sptd.sys                                                                                                            806090F5 23 Bytes  [38, 26, 82, FB, 10, 23, 82, ...]
.text     ...                                                                                                                 
.sptd2    C:\Windows\System32\Drivers\sptd.sys                                                                                entry point in ".sptd2" section [0x80700D38]
?         C:\Windows\System32\Drivers\sptd.sys                                                                                Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text     C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8BC07000, 0x267978, 0xE8000020]
.text     USBPORT.SYS!DllUnload                                                                                               87D7241B 5 Bytes  JMP 860E2410 
.text     a1k9ck7v.SYS                                                                                                        8337D000 47 Bytes  [82, F3, 5D, 82, 6C, F2, 5D, ...]
.text     a1k9ck7v.SYS                                                                                                        8337D031 147 Bytes  [38, 26, 82, 55, 50, 24, 82, ...]
.text     a1k9ck7v.SYS                                                                                                        8337D0C6 17 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP}
.text     a1k9ck7v.SYS                                                                                                        8337D0D8 14 Bytes  [00, 00, 00, 00, 02, 00, 00, ...]
.text     a1k9ck7v.SYS                                                                                                        8337D0E7 31 Bytes  [00, F0, 0E, 00, 00, 00, 00, ...]
.text     ...                                                                                                                 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                           [8060AFE0] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                           [8060A574] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                            [8060A0C0] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                    [8060B1BC] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]                                           [8060A2A4] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                     [8060A362] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [8061F312] \SystemRoot\System32\Drivers\sptd.sys
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[HAL.dll!KfAcquireSpinLock]                                                00005500
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[HAL.dll!KfReleaseSpinLock]                                                00008C00
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[storport.sys!StorPortPauseDevice]                                         00008900
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[storport.sys!StorPortResumeDevice]                                        00000D00
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[storport.sys!StorPortInitialize]                                          0000BF00
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[storport.sys!StorPortNotification]                                        0000E600
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[TDI.SYS!TdiDeregisterPnPHandlers]                                         00004100
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[TDI.SYS!TdiRegisterPnPHandlers]                                           00009900
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[NETIO.SYS!WskDeregister]                                                  00000F00
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[NETIO.SYS!WskReleaseProviderNPI]                                          0000B000
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[NETIO.SYS!WskRegister]                                                    00005400
IAT       \SystemRoot\System32\Drivers\a1k9ck7v.SYS[NETIO.SYS!WskCaptureProviderNPI]                                          0000BB00

---- Devices - GMER 1.0.15 ----

Device    \FileSystem\Ntfs \Ntfs                                                                                              8477E1F8
Device    \Driver\PCI_PNP1061 \Device\00000050                                                                                sptd.sys
Device    \Driver\usbohci \Device\USBPDO-0                                                                                    8612A408
Device    \Driver\usbohci \Device\USBPDO-1                                                                                    8612A408
Device    \Driver\usbohci \Device\USBPDO-2                                                                                    8612A408
Device    \Driver\usbohci \Device\USBPDO-3                                                                                    8612A408
Device    \Driver\usbehci \Device\USBPDO-4                                                                                    8612F1F8
Device    \Driver\cdrom \Device\CdRom0                                                                                        860701F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0                                                                         8477D1F8
Device    \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                         8477D1F8
Device    \Driver\atapi \Device\Ide\IdePort0                                                                                  8477D1F8
Device    \Driver\atapi \Device\Ide\IdePort1                                                                                  8477D1F8
Device    \Driver\atapi \Device\Ide\IdePort2                                                                                  8477D1F8
Device    \Driver\atapi \Device\Ide\IdePort3                                                                                  8477D1F8
Device    \Driver\cdrom \Device\CdRom1                                                                                        860701F8
Device    \Driver\netbt \Device\NetBt_Wins_Export                                                                             86A4E1F8
Device    \Driver\Smb \Device\NetbiosSmb                                                                                      86A4B1F8
Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                  861831F8
Device    \Driver\netbt \Device\NetBT_Tcpip_{03AD2141-CF51-40FA-A3E5-75110B2ABED2}                                            86A4E1F8
Device    \Driver\usbohci \Device\USBFDO-0                                                                                    8612A408
Device    \Driver\usbohci \Device\USBFDO-1                                                                                    8612A408
Device    \Driver\netbt \Device\NetBT_Tcpip_{BE7EF4AC-ED0A-42B6-AEB5-8B84CCDF879D}                                            86A4E1F8
Device    \Driver\usbohci \Device\USBFDO-2                                                                                    8612A408
Device    \Driver\usbohci \Device\USBFDO-3                                                                                    8612A408
Device    \Driver\usbehci \Device\USBFDO-4                                                                                    8612F1F8
Device    \Driver\a1k9ck7v \Device\Scsi\a1k9ck7v1                                                                             861B3430
Device    \Driver\a1k9ck7v \Device\Scsi\a1k9ck7v1Port5Path0Target0Lun0                                                        861B3430
Device    \FileSystem\cdfs \Cdfs                                                                                              8741A1F8

---- Registry - GMER 1.0.15 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  2
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xDF 0x9F 0x0C 0xF7 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x75 0xE6 0xAE 0x44 ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x6B 0x19 0x8A 0xBF ...
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                    
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                 1
Reg       HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                              0x52 0xEF 0xAA 0xDB ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xDF 0x9F 0x0C 0xF7 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x75 0xE6 0xAE 0x44 ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x6B 0x19 0x8A 0xBF ...
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                     1
Reg       HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                  0x52 0xEF 0xAA 0xDB ...

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Geändert von RB_Gambler (27.05.2011 um 16:36 Uhr)

Alt 27.05.2011, 16:53   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



mbrcheck ist gerade down. Müssen wir heute abend nochmal probiere oder ich finde einen Ersatzlink.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 27.05.2011, 17:14   #14
RB_Gambler
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Ja geht klar .... kann ja auch nicht immer alles klappen ... trozdem mach ihr das hier echt einsA !

Alt 27.05.2011, 17:50   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google deutlich langsamer - Standard

Google deutlich langsamer



Hier ist ein Ersatzlink => Computerhilfen.de: Linktipps
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Google deutlich langsamer
ad-aware, akamai, antivir, autorun, avira, bho, browser, corp./icp, desktop, error, firefox, flash player, fontcache, freundlich, google, hijack, home, iexplore.exe, jdownloader, launch, libusb0.sys, logfile, monitor.exe, mozilla, nodrives, nvstor.sys, oldtimer, realtek, registry, rundll, sched.exe, searchplugins, security, server, shell32.dll, software, sptd.sys, svchost.exe, vista



Ähnliche Themen: Google deutlich langsamer


  1. Laptop läuft seit Kurzem deutlich langsamer
    Plagegeister aller Art und deren Bekämpfung - 22.06.2015 (9)
  2. Symantec-Meldung "NTOSKRNL.EXE", System bootet auch deutlich langsamer
    Log-Analyse und Auswertung - 20.05.2015 (15)
  3. Windows 7:Computer deutlich langsamer geworden
    Log-Analyse und Auswertung - 17.10.2014 (3)
  4. Rechner nach ein paar Monaten deutlich langsamer - Trojaner?
    Log-Analyse und Auswertung - 09.06.2014 (7)
  5. Windows 8: Laptop plötzlich deutlich langsamer
    Log-Analyse und Auswertung - 22.03.2014 (7)
  6. Netbook deutlich langsamer ohne erkennbaren Grund - Evtl. Lüfter kaputt?
    Log-Analyse und Auswertung - 06.01.2014 (9)
  7. win32/small.ca + deutlich verlangsamter PC
    Log-Analyse und Auswertung - 17.08.2013 (14)
  8. Computer deutlich langsamer; wirklich ein Virus/Malware?
    Log-Analyse und Auswertung - 18.04.2012 (15)
  9. IP aus Slovenien,Google Capture,Leeres Internet oder langsamer Seitenaufbau
    Plagegeister aller Art und deren Bekämpfung - 14.04.2012 (2)
  10. Avira meldet skype.exe als Malware - Rechner deutlich langsamer - Logfiles fehlerfrei
    Plagegeister aller Art und deren Bekämpfung - 15.01.2012 (2)
  11. google öffnet falsche seiten, firefox startet langsamer
    Plagegeister aller Art und deren Bekämpfung - 29.07.2011 (17)
  12. Internet deutlich langsamer (DSLtest=700DSL, ich habe=6000DSL)
    Log-Analyse und Auswertung - 22.03.2011 (14)
  13. Hilfe !!! Mein Laptop 64bit, Google Chrom, Windows 7 wird immer langsamer
    Plagegeister aller Art und deren Bekämpfung - 24.02.2011 (1)
  14. Links bei Google werden umgeleitet und Internet scheint allgemein langsamer/stockend
    Log-Analyse und Auswertung - 20.11.2010 (9)
  15. Langsamer Laptop falsche google verbindungen
    Log-Analyse und Auswertung - 24.01.2010 (1)
  16. PC langsamer und Google leitet auf diverse unseriöse Seiten weiter
    Plagegeister aller Art und deren Bekämpfung - 17.12.2009 (5)
  17. Mikro am Headset deutlich zu leise
    Netzwerk und Hardware - 24.08.2009 (11)

Zum Thema Google deutlich langsamer - Hallo Trojaner-Board-Team In letzter Zeit ist mir aufgefallen das speziel die Googlesuche und andere Internetdienste um einiges langsamer sind , machmal klappt die Googlesuche sogar nach 3-4min. nicht ,was aber - Google deutlich langsamer...
Archiv
Du betrachtest: Google deutlich langsamer auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.