| |
| |||||||
Log-Analyse und Auswertung: dcom server prozessstart unerwartet beendetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.01.2010, 21:18
| #3 |
 |  dcom server prozessstart unerwartet beendet Hey Chris,
__________________danke für die schnelle Hilfe. Also ich hab das jetzt mal Stück für Stück abgearbeitet: Virtustotal laufen lassen und dabei folgenden Bericht erhalten: MD5: f8fb8401761d72b39ebc2fee9a2aa978 First received: 2009.07.20 01:05:13 UTC Datum 2010.01.04 15:43:02 UTC [>19D] Ergebnisse 1/40 Permalink: analisis/c8498601ad23ecf3e3071838f846949b1fdcf5eafa2095f90cb193db1e171286-1262619782 Dies hat aber nur bei der Datei C:\fsc-reg\fscreg.exe funktioniert. Die anderen Dateien waren nicht vorhanden. Ich glaube aber, daß die vielleicht mein Virenscanner entfernt hat, bevor ich HijackThis laufen lassen habe. Avenger laufen lassen mit folgendem Bericht: Logfile of The Avenger Version 2.0, (c) by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows Vista ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. Hidden driver "oezdqdq" found! ImagePath: system32\drivers\erpmneec.sys Start Type: 0 (Boot) Rootkit scan completed. Warning: Invalid contents in ServiceGroupOrder key! There may be a driver loading earlier than Avenger! Error: file "C:\Windows\system32\lsnccq.exe" not found! Deletion of file "C:\Windows\system32\lsnccq.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\ssjitsys32.exe" not found! Deletion of file "C:\Windows\system32\ssjitsys32.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\psiomcp.exe" not found! Deletion of file "C:\Windows\system32\psiomcp.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\qodesnaq.exe" not found! Deletion of file "C:\Windows\system32\qodesnaq.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\eyclcm.exe" not found! Deletion of file "C:\Windows\system32\eyclcm.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\primndd.exe" not found! Deletion of file "C:\Windows\system32\primndd.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Windows\system32\yhsgmmw.exe" not found! Deletion of file "C:\Windows\system32\yhsgmmw.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. Anschließend HijackThis aufgemacht und die Dateien gefixt. Folgende Dateien waren aber nicht da: O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [ncstatsc] C:\Windows\system32\lsnccq.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [jncontmon] C:\Windows\system32\ssjitsys32.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [udccndw2] C:\Windows\system32\psiomcp.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [qisdrmss] C:\Windows\system32\qodesnaq.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [pqezlr32] C:\Windows\system32\eyclcm.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [mndpro32] C:\Windows\system32\primndd.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [iejdsmm] C:\Windows\system32\yhsgmmw.exe (User '?') O4 - HKUS\S-1-5-21-3617320737-3657223746-2595875988-1000\..\Run: [abdoqad] "c:\users\tom\appdata\local\abdoqad.exe" abdoqad (User '?') Danach hab ich dann Dr. Web durchgeführt. Als ich den Bericht speichern wollte ist aber leider scheiß WindowsVista abgeschmiert. Deswegen hab ich den leider nicht. :-( Er hat paar infizierte Dateien gefunden... das war aber alles Kleinkram meiner Meinung nach, die er dann verschoben hat. Die einzige wichtige Datei die repariert wurde war atapi.sys. Dann hab ich OTL laufen lassen und diese beiden Berichte erhalten: OTL Extras logfile created on: 24.01.2010 20:34:15 - Run 1 OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Tom\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 24,73 Gb Free Space | 26,83% Space Free | Partition Type: NTFS Drive D: | 197,09 Gb Total Space | 197,00 Gb Free Space | 99,95% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-PC Current User Name: Tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0A93ED72-5187-4286-B8F1-5810A49075CB}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{3DD143E3-C14E-4764-907A-3AC355D5A203}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4BC8DCE2-0492-4CE0-9B5F-72F77543C898}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{501D40E9-4341-4E67-BB1A-8542EA7F987E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{575B5F32-7413-45DF-8838-22BAD7DF6AFC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{5B7DFB8A-675E-4530-A2C6-1E2BB400743F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{5D1788EF-FA37-4B90-A0EE-325345A94EB8}" = lport=2869 | protocol=6 | dir=in | app=system | "{748EEF39-F939-44E5-8CBF-7B321DE0158B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{7F8F5F50-8741-4BCF-A286-F3CC51EF7EF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{85CDC046-7CD7-45BF-9507-04CECAE1D0C5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{8C816338-C0BF-4903-AE82-1F0E0CE873E5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{9B8497DF-4C09-490A-ABC3-58B167453060}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{B3B086BB-2400-4A08-8E32-383D2FEFBCD9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C2EB998F-E824-40D0-8BF5-53567A52AB75}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{C6CEF9DF-2843-447C-B293-3664005AF2F9}" = rport=2869 | protocol=6 | dir=out | app=system | "{DCCD8883-9CCE-4660-85DF-1A9F7AA496EC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E1354BA8-1709-4ED1-9F74-E07FCA598698}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EDC8ED10-0594-4A02-9F61-1D7BC4013F3E}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01D2EEDE-F565-4689-9D0A-EBB75C392794}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | "{08EFC8D9-9B1D-4A1E-9C76-0B647C85532D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{11CBFFF3-DA05-4C4D-B479-8977BA97E627}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | "{2C9A92BB-EAE3-44CA-AB31-CA9AF3087FDB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{338FE4A9-313D-44A0-86E1-5E49FC95CD4E}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4279145C-C7CF-49BA-9CCB-9AB415C2ACA4}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{4F1EB719-6682-458B-8BDC-E5083F2A4FE5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{5658886F-F08F-43CD-8E79-DEC5CFECC9CB}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{73C58589-A678-42EF-A956-C911B807637B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{A6638EB5-E000-4124-BA01-8054872F4CDC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{C156407D-1115-4D9A-A3F6-0EB939B27F61}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CA8CB4F1-176A-4FA9-9FBF-C4024027BCAD}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe | "{D83B9CD4-F91F-4D90-AB51-DF2F16C388BF}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe | "{E35E0C97-8A5C-4FB2-82CC-3497668396E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{E52066B2-B01E-4E2E-A794-8CAF3EAB9290}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "TCP Query User{40EBEFDC-EE27-4940-A07B-4465036C29DF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{661D1CAF-9D93-4321-B01A-CFC00FA55684}C:\users\tom\downloads\mercury\mercury.exe" = protocol=6 | dir=in | app=c:\users\tom\downloads\mercury\mercury.exe | "TCP Query User{9EF3E8A4-3242-49E8-9C8E-78217D21EF57}C:\users\tom\appdata\local\microsoft\windows\temporary internet files\content.ie5\bifb6njq\zerg_reveal_final_german_xvid.avi-downloader[1].exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\microsoft\windows\temporary internet files\content.ie5\bifb6njq\zerg_reveal_final_german_xvid.avi-downloader[1].exe | "TCP Query User{EA624CDE-E0C8-42E6-812F-5A59D30BFF42}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{6806EC3A-6188-475F-B4FA-CB43FAE203CF}C:\users\tom\appdata\local\microsoft\windows\temporary internet files\content.ie5\bifb6njq\zerg_reveal_final_german_xvid.avi-downloader[1].exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\microsoft\windows\temporary internet files\content.ie5\bifb6njq\zerg_reveal_final_german_xvid.avi-downloader[1].exe | "UDP Query User{6D232792-B50B-4F6D-84B3-63805CC80337}C:\users\tom\downloads\mercury\mercury.exe" = protocol=17 | dir=in | app=c:\users\tom\downloads\mercury\mercury.exe | "UDP Query User{DDBA6527-B309-4900-AA5B-C43276C274A0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{F5B82613-815C-40AA-B720-E02E0F77B07C}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2F926AE7-9FB7-4B34-906F-9C29A6D146A7}" = SystemDiagnostics "{373C3C97-2FA9-4E18-85A2-255060C21031}" = Nero 8 Essentials "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX "{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A36B158D-8E9D-4BD3-8BDA-4B5EDC9C2E8C}" = Norman Security Suite "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFC454ED-A26F-4816-826B-C35129D82E1F}" = Fujitsu Siemens Computers Recovery "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Free YouTube Download_is1" = Free YouTube Download 2.3 "Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.2 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "ICQToolbar" = ICQ Toolbar "InstallShield_{6EB4FCC1-B3B7-4599-8921-905D095A49FA}" = Launch Manager "InstallShield_{E6B28CE4-9D73-4B7D-9329-A0ED4855D686}" = FSC OSD Utility "Java Web Start" = Java Web Start "kikqo" = Favorit "Live-Player" = Live-Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "Netscape (7.1)" = Netscape (7.1) "Netscape Communicator 4.73" = Netscape Communicator 4.73 "PCSI" = Prevx "Picasa2" = Picasa 2 "Uninstall_is1" = Uninstall 1.0.0.1 "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only) "VLC media player" = VLC media player 0.9.9 "Warcraft III" = Warcraft III "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 22.01.2010 13:52:25 | Computer Name = Tom-PC | Source = WinMgmt | ID = 10 Description = Error - 22.01.2010 14:26:07 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0138f2b4, Prozess-ID 0x348, Anwendungsstartzeit 01ca9b8b96789cc9. Error - 22.01.2010 14:28:31 | Computer Name = Tom-PC | Source = WinMgmt | ID = 10 Description = Error - 22.01.2010 14:34:36 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0214f1fc, Prozess-ID 0x364, Anwendungsstartzeit 01ca9b90a21404e4. Error - 22.01.2010 14:37:02 | Computer Name = Tom-PC | Source = WinMgmt | ID = 10 Description = Error - 22.01.2010 14:41:46 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0269f42c, Prozess-ID 0x350, Anwendungsstartzeit 01ca9b91d32d3f1c. Error - 22.01.2010 14:44:23 | Computer Name = Tom-PC | Source = WinMgmt | ID = 10 Description = Error - 22.01.2010 15:23:37 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x0258f750, Prozess-ID 0x330, Anwendungsstartzeit 01ca9b92da38d7f0. Error - 22.01.2010 15:50:12 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x012ef378, Prozess-ID 0x14d0, Anwendungsstartzeit 01ca9b98f3a4609e. Error - 22.01.2010 16:28:18 | Computer Name = Tom-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung svchost.exe, Version 6.0.6001.18000, Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x01dcf13c, Prozess-ID 0x17fc, Anwendungsstartzeit 01ca9b9c757fbdd6. [ System Events ] Error - 02.08.2009 12:24:24 | Computer Name = Tom-PC | Source = netbt | ID = 4321 Description = Der Name "TOM-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.2.105 registriert werden. Der Computer mit IP-Adresse 169.254.5.45 hat nicht zugelassen, dass dieser Computer diesen Namen verwendet. Error - 02.08.2009 12:24:33 | Computer Name = Tom-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 02.08.2009 14:14:25 | Computer Name = Tom-PC | Source = DCOM | ID = 10010 Description = Error - 03.08.2009 11:45:34 | Computer Name = Tom-PC | Source = HTTP | ID = 15016 Description = Error - 03.08.2009 11:46:19 | Computer Name = Tom-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 03.08.2009 11:46:21 | Computer Name = Tom-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 03.08.2009 11:46:30 | Computer Name = Tom-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 03.08.2009 14:31:59 | Computer Name = Tom-PC | Source = DCOM | ID = 10010 Description = Error - 03.08.2009 14:44:28 | Computer Name = Tom-PC | Source = ipnathlp | ID = 31004 Description = 0 Bytes Speicher konnten durch den DNS-Proxy-Agenten nicht zugeordnet werden. Möglicherweise ist nicht genügend Speicher vorhanden oder ein interner Fehler ist im Speicher-Manager aufgetreten. Error - 04.08.2009 13:37:32 | Computer Name = Tom-PC | Source = HTTP | ID = 15016 Description = < End of report > OTL logfile created on: 24.01.2010 20:34:15 - Run 1 OTL by OldTimer - Version 3.1.26.0 Folder = C:\Users\Tom\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 92,21 Gb Total Space | 24,73 Gb Free Space | 26,83% Space Free | Partition Type: NTFS Drive D: | 197,09 Gb Total Space | 197,00 Gb Free Space | 99,95% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TOM-PC Current User Name: Tom Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Prevx\prevx.exe (Prevx) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Norman\Npm\Bin\Njeeves.exe (Norman ASA) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\Zlh.exe (Norman ASA) PRC - C:\Programme\Norman\Npm\Bin\nvoy.exe (Norman ASA) PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.) PRC - C:\Windows\System32\igfxsrvc.exe (Intel Corporation) PRC - C:\Windows\System32\igfxpers.exe (Intel Corporation) PRC - C:\Windows\System32\hkcmd.exe (Intel Corporation) PRC - C:\Programme\FSC Launch Manager\LaunchMgr.exe (Quanta Computer Inc.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG) PRC - C:\Programme\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Norman\Npm\Bin\elogsvc.exe (Norman ASA) PRC - C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\Tom\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (NVCScheduler) -- File not found SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google) SRV - (Norman NJeeves) -- C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (Norman ASA) SRV - (Scheduler) -- C:\Program Files\Norman\Npm\Bin\scheduler.exe (Norman ASA) SRV - (Norman ZANDA) -- C:\Program Files\Norman\Npm\Bin\Zanda.exe (Norman ASA) SRV - (NVOY) -- C:\Program Files\Norman\npm\bin\nvoy.exe (Norman ASA) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe () SRV - (Nero BackItUp Scheduler 3) -- C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG) SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (eLoggerSvc6) -- C:\Program Files\Norman\Npm\Bin\Elogsvc.exe (Norman ASA) SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\System32\IoctlSvc.exe (Prolific Technology Inc.) SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (pxrts) -- C:\Windows\System32\drivers\pxrts.sys (Prevx) DRV - (pxscan) -- C:\Windows\System32\drivers\pxscan.sys (Prevx) DRV - (pxkbf) -- C:\Windows\System32\drivers\pxkbf.sys (Prevx) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (RMCAST) RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation ) DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.) DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Nachrichten - Service - Shopping bei t-online.de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=proxy.btx.dtag.de:80;ftp=ftp-proxy.btx.dtag.de:80 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.de/" FF - prefs.js..network.proxy.autoconfig_url: "http://www.t-online.de/software/ie50/setpxy.pac" FF - prefs.js..network.proxy.ftp: "ftp-proxy.btx.dtag.de" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "proxy.btx.dtag.de" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.16 15:07:09 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.17 21:51:04 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2009.05.02 01:50:12 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2010.01.17 21:51:04 | 00,000,000 | ---D | M] [2010.01.16 15:07:25 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Extensions [2010.01.24 01:27:36 | 00,000,000 | ---D | M] -- C:\Users\Tom\AppData\Roaming\mozilla\Firefox\Profiles\egffyzoj.default\extensions [2010.01.16 15:07:08 | 00,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.12.22 04:57:54 | 00,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.22 04:57:54 | 00,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.22 04:57:54 | 00,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.22 04:57:54 | 00,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.22 04:57:54 | 00,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [FSC OSD Utility] c:\Programme\FSC OSD Utility\OSDUtility.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [FSCRecovery] c:\Programme\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe (Fujitsu Siemens Computers GmbH) O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [Launch Manager] C:\Programme\FSC Launch Manager\LaunchMgr.exe (Quanta Computer Inc.) O4 - HKLM..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\Bin\ZLH.EXE (Norman ASA) O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [fsc-reg] C:\fsc-reg\fscreg.exe (Fujitsu Siemens) O4 - HKCU..\Run: [Sidebar] C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Java Plug-in 1.4.1_02) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\Users\Tom\AppData\Roaming\ufxw.exe) - C:\Users\Tom\AppData\Roaming\ufxw.exe File not found O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-6296374783-9751805672-495840989-1801\yv8g67.exe) - C:\RECYCLER\S-1-5-21-6296374783-9751805672-495840989-1801\yv8g67.exe File not found O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-5590127956-1593757267-638454392-6420\rundll32.exe) - C:\RECYCLER\S-1-5-21-5590127956-1593757267-638454392-6420\.exe File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.01.24 15:45:54 | 00,000,000 | ---D | C] -- C:\Users\Tom\DoctorWeb [2010.01.24 14:44:18 | 00,000,000 | ---D | C] -- C:\Avenger [2010.01.22 22:01:48 | 00,053,136 | ---- | C] (Prevx) -- C:\Windows\System32\PxSecure.dll [2010.01.22 22:01:47 | 00,047,664 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys [2010.01.22 22:01:47 | 00,030,280 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys [2010.01.22 22:01:46 | 00,024,496 | ---- | C] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys [2010.01.22 22:01:46 | 00,000,000 | ---D | C] -- C:\Programme\Prevx [2010.01.22 22:01:38 | 00,000,000 | ---D | C] -- C:\ProgramData\PrevxCSI [2010.01.22 20:29:48 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Malwarebytes [2010.01.22 20:29:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.01.22 20:29:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.01.22 20:29:37 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.01.22 20:29:37 | 00,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.01.16 15:07:13 | 00,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Mozilla [2010.01.16 15:07:06 | 00,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2010.01.13 21:37:34 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll [2010.01.13 21:37:34 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll [2010.01.03 14:26:41 | 00,000,000 | ---D | C] -- C:\WNCHESS [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.01.24 20:33:43 | 02,359,296 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT [2010.01.24 20:26:04 | 01,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.01.24 20:26:04 | 00,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.01.24 20:26:04 | 00,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.01.24 20:26:04 | 00,142,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.01.24 20:26:04 | 00,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.01.24 20:21:16 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.01.24 20:21:16 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.01.24 20:21:15 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.01.24 20:21:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.01.24 20:20:59 | 30,499,02080 | -HS- | M] () -- C:\hiberfil.sys [2010.01.24 20:06:18 | 00,524,288 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.01.24 20:06:18 | 00,065,536 | -HS- | M] () -- C:\Users\Tom\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.01.24 20:01:17 | 21,362,2131 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010.01.24 01:14:42 | 00,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{422ED6B3-5743-499B-8670-94FD39146DC9}.job [2010.01.22 23:45:25 | 00,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat [2010.01.22 23:45:20 | 00,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010.01.22 23:39:58 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.01.22 23:39:46 | 00,051,712 | ---- | M] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.22 22:01:48 | 00,053,136 | ---- | M] (Prevx) -- C:\Windows\System32\PxSecure.dll [2010.01.22 22:01:47 | 00,047,664 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxrts.sys [2010.01.22 22:01:47 | 00,030,280 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxscan.sys [2010.01.22 22:01:46 | 00,024,496 | ---- | M] (Prevx) -- C:\Windows\System32\drivers\pxkbf.sys [2010.01.22 21:50:09 | 00,000,088 | ---- | M] () -- C:\Users\Tom\AppData\Local\kikqo.bat [2010.01.22 20:29:43 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.17 21:51:04 | 00,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.01.16 15:07:10 | 00,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.01.15 00:19:27 | 00,000,809 | ---- | M] () -- C:\Users\Tom\.plugin141_02.trace [2010.01.14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.01.07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.01.07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.01.03 14:17:19 | 00,000,043 | ---- | M] () -- C:\Windows\Battle.ini [2010.01.03 14:17:19 | 00,000,038 | ---- | M] () -- C:\Windows\progman.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.01.24 20:20:59 | 30,499,02080 | -HS- | C] () -- C:\hiberfil.sys [2010.01.22 23:45:25 | 00,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.01.22 20:29:43 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.01.17 21:51:04 | 00,001,893 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.01.16 15:07:10 | 00,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.01.03 14:17:19 | 00,000,043 | ---- | C] () -- C:\Windows\Battle.ini [2010.01.03 14:17:19 | 00,000,038 | ---- | C] () -- C:\Windows\progman.ini [2009.11.06 10:58:04 | 00,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.09.17 18:44:54 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.23 20:58:48 | 00,000,176 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\wklnhst.dat [2009.06.19 19:06:22 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2009.06.19 19:06:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2009.05.12 19:30:53 | 00,000,088 | ---- | C] () -- C:\Users\Tom\AppData\Local\kikqo.bat [2009.05.02 01:47:20 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.05.01 12:01:02 | 00,000,091 | ---- | C] () -- C:\Users\Tom\AppData\Local\fusioncache.dat [2009.05.01 11:43:05 | 00,051,712 | ---- | C] () -- C:\Users\Tom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.04.30 20:25:50 | 00,000,000 | ---- | C] () -- C:\Windows\netscape.INI [2009.04.30 19:38:49 | 00,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini [2008.10.20 14:37:54 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll [2008.04.25 13:23:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll [2006.11.02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:25:26 | 00,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini < End of report > Zu guter letzt hab ich dann GMER ausgeführt und dieses Ergebnis erhalten: GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover Rootkit scan 2010-01-24 21:16:24 Windows 6.0.6002 Service Pack 2 Running: 7eiqk5bo.exe; Driver: C:\Users\Tom\AppData\Local\Temp\ufldipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0x8E5201CC] SSDT AA7B8E84 ZwCreateThread SSDT AA7B8E70 ZwOpenProcess SSDT AA7B8E75 ZwOpenThread SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0x8E520292] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0x8E52018E] SSDT AA7B8E7F ZwTerminateProcess SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0x8E520316] SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0x8E52034E] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 191 81EB48D4 4 Bytes [CC, 01, 52, 8E] {INT 3 ; ADD [EDX-0x72], EDX} .text ntkrnlpa.exe!KeSetEvent + 221 81EB4964 4 Bytes [84, 8E, 7B, AA] .text ntkrnlpa.exe!KeSetEvent + 3F1 81EB4B34 4 Bytes [70, 8E, 7B, AA] {JO 0xffffffffffffff90; JNP 0xffffffffffffffae} .text ntkrnlpa.exe!KeSetEvent + 40D 81EB4B50 4 Bytes [75, 8E, 7B, AA] {JNZ 0xffffffffffffff90; JNP 0xffffffffffffffae} .text ntkrnlpa.exe!KeSetEvent + 431 81EB4B74 4 Bytes [92, 02, 52, 8E] {XCHG EDX, EAX; ADD DL, [EDX-0x72]} .text ... .rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x807A5024] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\tdx \Device\Tcp pxrts.sys (Prevx Realtime Security/Prevx) Device -> \Driver\atapi \Device\Harddisk0\DR0 85254841 ---- Files - GMER 1.0.15 ---- File C:\Windows\system32\drivers\atapi.sys suspicious modification ---- EOF - GMER 1.0.15 ---- Ich hoffe daß des alles so passt. Nochmals vielen Dankf für Deine Hilfe und nen guten Start in die neue Woche. Gruß Tom Perios |
| Themen zu dcom server prozessstart unerwartet beendet |
| antivir, antivir guard, auswerten, avg, avira, bho, dcomserverprozessorstart, defender, desktop, fehlermeldung, firefox, ftp, gservice, hijack, hijackthis, hkus\s-1-5-18, internet explorer, launch, malwarebytes' anti-malware, mozilla, mp3, norman, picasa, plug-in, problem, senden, server, software, super, system, virus, vista, windows |
Baum-Darstellung