|
Plagegeister aller Art und deren Bekämpfung: Internetseiten öffnen sich von selbstWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
29.10.2010, 08:25 | #1 |
| Internetseiten öffnen sich von selbst Hallo Leute, Habe das Problem, das wenn ich manchmal im Internet bin, sich einfach so irgendwelche Seiten öffnen, meist VideoDictionary.com. Habe avast! und Malwarebyts komplett durchlaufen lassen, und beide haben nichts gefunden. Was könnte das sein ? |
29.10.2010, 09:17 | #2 |
| Internetseiten öffnen sich von selbst Hi,
__________________OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... chris Ps.: Bin erst wieder morgen online (frühestens)...
__________________ |
29.10.2010, 10:13 | #3 |
| Internetseiten öffnen sich von selbst Das hier ist die Extras.Txt Logfile von OTL :
__________________OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2010 10:56:05 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\Earny\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 33,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,53 Gb Total Space | 17,76 Gb Free Space | 47,32% Space Free | Partition Type: NTFS Drive D: | 34,56 Gb Total Space | 34,09 Gb Free Space | 98,64% Space Free | Partition Type: NTFS Drive E: | 2,44 Gb Total Space | 0,45 Gb Free Space | 18,36% Space Free | Partition Type: FAT32 Computer Name: WERNER | User Name: Earny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%ProgramFiles%\Messenger\msmsgs.exe" = %ProgramFiles%\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\HP\HP Software Update\HPWUCli.exe" = C:\Programme\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard) "C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation) "C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe" = C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- File not found "C:\Programme\AVG\AVG10\avgmfapx.exe" = C:\Programme\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- File not found "C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine -- File not found "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox -- (Mozilla Corporation) "C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.) "C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22 "{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects "{2F71F2BA-B513-4113-969C-18A84D238E27}" = 1310 "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5 "{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{4D8536A5-CB40-1EE1-DABD-DDB078E97AFB}" = netdesignerPRO "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext "{5AFA4872-16B2-419E-ADCA-8E96E739115D}" = Music Manager "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{71310568-C4A9-4E84-A2DA-40823D28F4BF}" = netdesigner "{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2 "{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01 "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{763E8D6C-0098-4FF4-801A-3F311D2D9D80}" = Apple Mobile Device Support "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80413011-029C-4D6B-B3AD-725DDE60B81C}" = 1310Trb "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime "{974C05A0-C76C-4724-A9A2-11D5D1355729}" = iTunes "{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1 "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2 "{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch "{AFDC0E03-F491-4A80-9EBE-46FD05FA53DD}" = SymNet "{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc "{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director "{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates "{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer "{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C4A978A3-CAE4-4856-89D5-696498A7B8F7}" = HPODiscovery "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E21658D0-8C83-4ADD-937B-6ED07F335ABA}" = 1310Tour "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe "{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}" = 1310_Help "{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F325CF11-27CE-4872-8022-6E9EB27DF24F}" = NAVShortcut "{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations "{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2) "3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "avast5" = avast! Free Antivirus "AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2 "AVS Image Converter_is1" = AVS Image Converter 1.1.3.71 "AVS Update Manager_is1" = AVS Update Manager 1.0 "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4 "CCleaner" = CCleaner "DivX Setup.divx.com" = DivX-Setup "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8 "Google Updater" = Google Updater "HP Photo & Imaging" = HP Image Zone 4.2 "hp psc 1310 series_Driver" = hp psc 1310 series "HyperCam 2" = HyperCam 2 "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Einfache Internetanmeldung "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12) "MSNINST" = MSN "netdesigner" = netdesigner "netfoto.ch.AD8D60F8E4A090C6E6ED2EA5F019293CE7B5FB4D.1" = netdesignerPRO "Nokia PC Suite" = Nokia PC Suite "Python 1.5 combined Win32 extensions" = Python 1.5 combined Win32 extensions "Python 1.5.2 (final)" = Python 1.5.2 (final) "S3" = UniChrome Graphics Driver and Utilities "Tcl 8.0.5 for Windows" = Tcl 8.0.5 for Windows "Uninstall_is1" = Uninstall 1.0.0.1 "VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver "Windows Media Encoder 9" = Windows Media Encoder 9-Reihe "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "I-Doser v4" = I-Doser v4 "OpenOffice.org 1.1.4" = OpenOffice.org 1.1.4 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 27.10.2010 09:22:26 | Computer Name = WERNER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54. Error - 27.10.2010 09:22:31 | Computer Name = WERNER | Source = Application Error | ID = 1001 Description = Fehlerhafter Speicherbereich 735618682. Error - 27.10.2010 09:22:48 | Computer Name = WERNER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54. Error - 27.10.2010 09:23:16 | Computer Name = WERNER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54. Error - 27.10.2010 09:23:26 | Computer Name = WERNER | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul shmedia.dll, Version 6.0.2900.5512, Fehleradresse 0x0000ac54. Error - 28.10.2010 08:27:21 | Computer Name = WERNER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 28.10.2010 08:27:48 | Computer Name = WERNER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 28.10.2010 13:23:37 | Computer Name = WERNER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 28.10.2010 13:23:50 | Computer Name = WERNER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. Error - 29.10.2010 02:50:27 | Computer Name = WERNER | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Guard NT" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.10.2010 00:17:15 | Computer Name = WERNER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SYMTDI Error - 29.10.2010 02:50:17 | Computer Name = WERNER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Guard NT" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 29.10.2010 02:51:03 | Computer Name = WERNER | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SYMTDI Error - 29.10.2010 03:09:29 | Computer Name = WERNER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 29.10.2010 04:24:08 | Computer Name = WERNER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} Error - 29.10.2010 04:44:39 | Computer Name = WERNER | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} < End of report > Und das die OTL.Txt Logfile auch von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2010 10:56:05 - Run 1 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Dokumente und Einstellungen\Earny\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 33,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,53 Gb Total Space | 17,76 Gb Free Space | 47,32% Space Free | Partition Type: NTFS Drive D: | 34,56 Gb Total Space | 34,09 Gb Free Space | 98,64% Space Free | Partition Type: NTFS Drive E: | 2,44 Gb Total Space | 0,45 Gb Free Space | 18,36% Space Free | Partition Type: FAT32 Computer Name: WERNER | User Name: Earny | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google) PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) PRC - C:\WINDOWS\system32\VTTimer.exe (S3 Graphics, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (Guard NT) -- C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) ========== Driver Services (SafeList) ========== DRV - (NTGUARD) -- C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found DRV - (mdxgthkn) -- C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (cmuda) -- C:\WINDOWS\System32\drivers\cmuda.sys File not found DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software) DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software) DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (SVKP) -- C:\WINDOWS\system32\SVKP.sys (AntiCracking) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation) DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation) DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation) DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation) DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation) DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura) DRV - (Pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.) DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.) DRV - (netrcacm) -- C:\WINDOWS\system32\drivers\netrcacm.sys (Thomson Inc.) DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation) DRV - (EL90XBC) -- C:\WINDOWS\system32\drivers\el90xbc5.sys (3Com Corporation) DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=Q404&bd=pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = MSN Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.msn.de/spresults.aspx?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.vol.at/" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.29 06:19:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 06:19:38 | 000,000,000 | ---D | M] [2010.03.17 20:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Extensions [2010.10.28 22:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions [2010.08.18 19:11:14 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.10.10 12:49:39 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2010.08.02 17:02:56 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\conduit.xml [2010.06.21 16:35:24 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\icqplugin.xml [2010.08.28 00:18:08 | 000,010,017 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Mozilla\Firefox\Profiles\k0tygsyi.default\searchplugins\mywebsearch.xml [2010.10.28 22:14:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.10.23 22:42:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.10.12 22:24:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.12 22:24:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.12 22:24:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.12 22:24:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.12 22:24:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.19 07:08:38 | 000,002,791 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 217.23.7.114 www.google.com O1 - Hosts: 217.23.7.114 google.com O1 - Hosts: 217.23.7.114 google.com.au O1 - Hosts: 217.23.7.114 www.google.com.au O1 - Hosts: 217.23.7.114 google.be O1 - Hosts: 217.23.7.114 www.google.be O1 - Hosts: 217.23.7.114 google.com.br O1 - Hosts: 217.23.7.114 www.google.com.br O1 - Hosts: 217.23.7.114 google.ca O1 - Hosts: 38 more lines... O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [UserFaultCheck] File not found O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.) O4 - HKCU..\Run: [ICQ] C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk = C:\Programme\Google\Google Updater\GoogleUpdater.exe (Google) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 10 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-30.cab (EPUImageControl Class) O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} hxxp://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe (Reg Error: Key error.) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096728815609 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://194.183.159.63/activex/AxisCamControl.cab (CamImage Class) O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} hxxp://download.energyfactor.com/dialer/it/activex_259_it.exe (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.183.128.35 194.183.128.36 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 () - hxxp://de.wrs.yahoo.com/S=2114718014/K=tornadoes/v=2/SID=e/l=IVS/;_ylt=Ah5Bs5sjBO8.jcaBupWnfp8.CQx.;_ylu=X3oDMTA4NDgyNWN0BHNlYwNwcm9m/SIG=12dpkm4qn/EXP=1118245652/*-http%3A//www.steveroach.com/Images/Thumbnails/Tornadoes.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.19 21:44:16 | 000,000,659 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ] O32 - AutoRun File - [2004.10.02 14:15:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.29 10:55:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe [2010.10.29 08:23:55 | 000,000,000 | ---D | C] -- C:\Programme\TrendMicro [2010.10.28 17:46:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ6Toolbar [2010.10.28 17:46:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.10.28 17:46:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\ICQ [2010.10.28 17:46:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\AOL [2010.10.28 17:45:59 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.10.26 19:20:55 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2010.10.26 19:19:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters [2010.10.26 19:14:41 | 063,363,736 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Earny\Desktop\PowerPointViewer_14.0.4730.1010.exe [2010.10.24 03:02:01 | 000,000,000 | ---D | C] -- C:\Download [2010.10.24 03:01:52 | 000,000,000 | ---D | C] -- C:\Nexon [2010.10.23 22:42:16 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.10.23 22:42:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.10.23 22:42:16 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.10.17 16:17:01 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.10.17 16:16:53 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.10.16 14:12:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media [2010.10.16 14:12:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2010.10.16 14:12:14 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media-Komponenten [2010.10.16 14:09:28 | 000,137,216 | ---- | C] (Hyperionics) -- C:\Programme\CamRes2.dll [2010.10.16 14:09:28 | 000,044,032 | ---- | C] (Hyperionics) -- C:\Programme\MClick2.dll [2010.10.16 14:09:27 | 000,925,080 | ---- | C] (Hyperionics) -- C:\Programme\HyCam2.exe [2010.10.16 14:09:27 | 000,078,248 | ---- | C] (Hyperionics) -- C:\Programme\UnHyCam2.exe [2010.10.16 13:51:17 | 000,000,000 | ---D | C] -- C:\Programme\HyCam2 [2010.10.16 13:48:19 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2010.10.16 13:48:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2010.10.16 13:48:16 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2010.10.16 13:48:15 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2010.10.16 13:48:12 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2010.10.16 13:48:12 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2010.10.16 13:48:12 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2010.10.16 13:47:55 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2010.10.16 13:47:55 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2010.10.16 13:12:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\AVG10 [2010.10.16 13:07:06 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2010.10.16 13:05:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2010.10.16 12:53:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010.10.15 13:44:13 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.15 13:44:13 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.15 13:44:03 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.12 14:39:48 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Earny\Recent [2010.10.06 21:11:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution [2010.10.06 21:02:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater [2010.10.06 19:32:27 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMCT232.OCX [2010.10.06 19:32:27 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCTLde.DLL [2010.10.06 19:32:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL [2010.10.06 19:32:27 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCT2DE.dll [2010.10.06 19:32:26 | 001,351,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx [2010.10.02 23:01:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Adobe [2010.10.02 23:00:57 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe [2010.10.01 14:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\Adobe(2) [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.10.29 10:53:13 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Earny\Desktop\OTL.exe [2010.10.29 10:52:17 | 002,415,383 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\SDC11613.JPG [2010.10.29 10:33:05 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.10.29 10:33:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.10.29 08:52:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.29 08:49:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.29 08:49:47 | 1308,151,808 | -HS- | M] () -- C:\hiberfil.sys [2010.10.29 08:48:45 | 000,001,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.new [2010.10.28 20:11:27 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.10.28 17:47:00 | 000,001,455 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk [2010.10.28 16:13:02 | 000,008,783 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\.recently-used.xbel [2010.10.27 19:23:55 | 004,169,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Kelly Clarkson - Behind These Hazel Eyes.mp3 [2010.10.27 16:05:23 | 004,016,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\James Cottriall - Unbreakable (full. new. + lyrics) [HD].mp3 [2010.10.27 15:53:09 | 001,732,322 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0007.avi [2010.10.27 15:51:08 | 014,706,330 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0006.avi [2010.10.27 15:49:38 | 004,169,614 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0005.avi [2010.10.27 15:45:46 | 011,873,542 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0004.avi [2010.10.27 15:43:41 | 000,031,232 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.27 15:43:34 | 057,950,356 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0003.avi [2010.10.27 15:41:36 | 002,628,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0002.avi [2010.10.27 15:41:11 | 000,842,914 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0001.avi [2010.10.27 15:39:22 | 000,848,004 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0032.avi [2010.10.27 15:38:14 | 001,488,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0031.avi [2010.10.27 15:35:19 | 136,454,484 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0030.avi [2010.10.27 15:21:48 | 004,397,184 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Gavin Rossdale - Love Remains the Same (with Lyrics).mp3 [2010.10.26 19:58:54 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.26 19:18:58 | 063,363,736 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Earny\Desktop\PowerPointViewer_14.0.4730.1010.exe [2010.10.24 00:27:31 | 000,001,570 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.17 16:17:01 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.17 11:32:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.16 13:48:19 | 000,001,668 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2010.10.16 13:48:13 | 000,003,002 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2010.10.15 21:24:31 | 000,086,205 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Redcyancow.jpg [2010.10.15 20:31:40 | 000,114,722 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\20100110162152!Cow-icon.png [2010.10.15 18:27:21 | 000,029,721 | ---- | M] () -- C:\Dokumente und Einstellungen\Earny\Desktop\MixedCow.32FarmCash.png [2010.10.15 17:52:19 | 000,000,784 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk [2010.10.07 12:39:52 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\Default.rdp [2010.10.06 21:02:18 | 000,000,896 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk [2010.10.06 17:37:35 | 000,485,478 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.10.06 17:37:35 | 000,442,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.10.06 17:37:35 | 000,095,352 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.10.06 17:37:35 | 000,072,046 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.10.29 10:51:34 | 002,415,383 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\SDC11613.JPG [2010.10.28 17:47:00 | 000,001,455 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk [2010.10.28 16:13:02 | 000,008,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\.recently-used.xbel [2010.10.27 16:10:11 | 004,169,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Kelly Clarkson - Behind These Hazel Eyes.mp3 [2010.10.27 16:05:40 | 004,016,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\James Cottriall - Unbreakable (full. new. + lyrics) [HD].mp3 [2010.10.27 15:52:52 | 001,732,322 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0007.avi [2010.10.27 15:50:41 | 014,706,330 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0006.avi [2010.10.27 15:49:27 | 004,169,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0005.avi [2010.10.27 15:45:20 | 011,873,542 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0004.avi [2010.10.27 15:42:09 | 057,950,356 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0003.avi [2010.10.27 15:41:28 | 002,628,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0002.avi [2010.10.27 15:41:03 | 000,842,914 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0001.avi [2010.10.27 15:39:14 | 000,848,004 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0032.avi [2010.10.27 15:37:59 | 001,488,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0031.avi [2010.10.27 15:30:23 | 136,454,484 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\clip0030.avi [2010.10.27 14:00:46 | 004,397,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Gavin Rossdale - Love Remains the Same (with Lyrics).mp3 [2010.10.17 16:17:01 | 000,001,872 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.10.16 14:09:28 | 000,199,268 | ---- | C] () -- C:\Programme\HyCam2.chm [2010.10.16 14:09:28 | 000,005,784 | ---- | C] () -- C:\Programme\HyCam2.tlb [2010.10.16 14:09:28 | 000,001,186 | ---- | C] () -- C:\Programme\16-44100d.wav [2010.10.16 14:09:28 | 000,000,956 | ---- | C] () -- C:\Programme\16-44100u.wav [2010.10.16 14:09:28 | 000,000,652 | ---- | C] () -- C:\Programme\16-22050d.wav [2010.10.16 14:09:28 | 000,000,587 | ---- | C] () -- C:\Programme\8-44100d.wav [2010.10.16 14:09:28 | 000,000,442 | ---- | C] () -- C:\Programme\16-22050u.wav [2010.10.16 14:09:28 | 000,000,421 | ---- | C] () -- C:\Programme\8-44100u.wav [2010.10.16 14:09:28 | 000,000,340 | ---- | C] () -- C:\Programme\16-11025d.wav [2010.10.16 14:09:28 | 000,000,326 | ---- | C] () -- C:\Programme\16-11025u.wav [2010.10.16 14:09:28 | 000,000,317 | ---- | C] () -- C:\Programme\8-22050d.wav [2010.10.16 14:09:28 | 000,000,260 | ---- | C] () -- C:\Programme\16-8000d.wav [2010.10.16 14:09:28 | 000,000,225 | ---- | C] () -- C:\Programme\8-22050u.wav [2010.10.16 14:09:28 | 000,000,220 | ---- | C] () -- C:\Programme\16-8000u.wav [2010.10.16 14:09:28 | 000,000,183 | ---- | C] () -- C:\Programme\8-11025d.wav [2010.10.16 14:09:28 | 000,000,151 | ---- | C] () -- C:\Programme\8-8000d.wav [2010.10.16 14:09:28 | 000,000,135 | ---- | C] () -- C:\Programme\8-11025u.wav [2010.10.16 14:09:28 | 000,000,127 | ---- | C] () -- C:\Programme\8-8000u.wav [2010.10.16 14:09:27 | 000,002,521 | ---- | C] () -- C:\Programme\agreement.txt [2010.10.16 14:09:27 | 000,002,018 | ---- | C] () -- C:\Programme\readme.txt [2010.10.16 14:09:27 | 000,000,055 | ---- | C] () -- C:\Programme\HomePage.url [2010.10.16 13:48:19 | 000,001,668 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\avast! Free Antivirus.lnk [2010.10.15 21:24:30 | 000,086,205 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\Redcyancow.jpg [2010.10.15 20:31:39 | 000,114,722 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\20100110162152!Cow-icon.png [2010.10.15 18:26:51 | 000,029,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Desktop\MixedCow.32FarmCash.png [2010.10.15 17:52:19 | 000,000,784 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\GIMP 2.lnk [2010.10.15 13:46:03 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.10.07 20:31:33 | 000,001,570 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2010.10.07 12:39:52 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Earny\Eigene Dateien\Default.rdp [2010.10.06 21:02:18 | 000,000,896 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Google Updater.lnk [2008.01.01 20:02:41 | 000,000,113 | ---- | C] () -- C:\WINDOWS\disney.ini [2007.09.28 18:41:38 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2007.08.07 17:41:38 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.03.09 17:29:41 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2006.12.19 19:23:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini [2006.12.15 18:53:18 | 000,031,232 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.04.06 19:44:35 | 000,007,053 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\GdiplusUpgrade_MSIApproach_Wrapper.log [2006.04.06 19:44:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006.03.31 13:57:53 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.01.29 20:46:46 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2005.12.27 12:15:17 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2005.11.23 20:54:08 | 000,000,101 | ---- | C] () -- C:\WINDOWS\EasyCash.ini [2005.11.23 20:51:37 | 000,000,387 | ---- | C] () -- C:\WINDOWS\EasyCT.INI [2005.07.10 14:50:27 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI [2005.06.07 17:37:36 | 000,000,475 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.04.03 20:34:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NokiaContentCopier.INI [2005.02.15 20:49:10 | 000,000,077 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Anwendungsdaten\sversion.ini [2005.01.29 19:09:32 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Earny\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005.01.29 18:36:29 | 000,007,127 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2004.10.04 21:02:58 | 000,018,646 | ---- | C] () -- C:\WINDOWS\wininit.ini [2004.10.03 16:03:04 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.10.02 16:18:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004.10.02 16:18:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004.10.02 16:18:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004.10.02 16:18:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004.10.02 16:18:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004.10.02 15:08:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.10.02 14:26:04 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll [2004.10.02 14:26:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll [2004.10.02 14:25:45 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004.10.02 14:23:46 | 000,000,962 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.10.02 14:12:31 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.10.02 13:37:21 | 000,001,978 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004.06.28 22:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97 @Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 < End of report > Hier noch die Logfile von TDSSKiller : 2010/10/29 11:19:59.0984 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49 2010/10/29 11:19:59.0984 ================================================================================ 2010/10/29 11:19:59.0984 SystemInfo: 2010/10/29 11:19:59.0984 2010/10/29 11:19:59.0984 OS Version: 5.1.2600 ServicePack: 3.0 2010/10/29 11:19:59.0984 Product type: Workstation 2010/10/29 11:19:59.0984 ComputerName: WERNER 2010/10/29 11:19:59.0984 UserName: Earny 2010/10/29 11:19:59.0984 Windows directory: C:\WINDOWS 2010/10/29 11:19:59.0984 System windows directory: C:\WINDOWS 2010/10/29 11:19:59.0984 Processor architecture: Intel x86 2010/10/29 11:19:59.0984 Number of processors: 1 2010/10/29 11:19:59.0984 Page size: 0x1000 2010/10/29 11:19:59.0984 Boot type: Normal boot 2010/10/29 11:19:59.0984 ================================================================================ 2010/10/29 11:20:00.0750 Initialize success 2010/10/29 11:20:08.0421 ================================================================================ 2010/10/29 11:20:08.0421 Scan started 2010/10/29 11:20:08.0421 Mode: Manual; 2010/10/29 11:20:08.0421 ================================================================================ 2010/10/29 11:20:10.0734 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys 2010/10/29 11:20:11.0328 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/29 11:20:11.0687 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/10/29 11:20:12.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/10/29 11:20:12.0546 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/10/29 11:20:13.0671 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS 2010/10/29 11:20:13.0937 ALCXWDM (a886a879d2d05d942c3565c4d451ec23) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/10/29 11:20:14.0734 AmdK7 (3a0dafac778236559c14c7203fb550eb) C:\WINDOWS\system32\DRIVERS\amdk7.sys 2010/10/29 11:20:15.0343 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/10/29 11:20:16.0265 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010/10/29 11:20:16.0625 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys 2010/10/29 11:20:16.0984 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys 2010/10/29 11:20:17.0140 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys 2010/10/29 11:20:17.0468 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys 2010/10/29 11:20:17.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/29 11:20:18.0359 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/29 11:20:18.0859 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/10/29 11:20:19.0031 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/29 11:20:19.0468 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2010/10/29 11:20:19.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/29 11:20:20.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/29 11:20:20.0359 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/10/29 11:20:20.0812 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/10/29 11:20:21.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/29 11:20:21.0531 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/29 11:20:22.0640 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/29 11:20:23.0062 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/29 11:20:23.0875 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/29 11:20:24.0234 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/29 11:20:24.0500 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/29 11:20:24.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/10/29 11:20:25.0171 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys 2010/10/29 11:20:25.0625 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/29 11:20:25.0875 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/10/29 11:20:26.0187 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 2010/10/29 11:20:26.0468 FETNDISB (cc6b6df3c35c20531492e1b700f700fa) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys 2010/10/29 11:20:26.0687 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/29 11:20:26.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/10/29 11:20:27.0093 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/10/29 11:20:27.0625 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 2010/10/29 11:20:27.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/29 11:20:28.0062 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/29 11:20:28.0312 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2010/10/29 11:20:28.0562 GEARAspiWDM (4ac51459805264affd5f6fdfb9d9235f) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/10/29 11:20:29.0000 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/29 11:20:29.0187 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/29 11:20:29.0750 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/10/29 11:20:30.0000 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/10/29 11:20:30.0281 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/10/29 11:20:30.0640 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/10/29 11:20:31.0468 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/10/29 11:20:31.0890 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/29 11:20:33.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/10/29 11:20:33.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/10/29 11:20:33.0875 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/10/29 11:20:34.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/29 11:20:34.0500 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/29 11:20:34.0859 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/10/29 11:20:35.0203 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/29 11:20:35.0578 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 2010/10/29 11:20:35.0890 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/29 11:20:36.0078 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/10/29 11:20:36.0468 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/29 11:20:36.0781 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/29 11:20:37.0468 MBAMSwissArmy (7364d8a830f91c487f430a57fdbd2bbb) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010/10/29 11:20:37.0937 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/29 11:20:38.0359 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 2010/10/29 11:20:38.0687 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/29 11:20:39.0000 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/29 11:20:39.0343 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/29 11:20:39.0968 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/29 11:20:40.0390 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/29 11:20:40.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/29 11:20:41.0171 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/10/29 11:20:41.0515 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/10/29 11:20:41.0875 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/10/29 11:20:42.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/29 11:20:42.0453 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/10/29 11:20:42.0734 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 2010/10/29 11:20:43.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/29 11:20:43.0250 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/10/29 11:20:43.0687 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/29 11:20:43.0984 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/10/29 11:20:44.0312 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/29 11:20:44.0671 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/29 11:20:45.0000 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/29 11:20:45.0328 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/29 11:20:45.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/29 11:20:45.0953 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/29 11:20:46.0296 netrcacm (b128ccc0e4586628d5d6f6a8f1d0778d) C:\WINDOWS\system32\DRIVERS\netrcacm.sys 2010/10/29 11:20:46.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/10/29 11:20:46.0781 nmwcd (357ddb51e03cae598c096d95497373d0) C:\WINDOWS\system32\drivers\ccdcmb.sys 2010/10/29 11:20:47.0109 nmwcdc (7cd443f9d36c80e152fadb274089577a) C:\WINDOWS\system32\drivers\ccdcmbo.sys 2010/10/29 11:20:47.0437 nmwcdnsu (02120406f27f5895dfce4c640e6ee237) C:\WINDOWS\system32\drivers\nmwcdnsu.sys 2010/10/29 11:20:47.0765 nmwcdnsuc (9c5de8b7cf5680307bbdf512c9258ecc) C:\WINDOWS\system32\drivers\nmwcdnsuc.sys 2010/10/29 11:20:48.0046 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/29 11:20:48.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/29 11:20:49.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/29 11:20:49.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/29 11:20:49.0703 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/29 11:20:49.0968 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/10/29 11:20:50.0343 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/10/29 11:20:50.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/29 11:20:50.0890 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/29 11:20:51.0171 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 2010/10/29 11:20:51.0468 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/29 11:20:52.0171 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/29 11:20:54.0234 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2010/10/29 11:20:54.0765 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/29 11:20:55.0187 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/10/29 11:20:55.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/29 11:20:55.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/29 11:20:55.0968 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/29 11:20:57.0453 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/29 11:20:57.0718 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/29 11:20:58.0078 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/29 11:20:58.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/29 11:20:58.0671 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/29 11:20:58.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/29 11:20:59.0375 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/10/29 11:20:59.0703 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/29 11:21:00.0125 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/29 11:21:00.0546 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/10/29 11:21:00.0843 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/10/29 11:21:01.0234 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/10/29 11:21:01.0765 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/10/29 11:21:02.0406 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/10/29 11:21:02.0765 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/29 11:21:03.0062 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/10/29 11:21:03.0406 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/10/29 11:21:03.0734 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/10/29 11:21:03.0968 SVKP (f05028b163b92c302a74409d683ac9b0) C:\WINDOWS\system32\SVKP.sys 2010/10/29 11:21:04.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/29 11:21:04.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/10/29 11:21:05.0203 SYMDNS (61a932f6e04c1d125659ec5f9a158cc1) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 2010/10/29 11:21:05.0500 SYMFW (033a6a91aa4162540c1e39a0d5c563c8) C:\WINDOWS\System32\Drivers\SYMFW.SYS 2010/10/29 11:21:05.0734 SYMIDS (071f8c6c95d8b632e73dcdbf865d8e46) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 2010/10/29 11:21:06.0156 SYMNDIS (a6bbadd2472ffc5b6ce3198e13ee0e74) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 2010/10/29 11:21:06.0656 SYMREDRV (df5514802a2e0a478e29be2e33360807) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 2010/10/29 11:21:07.0015 SYMTDI (9da226bc68389fbd6ec0e01286e7639c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 2010/10/29 11:21:07.0828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/29 11:21:08.0234 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/29 11:21:08.0593 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/10/29 11:21:08.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/10/29 11:21:09.0250 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/29 11:21:09.0796 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys 2010/10/29 11:21:10.0015 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/29 11:21:10.0703 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/29 11:21:11.0078 upperdev (15629e4d65f97ab5432d6d9597cf6a33) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys 2010/10/29 11:21:11.0468 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/10/29 11:21:11.0781 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/29 11:21:12.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/29 11:21:12.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/10/29 11:21:12.0734 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/10/29 11:21:13.0000 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys 2010/10/29 11:21:13.0343 UsbserFilt (5c17e6a11aa8be53f79fd364ba19f0ce) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys 2010/10/29 11:21:13.0687 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/29 11:21:13.0875 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/10/29 11:21:14.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/10/29 11:21:14.0531 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 2010/10/29 11:21:14.0875 viagfx (949f86f5a8e493574bbb830c3d18e4a9) C:\WINDOWS\system32\DRIVERS\vtmini.sys 2010/10/29 11:21:15.0218 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/10/29 11:21:15.0515 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/29 11:21:15.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/29 11:21:16.0234 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys 2010/10/29 11:21:17.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/29 11:21:17.0500 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 2010/10/29 11:21:17.0796 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/10/29 11:21:18.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/10/29 11:21:18.0406 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/10/29 11:21:18.0687 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/10/29 11:21:19.0484 ================================================================================ 2010/10/29 11:21:19.0484 Scan finished 2010/10/29 11:21:19.0484 ================================================================================ Habe Malwarebytes noch einmal durchlaufen lassen und bekam überraschenderweise 16 Bedrohungen gemeldet: Hier die Logfile: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4985 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 29.10.2010 11:47:12 mbam-log-2010-10-29 (11-47-12).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 241680 Laufzeit: 2 Stunde(n), 38 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 16 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Geändert von PcInfected (29.10.2010 um 10:50 Uhr) |
30.10.2010, 15:33 | #4 |
| Internetseiten öffnen sich von selbst Hi, Dein Hostfile wurde manipuliert, ich lasse es von OTL "zurücksetzen"! OTL:
Code:
ATTFilter :OTL SRV - (SNDSrvc) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found SRV - (NSCService) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (Guard NT) -- C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found SRV - (ccSetMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found SRV - (ccEvtMgr) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found DRV - (NTGUARD) -- C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found DRV - (mdxgthkn) -- C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found DRV - (EraserUtilRebootDrv) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found DRV - (cmuda) -- C:\WINDOWS\System32\drivers\cmuda.sys File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [UserFaultCheck] File not found O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 0 = msseces.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSASCui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = avgnt.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = avcenter.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = avscan.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = avgfrw.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = avgui.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = avgtray.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = avgscanx.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = avgcfgex.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = avgemc.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = avgchsvx.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = avgcmgr.exe O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = avgwdsvc.exe O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} hxxp://download.energyfactor.com/dialer/it/activex_259_it.exe (Reg Error: Key error.) @Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97 @Alternate Data Stream - 106 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 :REG [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = dword:0x00 "AntiVirusOverride" = dword:0x00 :Commands [purity] [resethosts] [emptytemp] [CREATERESTOREPOINT] [EMPTYFLASH] [resethosts] [Reboot]
Einige der Reg-Keys hat MAM schon entfernt, ich lass sie aber noch mal entfernen (gibt dann einen Fehler von OTL weil er sie nicht finden kann)... Gmer: http://www.trojaner-board.de/74908-a...t-scanner.html Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken). Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren! Dr. Web (zur Sicherheit)... http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
30.10.2010, 18:21 | #5 |
| Internetseiten öffnen sich von selbst So, die Logfile von OTL nachdem ich den PC neustarten musste ist die hier : All processes killed ========== OTL ========== Service SNDSrvc stopped successfully! Service SNDSrvc deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe File not found not found. Service NSCService stopped successfully! Service NSCService deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE File not found not found. Service LiveUpdate stopped successfully! Service LiveUpdate deleted successfully! File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE File not found not found. Service LiveUpdate Notice Service stopped successfully! Service LiveUpdate Notice Service deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe File not found not found. Service HidServ stopped successfully! Service HidServ deleted successfully! File C:\WINDOWS\System32\hidserv.dll File not found not found. Service Guard NT stopped successfully! Service Guard NT deleted successfully! File C:\Programme\Aon\AonVirenchecker\GuardNT\guardNt.exe File not found not found. Service ccSetMgr stopped successfully! Service ccSetMgr deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe File not found not found. Service ccEvtMgr stopped successfully! Service ccEvtMgr deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe File not found not found. Service Automatisches LiveUpdate - Scheduler stopped successfully! Service Automatisches LiveUpdate - Scheduler deleted successfully! File C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe File not found not found. Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! File C:\WINDOWS\System32\appmgmts.dll File not found not found. Service NTGUARD stopped successfully! Service NTGUARD deleted successfully! File C:\Programme\Aon\AonVirenchecker\GuardNT\NTGUARD.SYS File not found not found. Service mdxgthkn stopped successfully! Service mdxgthkn deleted successfully! File C:\DOKUME~1\Earny\LOKALE~1\Temp\mdxgthkn.sys File not found not found. Service EraserUtilRebootDrv stopped successfully! Service EraserUtilRebootDrv deleted successfully! File C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found not found. Service cmuda stopped successfully! Service cmuda deleted successfully! File C:\WINDOWS\System32\drivers\cmuda.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UserFaultCheck deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\0 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\1 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\2 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\3 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\4 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\5 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\6 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\7 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\8 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\9 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\10 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\11 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\12 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\13 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\14 not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun\\15 not found. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {FFFF0001-0001-101A-A3C9-08002B2F49FC} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFF0001-0001-101A-A3C9-08002B2F49FC}\ not found. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:27AAAD97 deleted successfully. ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMPFC5A2B2 deleted successfully. ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 114822 bytes ->Flash cache emptied: 41703 bytes User: Earny ->Temp folder emptied: 48686152 bytes ->Temporary Internet Files folder emptied: 93787806 bytes ->Java cache emptied: 139639 bytes ->FireFox cache emptied: 106266407 bytes ->Google Chrome cache emptied: 12913016 bytes ->Flash cache emptied: 17355 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 15319555 bytes ->Flash cache emptied: 434 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 63426787 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 557720 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 326,00 mb Restore point Set: OTL Restore Point (0) [EMPTYFLASH] User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Earny ->Flash cache emptied: 0 bytes User: LocalService ->Flash cache emptied: 0 bytes User: NetworkService Total Flash Files Cleaned = 0,00 mb File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully OTL by OldTimer - Version 3.2.17.1 log created on 10302010_190626 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\WINDOWS\System32\drivers\etc\Hosts scheduled to be moved on reboot. Registry entries deleted on Reboot... So, nun von GMER bei Rootkits/Malware : GMER 1.0.15.15477 - hxxp://www.gmer.net Rootkit quick scan 2010-10-30 19:21:14 Windows 5.1.2600 Service Pack 3 Running: 180t0fk1.exe; Driver: C:\DOKUME~1\Earny\LOKALE~1\Temp\uxtdqpog.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8376BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB83769D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB8376B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ---- GMER Scannt noch gerade. Geändert von PcInfected (30.10.2010 um 18:32 Uhr) |
30.10.2010, 18:48 | #6 |
| Internetseiten öffnen sich von selbst Hi, das sieht schon mal nicht schlecht aus.... chris
__________________ --> Internetseiten öffnen sich von selbst |
30.10.2010, 19:55 | #7 |
| Internetseiten öffnen sich von selbst So, hier nun der Bericht von GMER: GMER 1.0.15.15477 - GMER - Rootkit Detector and Remover Rootkit scan 2010-10-30 20:56:45 Windows 5.1.2600 Service Pack 3 Running: 180t0fk1.exe; Driver: C:\DOKUME~1\Earny\LOKALE~1\Temp\uxtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xB8369CF0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xB8369BAC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xB836A160] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xB836A08A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xB8369782] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xB8369C86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xB83696C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xB8369726] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xB8369DA6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB836A22E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xB8369D66] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xB8369EE6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB8376BAE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB83769D2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB8376B0C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B8373FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP B83769D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B8376BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP B83725D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP B8376B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9733900] ---- User code sections - GMER 1.0.15 ---- .text C:\Programme\Alwil Software\Avast5\AvastSvc.exe[188] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Programme\Mozilla Firefox\firefox.exe[2004] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1100] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002 IAT C:\WINDOWS\system32\services.exe[1100] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) |
30.10.2010, 21:19 | #8 |
| Internetseiten öffnen sich von selbst Hi, GMER sieht unauffällig aus, was macht der Rechner? Lass noch CureIT laufen, log wie beschrieben posten (Cureit läuft länger... ev. über nach laufen lassen)... Schauen wir mal nach dem MBR (obwohl GMER und der Killer tun das auch ;o)... MBR-Check Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
30.10.2010, 23:30 | #9 |
| Internetseiten öffnen sich von selbst Hier die Logfile von MBR-Check MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003c Kernel Drivers (total 126): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xBA058000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xBA047000 pci.sys 0xBA0A8000 isapnp.sys 0xBA0B8000 ohci1394.sys 0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA5AC000 viaide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0D8000 MountMgr.sys 0xBA028000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xBA010000 atapi.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9FF0000 fltmgr.sys 0xB9FDE000 sr.sys 0xBA118000 PxHelp20.sys 0xB9FC7000 KSecDD.sys 0xB9FB4000 WudfPf.sys 0xB9F27000 Ntfs.sys 0xB9EFA000 NDIS.sys 0xBA128000 uagp35.sys 0xBA338000 viaagp1.sys 0xB9EE0000 Mup.sys 0xBA138000 AVGIDSEH.Sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\amdk7.sys 0xB93E5000 \SystemRoot\system32\DRIVERS\vtmini.sys 0xB93D1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA1D8000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA1E8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA428000 \SystemRoot\system32\drivers\iviaspi.sys 0xBA5A4000 \SystemRoot\system32\drivers\pfc.sys 0xBA1F8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA208000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB93AE000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA430000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xBA438000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB938A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA440000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB92F4000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xB92D0000 \SystemRoot\system32\drivers\portcls.sys 0xBA218000 \SystemRoot\system32\drivers\drmk.sys 0xB926E000 \SystemRoot\system32\drivers\ALCXSENS.SYS 0xBA228000 \SystemRoot\system32\DRIVERS\fetnd5b.sys 0xBA448000 \SystemRoot\system32\DRIVERS\fdc.sys 0xBA238000 \SystemRoot\system32\DRIVERS\serial.sys 0xB9EB8000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB925A000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA248000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xB9EB4000 \SystemRoot\system32\DRIVERS\PS2.sys 0xBA450000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xBA730000 \SystemRoot\system32\DRIVERS\audstub.sys 0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB9EB0000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB9243000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xBA458000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB9232000 \SystemRoot\system32\DRIVERS\psched.sys 0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys 0xBA298000 \SystemRoot\system32\DRIVERS\termdd.sys 0xBA470000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xBA5CA000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB91D4000 \SystemRoot\system32\DRIVERS\update.sys 0xB9E9C000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xBA2A8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xBA2B8000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xBA5CC000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xBA5CE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xBA799000 \SystemRoot\System32\Drivers\Null.SYS 0xBA5D0000 \SystemRoot\System32\Drivers\Beep.SYS 0xBA480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xBA488000 \SystemRoot\System32\drivers\vga.sys 0xBA5D2000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xBA5D4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xBA490000 \SystemRoot\System32\Drivers\Msfs.SYS 0xBA498000 \SystemRoot\System32\Drivers\Npfs.SYS 0xBA534000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB8171000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB8118000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xBA2D8000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xB80F0000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB80CE000 \SystemRoot\System32\drivers\afd.sys 0xBA2E8000 \SystemRoot\system32\DRIVERS\netbios.sys 0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0xB8003000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB7F6B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xBA2F8000 \SystemRoot\System32\Drivers\Fips.SYS 0xB7F45000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xBA308000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xBA318000 \SystemRoot\system32\DRIVERS\arp1394.sys 0xBA55C000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB95F7000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xBA560000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB7F1E000 \SystemRoot\System32\Drivers\aswSP.SYS 0xBA368000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xB7EFA000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xB7EE2000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xBA5D8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xBA584000 \SystemRoot\System32\drivers\Dxapi.sys 0xBA370000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xBA736000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\vtdisp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xB55D2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xB563A000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys 0xB55B6000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB5313000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xB5146000 \SystemRoot\system32\drivers\wdmaud.sys 0xB53CA000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA628000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xB4EE8000 \SystemRoot\system32\DRIVERS\srv.sys 0xBA74B000 \??\C:\WINDOWS\system32\SVKP.sys 0xBA360000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xB4AF0000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB4104000 \SystemRoot\system32\drivers\kmixer.sys 0x7C910000 \WINDOWS\system32\ntdll.dll Processes (total 42): 0 System Idle Process 4 System 936 C:\WINDOWS\system32\smss.exe 1060 csrss.exe 1084 C:\WINDOWS\system32\winlogon.exe 1132 Denke übrigens das das Problem behoben ist, haben sich keine Webseiten mehr einfachso geöffnet. |
02.11.2010, 08:43 | #10 |
| Internetseiten öffnen sich von selbst Hi, das Log ist nicht vollständig, bitte nochmal posten! chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
02.11.2010, 12:47 | #11 |
| Internetseiten öffnen sich von selbst Das ist die Logfile von MBR: MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows XP Home Edition Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000003c Kernel Drivers (total 125): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EF000 \WINDOWS\system32\hal.dll 0xBA5A8000 \WINDOWS\system32\KDCOM.DLL 0xBA4B8000 \WINDOWS\system32\BOOTVID.dll 0xBA058000 ACPI.sys 0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xBA047000 pci.sys 0xBA0A8000 isapnp.sys 0xBA0B8000 ohci1394.sys 0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS 0xBA5AC000 viaide.sys 0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xBA0D8000 MountMgr.sys 0xBA028000 ftdisk.sys 0xBA330000 PartMgr.sys 0xBA0E8000 VolSnap.sys 0xBA010000 atapi.sys 0xBA0F8000 disk.sys 0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB9FF0000 fltmgr.sys 0xB9FDE000 sr.sys 0xBA118000 PxHelp20.sys 0xB9FC7000 KSecDD.sys 0xB9FB4000 WudfPf.sys 0xB9F27000 Ntfs.sys 0xB9EFA000 NDIS.sys 0xBA128000 uagp35.sys 0xBA338000 viaagp1.sys 0xB9EE0000 Mup.sys 0xBA138000 AVGIDSEH.Sys 0xBA198000 \SystemRoot\system32\DRIVERS\amdk7.sys 0xB9506000 \SystemRoot\system32\DRIVERS\vtmini.sys 0xB94F2000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xBA1A8000 \SystemRoot\system32\DRIVERS\nic1394.sys 0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xBA418000 \SystemRoot\system32\drivers\iviaspi.sys 0xBA598000 \SystemRoot\system32\drivers\pfc.sys 0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB94CF000 \SystemRoot\system32\DRIVERS\ks.sys 0xBA420000 \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys 0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB94AB000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB9415000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xB93F1000 \SystemRoot\system32\drivers\portcls.sys 0xBA1E8000 \SystemRoot\system32\drivers\drmk.sys 0xB938F000 \SystemRoot\system32\drivers\ALCXSENS.SYS 0xBA208000 \SystemRoot\system32\DRIVERS\fetnd5b.sys 0xBA438000 \SystemRoot\system32\DRIVERS\fdc.sys 0xBA218000 \SystemRoot\system32\DRIVERS\serial.sys 0xBA5A0000 \SystemRoot\system32\DRIVERS\serenum.sys 0xB937B000 \SystemRoot\system32\DRIVERS\parport.sys 0xBA228000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0xBA5A4000 \SystemRoot\system32\DRIVERS\PS2.sys 0xBA448000 |
02.11.2010, 14:31 | #12 |
| Internetseiten öffnen sich von selbst Hi, teile das Log mal in zwei Posts auf oder fasse es in [code]-Tags... (Ein "/" dann vor das Wort code zum Abschluß....)->[/ code] (Aber ohne Blank dazwischen...) chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
Themen zu Internetseiten öffnen sich von selbst |
avast, avast!, einfach, gefunde, inter, interne, internet, internetseite, internetseiten, internetseiten öffnen sich, komplett, leute, nichts, problem, seite, seiten, seiten öffnen sich, von selbst, öffnen |