| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc...Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
08.03.2011, 20:30
| #1 |
 |  Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Hallo, ich habe folgendes Problem: Seit einiger Zeit kann ich das Windowsupdat(e) nicht ausführen. Automatisch, sowie manuell geht es nicht. Ich kann das Wort nicht mal bei google oder sonst wo eingeben. Bekomme dann immer die Fehlermeldung "Verbindung unterbrochen". Zudem bekomme ich seit neuestem nach einigen Minuten am Rechner immer die Meldung "Hostprozess für Windowsdienste wurde beendet". Mein Rechner wird dann sehr langsam, das Internet funktioniert dann nicht richtig und Videos laden fast gar nicht mehr. Des Weitern werde ich manchmal auf eine seite die cpcadnet.com, oder ähnlich, heißt umgeleitet. Mein Antivir findet nichts. Ich hoffe, Ihr könnt mir weiterhelfen. Vielen Dank schon mal im Vorraus! Malwarebytes: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5990 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 08.03.2011 20:40:11 mbam-log-2011-03-08 (20-40-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 147537 Laufzeit: 5 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) ____________________________________ OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 08.03.2011 20:42:02 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 173,69 Gb Total Space | 51,90 Gb Free Space | 29,88% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,79 Gb Free Space | 57,89% Space Free | Partition Type: NTFS Drive E: | 66,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Andre\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\WinTV\WinTV7\WinTVTray.exe (Hauppauge Computer Works, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Programme\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Programme\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) PRC - C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.) PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe () PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - c:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (HauppaugeTVServer) -- C:\Programme\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.) SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation) SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.) DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (s217unic) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM) -- C:\Windows\System32\drivers\s217unic.sys (MCCI) DRV - (s217mgmt) Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s217mgmt.sys (MCCI Corporation) DRV - (s217obex) -- C:\Windows\System32\drivers\s217obex.sys (MCCI Corporation) DRV - (s217nd5) Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS) -- C:\Windows\System32\drivers\s217nd5.sys (MCCI Corporation) DRV - (s217mdm) -- C:\Windows\System32\drivers\s217mdm.sys (MCCI Corporation) DRV - (s217bus) Sony Ericsson Device 217 driver (WDM) -- C:\Windows\System32\drivers\s217bus.sys (MCCI Corporation) DRV - (s217mdfl) -- C:\Windows\System32\drivers\s217mdfl.sys (MCCI Corporation) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (iaNvStor) Intel(R) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. ) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.) DRV - (w800mdm) -- C:\Windows\System32\drivers\w800mdm.sys (MCCI) DRV - (w800mdfl) -- C:\Windows\System32\drivers\w800mdfl.sys (MCCI) DRV - (w800bus) Sony Ericsson W800 driver (WDM) -- C:\Windows\System32\drivers\w800bus.sys (MCCI) DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.) DRV - (ndiscm) -- C:\Windows\System32\drivers\NetMotCM.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.de/ig/dell?hl=de&client=dell-row&channel=de&ibd=0080703 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.team-andro.com/phpBB3/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.02 18:00:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.02 18:00:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011.03.02 18:00:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins [2008.07.25 19:35:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.07 20:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yrdsqlq6.default\extensions [2010.12.12 19:05:00 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yrdsqlq6.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2009.11.10 19:10:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\yrdsqlq6.default\extensions\moveplayer@movenetworks.com [2009.10.24 17:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Sunbird\Profiles\bnnw35wk.default\extensions [2011.03.01 22:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.22 14:03:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.18 15:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.01 22:07:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2009.09.29 22:30:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED} [2008.08.23 18:02:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009.09.28 13:05:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [2009.12.04 11:54:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.06 19:50:10 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.04.22 14:03:35 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.10.18 15:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.03.01 22:07:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\NPPDLicenseHelper.dll [2010.06.25 17:16:41 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.25 17:16:41 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.25 17:16:41 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.25 17:16:41 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.25 17:16:41 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Programme\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.srtest.com/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programme\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - File not found O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O20 - Winlogon\Notify\psfus: DllName - C:\Program Files\Protector Suite QL\psqlpwd.dll - C:\Programme\Protector Suite QL\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Users\Andre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Andre\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2010.02.25 09:51:00 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.08 19:39:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.03.08 19:39:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.08 19:39:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.08 19:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.08 19:39:33 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.08 19:39:33 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.02 18:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.03.02 18:12:50 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2011.03.02 18:12:49 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2011.03.02 18:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.03.02 18:04:36 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2011.03.02 18:04:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.03.02 18:00:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.03.02 17:59:53 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2011.03.01 17:56:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2011.02.13 18:46:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\2K Sports [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.03.08 19:53:00 | 000,664,282 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.08 19:53:00 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.08 19:53:00 | 000,142,622 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.08 19:53:00 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.08 19:48:46 | 000,139,089 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.03.08 19:48:46 | 000,139,089 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.03.08 19:46:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.08 19:46:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.08 19:46:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.08 19:46:35 | 3756,064,768 | -HS- | M] () -- C:\hiberfil.sys [2011.03.08 19:45:53 | 000,004,132 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.08 19:39:37 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.08 07:24:13 | 000,002,508 | ---- | M] () -- C:\Users\***\Documents\cc_20110308_072409.reg [2011.03.07 17:30:13 | 002,021,911 | ---- | M] () -- C:\Users\***\Documents\SC3160249.flv [2011.03.02 18:13:27 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.02 18:00:12 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.03.01 16:43:48 | 000,004,424 | ---- | M] () -- C:\Users\***\Documents\cc_20110301_164342.reg [2011.03.01 16:18:11 | 000,076,800 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.27 09:24:58 | 000,007,916 | ---- | M] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2011.02.26 17:33:26 | 132,473,061 | ---- | M] () -- C:\Users\***\Documents\Z2VpbGUgbnV0dGUgLSB2ZXJzYXV0ZSB0ZWVuaWVzIG1pdHQgZGVyIGZhdXN0.mp4 [2011.02.26 15:44:14 | 026,610,225 | ---- | M] () -- C:\Users\***\Documents\527590_***.flv [2011.02.26 15:41:20 | 039,990,452 | ---- | M] () -- C:\Users\***\Documents\477ef3b53cb5b.flv [2011.02.26 15:26:14 | 031,968,587 | ---- | M] () -- C:\Users\***\Documents\65422.flv [2011.02.26 13:50:59 | 078,597,096 | ---- | M] () -- C:\Users\***\Documents\1_640x480.mp4 [2011.02.26 12:38:57 | 032,232,294 | ---- | M] () -- C:\Users\***\Documents\***.flv [2011.02.21 16:11:35 | 029,687,452 | ---- | M] () -- C:\Users\***\Documents\404460.flv [2011.02.21 16:02:44 | 035,513,761 | ---- | M] () -- C:\Users\***\Documents\***.flv [2011.02.21 15:51:54 | 036,474,457 | ---- | M] () -- C:\Users\***\Documents\200199_remibelleshanielove_2.flv [2011.02.21 15:49:29 | 017,283,624 | ---- | M] () -- C:\Users\***\Documents\50298_***.flv [2011.02.21 12:31:34 | 026,216,504 | ---- | M] () -- C:\Users\***\Documents\4d1ab7cba0439.flv [2011.02.21 12:11:00 | 045,219,537 | ---- | M] () -- C:\Users\***\Documents\4c1ebe162d9c2***.flv [2011.02.16 07:48:20 | 025,126,376 | ---- | M] () -- C:\Users\***\Documents\423117***.flv [2011.02.16 07:44:47 | 045,625,099 | ---- | M] () -- C:\Users\***\Documents\SC3155611.flv [2011.02.16 07:41:01 | 017,472,491 | ---- | M] () -- C:\Users\***\Documents\0098779de1a9d834633a313efccc2c2c.flv [2011.02.08 17:39:26 | 000,000,933 | ---- | M] () -- C:\Users\***\Desktop\nba2k11 - Verknüpfung.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Users\***\*.tmp files -> C:\Users\***\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.03.08 19:39:37 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.08 07:24:11 | 000,002,508 | ---- | C] () -- C:\Users\***\Documents\cc_20110308_072409.reg [2011.03.07 17:28:51 | 002,021,911 | ---- | C] () -- C:\Users\***\Documents\SC3160249.flv [2011.03.02 18:13:27 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2011.03.02 18:00:12 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2011.03.01 16:43:45 | 000,004,424 | ---- | C] () -- C:\Users\***\Documents\cc_20110301_164342.reg [2011.02.26 16:07:59 | 132,473,061 | ---- | C] () -- C:\Users\***\Documents\Z2VpbGUgbnV0dGUgLSB2ZXJzYXV0ZSB0ZWVuaWVzIG1pdHQgZGVyIGZhdXN0.mp4 [2011.02.26 15:38:40 | 026,610,225 | ---- | C] () -- C:\Users\***\Documents\527590_***.flv [2011.02.26 15:30:36 | 039,990,452 | ---- | C] () -- C:\Users\***\Documents\477ef3b53cb5b.flv [2011.02.26 15:21:00 | 031,968,587 | ---- | C] () -- C:\Users\***\Documents\65422.flv [2011.02.26 13:31:34 | 078,597,096 | ---- | C] () -- C:\Users\***\Documents\1_640x480.mp4 [2011.02.26 12:33:04 | 032,232,294 | ---- | C] () -- C:\Users\***\Documents\***.flv [2011.02.21 16:04:03 | 029,687,452 | ---- | C] () -- C:\Users\***\Documents\404460.flv [2011.02.21 15:55:00 | 035,513,761 | ---- | C] () -- C:\Users\***\Documents\***.flv [2011.02.21 15:47:32 | 017,283,624 | ---- | C] () -- C:\Users\***\Documents\50298***.flv [2011.02.21 15:45:15 | 036,474,457 | ---- | C] () -- C:\Users\***\Documents\200199_remibelleshanielove_2.flv [2011.02.21 12:21:10 | 026,216,504 | ---- | C] () -- C:\Users\***\Documents\4d1ab7cba0439.flv [2011.02.21 12:09:22 | 045,219,537 | ---- | C] () -- C:\Users\***\Documents\4c1ebe162d9c2***.flv [2011.02.16 07:43:31 | 025,126,376 | ---- | C] () -- C:\Users\***\Documents\423117***.flv [2011.02.16 07:40:15 | 017,472,491 | ---- | C] () -- C:\Users\***\Documents\0098779de1a9d834633a313efccc2c2c.flv [2011.02.16 07:34:43 | 045,625,099 | ---- | C] () -- C:\Users\***\Documents\SC3155611.flv [2011.02.08 17:39:26 | 000,000,933 | ---- | C] () -- C:\Users\***\Desktop\nba2k11 - Verknüpfung.lnk [2010.10.12 15:14:05 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini [2010.10.12 15:13:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.10.12 15:13:27 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2010.10.12 15:13:13 | 000,142,337 | ---- | C] () -- C:\Windows\System32\Wait.exe [2010.10.12 15:12:46 | 000,006,245 | ---- | C] () -- C:\Windows\HCWPNP.INI [2010.09.18 17:55:34 | 000,015,484 | ---- | C] () -- C:\Users\***\AppData\Roaming\mdbu.bin [2010.04.29 19:05:13 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2009.09.29 22:34:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.03 15:08:03 | 000,215,144 | ---- | C] () -- C:\Windows\patchw32.dll [2009.06.02 20:15:41 | 000,279,712 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.06.02 20:15:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll [2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2008.10.08 19:49:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL [2008.09.29 15:13:40 | 000,000,093 | ---- | C] () -- C:\Users\***\AppData\Local\fusioncache.dat [2008.09.28 21:59:00 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe [2008.08.23 21:37:14 | 000,007,916 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2008.08.10 12:53:05 | 000,001,916 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat [2008.07.23 21:33:32 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.23 21:33:31 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.07.23 18:42:41 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2008.07.23 18:42:41 | 000,138,056 | ---- | C] () -- C:\Users\***\AppData\Roaming\PnkBstrK.sys [2008.07.23 18:42:24 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2008.07.23 18:42:23 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2008.07.23 17:46:46 | 000,076,800 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.07.23 17:35:48 | 000,139,089 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.07.23 17:35:47 | 000,139,089 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.07.03 09:29:37 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll [2008.07.03 09:29:36 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.07.03 01:36:07 | 000,004,132 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.07.02 23:50:25 | 000,000,076 | RHS- | C] () -- C:\Windows\CT4CET.bin [2008.02.06 07:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.01.21 08:15:58 | 000,664,282 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 08:15:58 | 000,142,622 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,342,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,625,582 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,117,144 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > _________________________________________________________________________________________ Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 08.03.2011 20:42:02 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Andre\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,69 Gb Total Space | 51,90 Gb Free Space | 29,88% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,79 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
Drive E: | 66,21 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{088C8F95-11BA-4161-BE4F-8439FBF5BF44}" = lport=2869 | protocol=6 | dir=in | app=system |
"{11611FC9-A25A-4A2C-907D-429DBBBCCFD7}" = rport=139 | protocol=6 | dir=out | app=system |
"{1B9A3357-2500-41F0-8013-F1FA419DCCA7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{28940151-28D0-44D7-95E7-1198D7EF93FC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{33E4BF3F-1662-4B08-B5B2-94FF30858F17}" = rport=137 | protocol=17 | dir=out | app=system |
"{3E621663-D133-48DA-B3AD-7B65BE931ED0}" = lport=80 | protocol=6 | dir=in | name=prey |
"{474BDE1D-360A-4BDD-BE98-A7DFEC30BDDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{57E8DFEA-F33F-4358-A187-857070F3BE1A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5EA2EDEE-A5CA-4467-9155-EC972AA8F2C0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{626EF73A-1A6B-4F60-8F45-5A8B2878799C}" = lport=445 | protocol=6 | dir=in | app=system |
"{787AAA7B-9673-47DB-9DAF-DA3D47138B0C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A02A1C6-DFCF-417E-A2AB-1CD66A42B11B}" = lport=137 | protocol=17 | dir=in | app=system |
"{82B5A906-0292-4FFA-B05C-EB25AEA0B6AB}" = lport=138 | protocol=17 | dir=in | app=system |
"{9434DD55-FCB6-432E-AB79-92A386D9E7EF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{982BC757-2A03-4AA1-9C33-40158E4EBAE5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ACD3272-B178-46E3-BBB1-FF6F2E5EAEB5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A64406F8-578B-4A90-8C1B-9CCFAB20A271}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C65EDE16-67F3-4A58-9B73-2DB685FF37BA}" = rport=138 | protocol=17 | dir=out | app=system |
"{CED2342C-4295-4D7F-871C-31A69C583E6C}" = lport=139 | protocol=6 | dir=in | app=system |
"{D53AD77E-34F4-49DA-AAD7-5D043E4A11A3}" = rport=445 | protocol=6 | dir=out | app=system |
"{E9897776-A930-4B82-8FFC-8E31D606163B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AFD246-BC81-4257-A850-244E215BF7C3}" = protocol=6 | dir=in | app=c:\prey\prey-config.exe |
"{0CBC1E49-AD48-4591-B1B1-F56D40A6ACEC}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{1098C23B-520F-4F2E-975C-3246884713E3}" = protocol=17 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{16312A97-2118-401A-89B3-B681E479ED41}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{1BE6FA6B-CFE9-46B8-9816-B2C6343A0725}" = protocol=6 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{1BFF469D-95C7-4F5B-B931-FD7E98BEF5BE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{1EA23643-0CA0-4E61-BBC3-C88EE92BC38C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{23C60857-6A8A-4A7D-A12F-890827E5EF40}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe |
"{28BAA83F-EA4C-4DE6-9514-1DC3CAE89F62}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{2B14C7D3-7CBA-4305-8468-D1A9D9BC36AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3669A23A-4AE5-4FEE-BAA1-7F59B284B3AD}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3E3091F5-B7AC-4F43-9666-AC5204D7A854}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3E94E94F-699D-4924-90ED-DD618A47F382}" = protocol=6 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{432735DE-F78E-4376-AAD4-E34FEA1B0EE6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4486319D-C3EA-4451-B6DD-8599CCB1CD71}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{588CBE22-9BD0-4822-9ED6-1463E0C5A20C}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{6600B79F-85CD-4C77-A2B6-6C5D4D5EA525}" = protocol=6 | dir=in | app=c:\program files\codemasters\of dragon rising\ofdr.exe |
"{6DF90463-F65C-419C-8D49-E8369367EF5E}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysisdedicatedserver.exe |
"{6E1AE040-035E-4EAD-8446-44B667527EEB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{7013EB41-3F33-47B0-9DEE-8E53C8D2E7AB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7D1E4B35-E789-427E-942A-E0A02078C731}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{94DD0F9B-1938-4603-94A8-D25465511DD1}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{9FC0F74A-84C0-49D4-BAC9-3743B35B8F1D}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe |
"{ABD6FDF5-E7DE-4D58-8D44-04A7C8845011}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADF1F9B9-A6D4-4B40-A356-5506FC047CA2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{AF001F71-1D44-4B9B-ACA6-0862F7E48436}" = protocol=6 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe |
"{AF0C05CC-6E01-43C8-A673-E49514C89789}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B1B3CC65-5498-40B2-B03B-6181F4963C83}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{B4C0659E-F425-4CF7-B5B8-64721AFCD9E9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B5A5F85D-88A8-477B-A898-1C6E63A03EF2}" = protocol=17 | dir=in | app=c:\program files\rockstar games\rockstar games social club\rgsclauncher.exe |
"{BAB693AF-C21F-490A-BF33-E68037EBC64F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BC1E88A1-2264-4910-9205-51B26AF6DBBF}" = protocol=6 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe |
"{BD696D6E-49C5-4C1B-BF14-8140B3334A97}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mplite.exe |
"{BEA90717-5AE1-4FE1-A17D-3EF1ECF9FDA6}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{C7CB8214-27F4-4622-804E-56DC6617A0A2}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{C83089FB-FEB1-476C-BB85-B442B926DA93}" = protocol=17 | dir=in | app=c:\program files\electronic arts\crytek\crysis\bin32\crysis.exe |
"{C8609C1C-A24B-4E5D-8360-81A2FBAC7188}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C8BDE4C5-D4EB-4DDD-905D-EE89F190B3E5}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe |
"{CB73B71E-FF7A-4FE9-9B62-7052319D755F}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CDC66E66-86A4-436F-A3EB-CC30CCFB8CFC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D4720A08-04C8-48B2-8DCD-5A6FF7E01CBA}" = protocol=17 | dir=in | app=c:\prey\prey-config.exe |
"{E90CA283-36CB-4C42-BD69-58022C754713}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB586BB7-2556-449B-B123-B5A799DBD7F3}" = protocol=17 | dir=in | app=c:\program files\activision\wolfenstein\mp\wolf2mp.exe |
"{EB852C3A-3280-4F21-98A6-881CF1FA0C8A}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EC983089-6A5B-4705-91F6-1FA4391604DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F15CF8CA-1B03-400A-9D4D-0640608D1D44}" = protocol=17 | dir=in | app=c:\program files\2k sports\nba 2k11\nba2k11.exe |
"{FA8084D5-15A6-47A7-AA61-7273FD679679}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FF9B27BE-D269-437A-89E7-107F8E4D507C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"TCP Query User{1F510DA5-2FE2-4BA3-8D0C-7473EE8928AD}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{2915FFD9-26B7-4914-8BC1-0DC79F6ECE55}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{36788F53-96FB-461B-8BD0-9AC98287A6D1}C:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe |
"TCP Query User{3A58D8B7-9C89-4281-9276-1E35ACD9905F}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{5AF444B2-B804-424C-B6B0-A8AB1F3BC54D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6A2C33DD-B00F-4335-BC34-796E96BB0D7F}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{8FB77784-BED9-46D2-9FD2-68AF05F1FE04}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{94CEC1D0-A33C-47F3-9A04-EF92EE139DEC}C:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe |
"TCP Query User{A18B0F8A-3859-442E-BF64-8D75A50F5455}C:\program files\steam\steamapps\oborski\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\oborski\day of defeat source\hl2.exe |
"TCP Query User{B816E26D-1EA0-4B09-B620-80340D31F07D}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{C1A02DC3-BE61-4BD6-859B-2F3E08ED2704}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"TCP Query User{CE5E8ED6-7F8E-4A3F-9B9A-010F7FE9F53D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{D2C9AA91-A009-484C-9C40-5D9DB532EC31}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D535B3F4-39F5-48C3-854E-675DD92ECE5B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{DC89A210-EFFF-46ED-A04C-B4F80CF6B437}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{17FF2CB1-6497-448F-86FB-0614C0F8218B}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{24B6368C-9BF6-418C-8F40-1ADEC3B895F1}C:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\oborski\counter-strike source\hl2.exe |
"UDP Query User{32CDAB5C-04B8-4DF3-8063-EFB20E3A1837}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3A1355BE-4BFF-4724-9E83-E584AAE56FE6}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{52AA1838-7189-4267-A3FA-6143442BCB4D}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{5A4A7DFC-AFAC-4BE0-97AB-B1C4F7C3698A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{605576E7-5C53-4DA4-9B73-FC0FC83A6F5D}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{748647C3-F0F7-4F4D-9E5B-B5ECE39B2CD1}C:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\gearbox software\brothers in arms - hell's highway\binaries\biahh.exe |
"UDP Query User{74AA7A06-EA22-4E53-A3B5-0E0655047F81}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{7777FCD6-33FB-4D2A-B12E-28D6793B2945}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{8145C873-0735-447B-9E14-86FC8C5FC5A2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B4C4F9EE-2227-4253-A803-86CF94857C60}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe |
"UDP Query User{BDA84288-6C4D-4EF2-B06A-C4855F954CA6}C:\program files\steam\steamapps\oborski\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\oborski\day of defeat source\hl2.exe |
"UDP Query User{BFB5D34C-E00B-4494-A411-04F57DAA53DA}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{DB2A6E3C-C824-4B12-915C-AE793BB66C48}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 24
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FD023F61-65E9-465C-B558-7C64EB2B97E6}" = Dell Handbuch zum Einstieg
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner (remove only)
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DtsFilter" = DTS+AC3 ÇÊÅÍ
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"Hauppauge WinTV 7" = Hauppauge WinTV 7
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{5D7767FA-7FE8-4627-9F09-AEF7A25F1E07}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
"KaloMa_is1" = KaloMa 4.73
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rossmann Fotoservice_is1" = Rossmann Fotoservice
"Sony Ericsson W800" = Sony Ericsson W800 Software
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"Videora iPod Converter" = Videora iPod Converter 4.08
"VLC media player" = VLC media player 1.1.5
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"YouTube Downloader App" = YouTube Downloader App 1.03
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.10.2009 14:36:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.10.2009 12:18:15 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 07.10.2009 15:12:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 08.10.2009 09:42:01 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.10.2009 01:11:25 | Computer Name =***-PC | Source = WinMgmt | ID = 10
Description =
Error - 09.10.2009 11:02:18 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.10.2009 02:32:58 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 10.10.2009 12:23:47 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2009 03:52:55 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
Error - 11.10.2009 08:10:43 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 10.11.2009 16:24:19 | Computer Name = ***-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 647
seconds with 360 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 17.02.2009 16:25:30 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 18.02.2009 02:39:46 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 18.02.2009 06:14:04 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 18.02.2009 12:21:58 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 18.02.2009 14:11:58 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 19.02.2009 04:14:44 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 19.02.2009 08:28:04 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 20.02.2009 02:25:45 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 20.02.2009 11:19:20 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
Error - 20.02.2009 20:28:31 | Computer Name = ***-PC | Source = HTTP | ID = 15016
Description =
< End of report >
Geändert von andreddy (08.03.2011 um 21:03 Uhr) Grund: habe vergessen, die logs zu posten |
|
09.03.2011, 15:23
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc...Zitat:
 Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
09.03.2011, 22:41
| #3 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... hallo!
__________________hier der vollständige suchlauf: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6004 Windows 6.0.6001 Service Pack 1 Internet Explorer 7.0.6001.18000 09.03.2011 22:37:29 mbam-log-2011-03-09 (22-37-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|) Durchsuchte Objekte: 291053 Laufzeit: 44 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) log von einem früheren suchlauf existiert nicht. |
|
10.03.2011, 12:49
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.03.2011, 17:00
| #5 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... hallo, also CCleaner habe ich ausgeführt, aber wenn ich combofix starten will, kommt ein ladebalken und wenn der voll ist krieg ich nen blauen bildschirm mit "windows has been shut down" oder so und mein rechner startet neu. |
|
10.03.2011, 17:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Lad die cofi.exe bitte neu herunter und probiers nochmal.
__________________ --> Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... |
|
11.03.2011, 09:08
| #7 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... hmm...ich bekomme immer noch den blauen bildschirm und einen neustart |
|
11.03.2011, 09:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 10:37
| #9 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... GMER Logfile: Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-11 10:20:12
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST920042 rev.3.AD
Running: 1emy3ydg.exe; Driver: C:\Users\Andre\AppData\Local\Temp\uglcrpob.sys
---- System - GMER 1.0.15 ----
INT 0x62 ? 87D2DBF8
INT 0x62 ? 87D2DBF8
INT 0x62 ? 87D2DBF8
INT 0x72 ? 87D2DBF8
INT 0x82 ? 87D2DBF8
INT 0x82 ? 87D2DBF8
INT 0x82 ? 87D2DBF8
INT 0x82 ? 87D2DBF8
INT 0xA2 ? 856E3BF8
INT 0xB2 ? 864A5BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spmi.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8C35C46F 5 Bytes JMP 87D2D1D8
.text a6zjnpz8.SYS 91151000 22 Bytes [26, E2, BC, 82, 10, E1, BC, ...]
.text a6zjnpz8.SYS 91151017 78 Bytes [00, 32, 77, 79, 80, 3D, 75, ...]
.text a6zjnpz8.SYS 91151066 32 Bytes [81, 82, C8, 4B, 86, 82, 30, ...]
.text a6zjnpz8.SYS 91151087 33 Bytes [82, 5F, B2, 84, 82, 36, 28, ...]
.text a6zjnpz8.SYS 911510A9 35 Bytes [10, 86, 82, A0, 07, 86, 82, ...]
.text ...
.reloc C:\Windows\system32\drivers\acedrv11.sys section is executable [0xA1A8A600, 0x25B0C, 0xE0000060]
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA1AB1300, 0x3AF78, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA1B1C300, 0x1BCE, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\wuauclt.exe[3048] ntdll.dll!NtProtectVirtualMemory 77218968 5 Bytes JMP 01A0000A
.text C:\Windows\system32\wuauclt.exe[3048] ntdll.dll!NtWriteVirtualMemory 772192A8 5 Bytes JMP 01A1000A
.text C:\Windows\system32\wuauclt.exe[3048] ntdll.dll!KiUserExceptionDispatcher 772199E8 5 Bytes JMP 0070000A
.text C:\Windows\Explorer.EXE[3764] ntdll.dll!NtProtectVirtualMemory 77218968 5 Bytes JMP 0084000A
.text C:\Windows\Explorer.EXE[3764] ntdll.dll!NtWriteVirtualMemory 772192A8 5 Bytes JMP 0085000A
.text C:\Windows\Explorer.EXE[3764] ntdll.dll!KiUserExceptionDispatcher 772199E8 5 Bytes JMP 0083000A
.text C:\Windows\System32\svchost.exe[4040] ntdll.dll!NtProtectVirtualMemory 77218968 5 Bytes JMP 009E000A
.text C:\Windows\System32\svchost.exe[4040] ntdll.dll!NtWriteVirtualMemory 772192A8 5 Bytes JMP 009F000A
.text C:\Windows\System32\svchost.exe[4040] ntdll.dll!KiUserExceptionDispatcher 772199E8 5 Bytes JMP 009D000A
.text C:\Windows\System32\svchost.exe[4040] ole32.dll!CoCreateInstance 76EAE188 5 Bytes JMP 00A3000A
.text C:\Windows\System32\svchost.exe[4040] USER32.dll!GetForegroundWindow 76B4E697 5 Bytes JMP 008A000A
.text C:\Windows\System32\svchost.exe[4040] USER32.dll!GetCursorPos 76B60F5E 5 Bytes JMP 0088000A
.text C:\Windows\System32\svchost.exe[4040] USER32.dll!WindowFromPoint 76B73ADE 5 Bytes JMP 0089000A
.text C:\Windows\system32\wuauclt.exe[5280] ntdll.dll!NtProtectVirtualMemory 77218968 5 Bytes JMP 000F000A
.text C:\Windows\system32\wuauclt.exe[5280] ntdll.dll!NtWriteVirtualMemory 772192A8 5 Bytes JMP 0010000A
.text C:\Windows\system32\wuauclt.exe[5280] ntdll.dll!KiUserExceptionDispatcher 772199E8 5 Bytes JMP 000C000A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068E6D2] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068E040] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068E7FC] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068E0BE] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068E13C] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8069E048] \SystemRoot\System32\Drivers\spmi.sys
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortNotification] CC000CC2
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortWritePortUchar] 83EC8B55
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortWritePortUlong] 575320EC
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 458DFF33
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 8D5750FC
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5750F845
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortReadPortUchar] 8957046A
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortStallExecution] 75E8FC7D
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortGetParentBusType] BB0001E8
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortRequestCallback] 000000EA
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 850FC33B
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0000012B
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortCompleteRequest] 0FFC7D39
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortMoveMemory] 00012284
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 458D5600
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 106A50F4
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 38335668
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortReadPortUshort] FC75FF36
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortReadPortBufferUshort] D1E85757
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortInitialize] 8B0001E7
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortGetDeviceBase] 1BDEF7F0
IAT \SystemRoot\System32\Drivers\a6zjnpz8.SYS[ataport.SYS!AtaPortDeviceStateChange] 23D6F7F6
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 864A71F8
Device \FileSystem\fastfat \FatCdrom A0F061F8
Device \Driver\volmgr \Device\VolMgrControl 856E51F8
Device \Driver\usbuhci \Device\USBPDO-0 87D571F8
Device \Driver\usbuhci \Device\USBPDO-1 87D571F8
Device \Driver\usbehci \Device\USBPDO-2 87D501F8
Device \Driver\usbuhci \Device\USBPDO-3 87D571F8
Device \Driver\usbuhci \Device\USBPDO-4 87D571F8
Device \Driver\PCI_PNP4335 \Device\00000055 spmi.sys
Device \Driver\usbuhci \Device\USBPDO-5 87D571F8
Device \Driver\usbehci \Device\USBPDO-6 87D501F8
Device \Driver\volmgr \Device\HarddiskVolume1 856E51F8
Device \Driver\volmgr \Device\HarddiskVolume2 856E51F8
Device \Driver\cdrom \Device\CdRom0 87D731F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 864A61F8
Device \Driver\iaStor \Device\Ide\iaStor0 [82F666D0] \SystemRoot\system32\drivers\iastor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 864A61F8
Device \Driver\volmgr \Device\HarddiskVolume3 856E51F8
Device \Driver\cdrom \Device\CdRom1 87D731F8
Device \Driver\volmgr \Device\HarddiskVolume4 856E51F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8ACF41F8
Device \Driver\Smb \Device\NetbiosSmb 8BC76500
Device \Driver\netbt \Device\NetBT_Tcpip_{65F80BC9-1100-430E-8EB7-496ADA4D2857} 8ACF41F8
Device \Driver\iScsiPrt \Device\RaidPort0 87F361F8
Device \Driver\usbuhci \Device\USBFDO-0 87D571F8
Device \Driver\netbt \Device\NetBT_Tcpip_{F3D79F7E-AC41-4057-8204-E94987956AF3} 8ACF41F8
Device \Driver\usbuhci \Device\USBFDO-1 87D571F8
Device \Driver\usbehci \Device\USBFDO-2 87D501F8
Device \Driver\usbuhci \Device\USBFDO-3 87D571F8
Device \Driver\usbuhci \Device\USBFDO-4 87D571F8
Device \Driver\usbuhci \Device\USBFDO-5 87D571F8
Device \Driver\netbt \Device\NetBT_Tcpip_{E5B81642-67E8-42BE-9ABA-0DC306CBC056} 8ACF41F8
Device \Driver\usbehci \Device\USBFDO-6 87D501F8
Device \Driver\a6zjnpz8 \Device\Scsi\a6zjnpz81Port3Path0Target0Lun0 87E751F8
Device \Driver\a6zjnpz8 \Device\Scsi\a6zjnpz81 87E751F8
Device \Driver\sptd \Device\448136352 spmi.sys
Device \FileSystem\fastfat \Fat A0F061F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 87E021F8
Device \Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskST9200420ASG____________________________3.ADD___#4&37fe8b4c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001fe41dd0e2 0xD9 0x3D 0x2C 0xEF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001df6cfc35b 0x31 0x59 0x8B 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@0012ee9cb0c4 0x7C 0xA6 0x7C 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001eb206a9de 0x55 0x56 0x46 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@68ebae5da02e 0x61 0x61 0x00 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0xF2 0xD5 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xDC 0x14 0x43 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0x7B 0x6C 0xF3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001fe41dd0e2 0xD9 0x3D 0x2C 0xEF ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001df6cfc35b 0x31 0x59 0x8B 0xAC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@0012ee9cb0c4 0x7C 0xA6 0x7C 0x0C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@001eb206a9de 0x55 0x56 0x46 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1df7d3c@68ebae5da02e 0x61 0x61 0x00 0x87 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x98 0xF2 0xD5 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB2 0xDC 0x14 0x43 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD2 0x7B 0x6C 0xF3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~de-DE~0.0.0.0@Pack"\0\0\0+Vþÿ\25VþÿjVþÿ\xb0\0\16\0édþÿ\0\0\16\0\1\0TC@\0\16ôÀ\0\xa0ôÀ\0\xa0ô@\0\16ôà\x201d 2
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\WUClient-SelfUpdate-Aux-AuxComp~31bf3856ad364e35~x86~~7.2.6001.788@+Vþÿ\25VþÿjVþÿ 7
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
_______________________________________________________________ OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:33:48 on 11.03.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Mozilla Corporation Firefox 3.6.15 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [Control Panel Objects] -----( %SystemRoot%\system32 )----- "iPROSet.cpl" - "Intel Corporation" - C:\Windows\system32\iPROSet.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "PROSet Tools" - "Intel Corporation" - C:\Windows\System32\iPROSet.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "a6zjnpz8" (a6zjnpz8) - "Microsoft Corporation" - C:\Windows\system32\drivers\a6zjnpz8.sys (Hidden registry entry, rootkit activity | File signed by Microsoft) "acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys "Apple Mobile USB Driver" (USBAAPL) - "Apple, Inc." - C:\Windows\System32\Drivers\usbaapl.sys "atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information) "avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information) "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "Sony Ericsson Device 217 driver (WDM)" (s217bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217bus.sys "Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS)" (s217nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217nd5.sys "Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM)" (s217unic) - "MCCI" - C:\Windows\System32\DRIVERS\s217unic.sys "Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM)" (s217mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217mgmt.sys "Sony Ericsson Device 217 USB WMC Modem Driver" (s217mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217mdm.sys "Sony Ericsson Device 217 USB WMC Modem Filter" (s217mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217mdfl.sys "Sony Ericsson Device 217 USB WMC OBEX Interface" (s217obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s217obex.sys "sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys (File is exclusively opened, access blocked) "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys "uglcrpob" (uglcrpob) - ? - C:\Users\Andre\AppData\Local\Temp\uglcrpob.sys (Hidden registry entry, rootkit activity | File not found) [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {B1759355-3EEC-4C1E-B0F1-B719FE26E377} "Google Dictionary Compression filter" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {055EF591-5C38-49a0-9BDA-51B1D69D0BF4} "@C:\Program Files\Protector Suite QL\farchns.dll,-4263" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {00020d75-0000-0000-c000-000000000046} "lnkfile" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {9AFDE8D6-200C-4b41-A5FC-B7251DFD1A8E} "Safearchive ContextMenu Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {E6D7D89A-2232-446d-8A0F-D0F9B06DB1CA} "Safearchive ExtractIcon Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {66C99756-1C92-4d3e-BA69-9400A6F731F5} "Safearchive PropertySheetHandler Class" - "UPEK Inc." - C:\Program Files\Protector Suite QL\farchns.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.6.0_05" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab3.dll / hxxp://www.srtest.com/srl_bin/sysreqlab3.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll "ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll {CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - ? - psqlpwd (File not found) "Notification packages" - "UPEK Inc." - C:\Program Files\Protector Suite QL\psqlpwd.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Andre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "NETGEAR WG111v3 Smart Wizard.lnk" - ? - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe (Shortcut exists | File exists) "QuickSet.lnk" - "Dell Inc." - C:\Program Files\Dell\QuickSet\quickset.exe (Shortcut exists | File exists) "AutoStart IR.lnk" - "Hauppauge Computer Works" - C:\Program Files\WinTV\Ir.exe (Shortcut exists | File exists) "BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) "WinTV Recording Status..lnk" - "Hauppauge Computer Works, Inc." - C:\Program Files\WinTV\WinTV7\WinTVTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "DELL Webcam Manager" - "Creative Technology Ltd." - "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s "dscactivate" - " " - "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" "ECenter" - " " - C:\Dell\E-Center\EULALauncher.exe "Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup "IAAnotif" - "Intel Corporation" - "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "NVHotkey" - "NVIDIA Corporation" - rundll32.exe C:\Windows\system32\nvHotkey.dll,Start "PCMService" - "CyberLink Corp." - "C:\Program Files\Dell\MediaDirect\PCMService.exe" "PSQLLauncher" - "UPEK Inc." - "C:\Program Files\Protector Suite QL\launcher.exe" /startup "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe "HauppaugeTVServer" (HauppaugeTVServer) - "Hauppauge Computer Works" - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE "Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe "stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "GinaDLL" - ? - vrlogon.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll "psfus" - "UPEK Inc." - C:\Program Files\Protector Suite QL\psqlpwd.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru ___________________________________________________ MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows Vista Home Premium Edition Windows Information: Service Pack 1 (build 6001), 32-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: XPS M1530 Logical Drives Mask: 0x0000005c Kernel Drivers (total 172): 0x8280E000 \SystemRoot\system32\ntkrnlpa.exe 0x82BC7000 \SystemRoot\system32\hal.dll 0x87DF9000 \SystemRoot\system32\kdcom.dll 0x80412000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x80472000 \SystemRoot\system32\PSHED.dll 0x80483000 \SystemRoot\system32\BOOTVID.dll 0x8048B000 \SystemRoot\system32\CLFS.SYS 0x804CC000 \SystemRoot\system32\CI.dll 0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys 0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x8068C000 \SystemRoot\System32\Drivers\spmi.sys 0x8078C000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x80795000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x805AC000 \SystemRoot\system32\drivers\acpi.sys 0x807BB000 \SystemRoot\system32\drivers\msisadrv.sys 0x807C3000 \SystemRoot\system32\drivers\pci.sys 0x807EA000 \SystemRoot\System32\drivers\partmgr.sys 0x807F9000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x805F2000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x80400000 \SystemRoot\system32\drivers\volmgr.sys 0x82E0B000 \SystemRoot\System32\drivers\volmgrx.sys 0x82E55000 \SystemRoot\system32\DRIVERS\intelide.sys 0x82E5C000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x82E6A000 \SystemRoot\system32\drivers\pciide.sys 0x82E71000 \SystemRoot\System32\drivers\mountmgr.sys 0x82E81000 \SystemRoot\system32\drivers\iastorv.sys 0x82F22000 \SystemRoot\system32\drivers\iastor.sys 0x82FE9000 \SystemRoot\system32\drivers\atapi.sys 0x83005000 \SystemRoot\system32\drivers\ataport.SYS 0x83023000 \SystemRoot\system32\drivers\fltmgr.sys 0x83055000 \SystemRoot\system32\drivers\fileinfo.sys 0x83065000 \SystemRoot\System32\Drivers\PxHelp20.sys 0x8306E000 \SystemRoot\System32\Drivers\ksecdd.sys 0x830DF000 \SystemRoot\system32\drivers\ndis.sys 0x83207000 \SystemRoot\system32\drivers\msrpc.sys 0x83232000 \SystemRoot\system32\drivers\NETIO.SYS 0x8326C000 \SystemRoot\System32\Drivers\Ntfs.sys 0x8337B000 \SystemRoot\system32\drivers\volsnap.sys 0x833B4000 \SystemRoot\System32\Drivers\spldr.sys 0x833BC000 \SystemRoot\System32\Drivers\mup.sys 0x833CB000 \SystemRoot\System32\drivers\ecache.sys 0x831EA000 \SystemRoot\system32\drivers\disk.sys 0x8C20B000 \SystemRoot\system32\drivers\CLASSPNP.SYS 0x8C22C000 \SystemRoot\system32\drivers\crcdisk.sys 0x8C309000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x8C314000 \SystemRoot\system32\DRIVERS\tunmp.sys 0x8C31D000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x8FE04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x90912000 \SystemRoot\system32\DRIVERS\nvBridge.kmd 0x90914000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x909B3000 \SystemRoot\System32\drivers\watchdog.sys 0x909C0000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x8C32C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x909CB000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x909DA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x8C36A000 \SystemRoot\system32\DRIVERS\yk60x86.sys 0x90E02000 \SystemRoot\system32\DRIVERS\NETw4v32.sys 0x91031000 \SystemRoot\system32\DRIVERS\ohci1394.sys 0x91041000 \SystemRoot\system32\DRIVERS\1394BUS.SYS 0x9104F000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x91069000 \SystemRoot\system32\DRIVERS\rimmptsk.sys 0x91078000 \SystemRoot\system32\DRIVERS\rimsptsk.sys 0x9108C000 \SystemRoot\system32\DRIVERS\rixdptsk.sys 0x910DD000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x910F0000 \SystemRoot\system32\DRIVERS\Apfiltr.sys 0x9111C000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x91127000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x91132000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x9114A000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0x91150000 \SystemRoot\System32\Drivers\a6zjnpz8.SYS 0x91186000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x9118A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x91193000 \SystemRoot\system32\DRIVERS\msiscsi.sys 0x8C3B6000 \SystemRoot\system32\DRIVERS\storport.sys 0x911C1000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x911CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x911E3000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x91206000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x91229000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x91238000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x9124C000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x91261000 \SystemRoot\system32\DRIVERS\termdd.sys 0x91271000 \SystemRoot\system32\DRIVERS\swenum.sys 0x91273000 \SystemRoot\system32\DRIVERS\ks.sys 0x9129D000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x912A7000 \SystemRoot\system32\DRIVERS\umbus.sys 0x912B4000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x912E8000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x912F9000 \SystemRoot\system32\drivers\stwrt.sys 0x9134E000 \SystemRoot\system32\drivers\portcls.sys 0x9137B000 \SystemRoot\system32\drivers\drmk.sys 0x913A0000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x913B7000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x913B9000 \SystemRoot\system32\DRIVERS\OEM02Dev.sys 0x913F3000 \SystemRoot\system32\DRIVERS\OEM02Vfx.sys 0x913F5000 \SystemRoot\System32\Drivers\tcusb.sys 0x911EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0x911F7000 \SystemRoot\System32\Drivers\Null.SYS 0x909EC000 \SystemRoot\System32\Drivers\Beep.SYS 0x8C3F7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x909F3000 \SystemRoot\System32\drivers\vga.sys 0x92204000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x92225000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x9222D000 \SystemRoot\system32\drivers\rdpencdd.sys 0x92235000 \SystemRoot\System32\Drivers\Msfs.SYS 0x92240000 \SystemRoot\System32\Drivers\Npfs.SYS 0x9224E000 \SystemRoot\System32\DRIVERS\rasacd.sys 0x92257000 \SystemRoot\System32\drivers\tcpip.sys 0x92340000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x9235B000 \SystemRoot\system32\DRIVERS\tdx.sys 0x92371000 \SystemRoot\system32\DRIVERS\smb.sys 0x92385000 \SystemRoot\system32\drivers\afd.sys 0x923CD000 \SystemRoot\System32\DRIVERS\netbt.sys 0x92606000 \SystemRoot\system32\DRIVERS\pacer.sys 0x9261C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9262A000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x9263D000 \SystemRoot\system32\DRIVERS\ssmdrv.sys 0x92643000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9267F000 \SystemRoot\system32\drivers\nsiproxy.sys 0x92689000 \SystemRoot\System32\Drivers\dfsc.sys 0x926A0000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x926C6000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys 0x926C8000 \SystemRoot\system32\DRIVERS\cdfs.sys 0x926DE000 \SystemRoot\System32\Drivers\crashdmp.sys 0x926EB000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x99C30000 \SystemRoot\System32\win32k.sys 0x927B2000 \SystemRoot\System32\drivers\Dxapi.sys 0x927BC000 \SystemRoot\system32\DRIVERS\monitor.sys 0x99E50000 \SystemRoot\System32\TSDDD.dll 0x99E70000 \SystemRoot\System32\cdd.dll 0x927CB000 \SystemRoot\system32\drivers\luafv.sys 0x927E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x8C235000 \SystemRoot\system32\drivers\spsys.sys 0x8C2E4000 \SystemRoot\system32\DRIVERS\lltdio.sys 0xA0808000 \SystemRoot\system32\DRIVERS\nwifi.sys 0xA0832000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xA083C000 \SystemRoot\system32\DRIVERS\rspndr.sys 0xA084F000 \SystemRoot\system32\drivers\HTTP.sys 0xA08BA000 \SystemRoot\System32\DRIVERS\srvnet.sys 0xA08D7000 \SystemRoot\system32\DRIVERS\bowser.sys 0xA08F0000 \SystemRoot\System32\drivers\mpsdrv.sys 0xA0905000 \SystemRoot\system32\drivers\mrxdav.sys 0xA0925000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xA0944000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0xA097D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0xA0995000 \SystemRoot\System32\DRIVERS\srv2.sys 0xA1A0A000 \SystemRoot\System32\DRIVERS\srv.sys 0xA1A6E000 \??\C:\Windows\system32\drivers\acedrv11.sys 0xA1AB1000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xA1AF4000 \SystemRoot\System32\Drivers\fastfat.SYS 0xA1B1C000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xA1B21000 \SystemRoot\system32\drivers\peauth.sys 0xA1A00000 \SystemRoot\System32\Drivers\secdrv.SYS 0xA1A56000 \SystemRoot\System32\drivers\tcpipreg.sys 0xABF53000 \??\C:\Users\Andre\AppData\Local\Temp\uglcrpob.sys 0xABF6B000 \SystemRoot\System32\Drivers\BTHUSB.sys 0xABF77000 \SystemRoot\System32\Drivers\bthport.sys 0xABFB1000 \SystemRoot\system32\DRIVERS\rfcomm.sys 0xABFC2000 \SystemRoot\system32\DRIVERS\BthEnum.sys 0xABFCC000 \SystemRoot\system32\DRIVERS\bthpan.sys 0xABFE6000 \SystemRoot\system32\DRIVERS\bthmodem.sys 0xABE00000 \SystemRoot\system32\drivers\modem.sys 0xABE0D000 \SystemRoot\system32\drivers\btwavdt.sys 0xABE73000 \SystemRoot\system32\DRIVERS\hidbth.sys 0xABE7F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xABE8F000 \SystemRoot\system32\drivers\btwaudio.sys 0xABF0A000 \SystemRoot\system32\DRIVERS\btwrchid.sys 0xABF0D000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xABF16000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xABF1E000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x771C0000 \Windows\System32\ntdll.dll 0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll Processes (total 83): 0 System Idle Process 4 System 432 C:\Windows\System32\smss.exe 500 csrss.exe 552 C:\Windows\System32\wininit.exe 560 csrss.exe 600 C:\Windows\System32\services.exe 628 C:\Windows\System32\lsass.exe 636 C:\Windows\System32\lsm.exe 796 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\nvvsvc.exe 888 C:\Windows\System32\winlogon.exe 944 C:\Windows\System32\svchost.exe 1000 C:\Windows\System32\svchost.exe 1080 C:\Windows\System32\svchost.exe 1128 C:\Windows\System32\svchost.exe 1272 C:\Windows\System32\audiodg.exe 1356 C:\Windows\System32\svchost.exe 1428 C:\Windows\System32\SLsvc.exe 1472 C:\Windows\System32\nvvsvc.exe 1492 C:\Program Files\Protector Suite QL\upeksvr.exe 1520 C:\Windows\System32\svchost.exe 1980 C:\Windows\System32\svchost.exe 476 C:\Windows\System32\wlanext.exe 804 C:\Windows\System32\spoolsv.exe 1140 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1244 C:\Windows\System32\svchost.exe 1744 C:\Windows\System32\AEstSrv.exe 1832 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1852 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1872 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe 1888 C:\Program Files\Bonjour\mDNSResponder.exe 920 C:\Windows\System32\svchost.exe 612 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe 2056 C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE 2124 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2220 C:\Windows\System32\PnkBstrA.exe 2252 C:\Windows\System32\svchost.exe 2284 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe 2320 C:\Windows\System32\stacsv.exe 2484 C:\Windows\System32\svchost.exe 2572 C:\Windows\System32\svchost.exe 2616 C:\Windows\System32\SearchIndexer.exe 3604 C:\Windows\System32\dwm.exe 3764 C:\Windows\explorer.exe 4084 C:\Program Files\Windows Defender\MSASCui.exe 2228 C:\Program Files\DellTPad\Apoint.exe 2300 C:\Windows\OEM02Mon.exe 2388 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe 2548 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 1232 C:\Program Files\Dell\MediaDirect\PCMService.exe 2232 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 824 C:\Program Files\Common Files\Java\Java Update\jusched.exe 2440 C:\Program Files\iTunes\iTunesHelper.exe 2804 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3132 C:\Windows\ehome\ehtray.exe 3192 C:\Program Files\Windows Media Player\wmpnscfg.exe 1816 C:\Program Files\DellTPad\ApMsgFwd.exe 3232 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe 1764 C:\Program Files\NETGEAR\WG111v3\WG111v3.exe 3436 C:\Program Files\Dell\QuickSet\quickset.exe 3420 C:\Program Files\WinTV\WinTV7\WinTVTray.exe 1392 C:\Program Files\DellTPad\hidfind.exe 3684 C:\Windows\ehome\ehmsas.exe 3888 C:\Program Files\Protector Suite QL\psqltray.exe 1220 C:\Program Files\DellTPad\ApntEx.exe 1608 C:\Program Files\Windows Media Player\wmpnetwk.exe 832 C:\Windows\System32\wbem\unsecapp.exe 4324 C:\Program Files\iPod\bin\iPodService.exe 4684 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe 3048 C:\Windows\System32\wuauclt.exe 4040 C:\Windows\System32\svchost.exe 1416 C:\Windows\System32\taskeng.exe 4020 C:\Windows\System32\taskeng.exe 5280 C:\Windows\System32\wuauclt.exe 4820 C:\Program Files\Mozilla Firefox\firefox.exe 732 C:\Windows\System32\SearchProtocolHost.exe 5188 C:\Windows\System32\SearchFilterHost.exe 5348 C:\Windows\explorer.exe 5760 dllhost.exe 6068 dllhost.exe 4524 C:\Users\Andre\Downloads\MBRCheck.exe 5644 C:\Windows\System32\conime.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`87e00000 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`07e00000 (NTFS) PhysicalDrive0 Model Number: ST9200420ASG, Rev: 3.ADD Size Device Name MBR Status -------------------------------------------- 186 GB \\.\PhysicalDrive0 Windows Vista MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
11.03.2011, 10:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Bitte führe mal dieses Tool von Kaspersky aus => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 11:09
| #11 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... 2011/03/11 11:02:14.0080 3628 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/03/11 11:02:14.0392 3628 ================================================================================ 2011/03/11 11:02:14.0392 3628 SystemInfo: 2011/03/11 11:02:14.0392 3628 2011/03/11 11:02:14.0392 3628 OS Version: 6.0.6001 ServicePack: 1.0 2011/03/11 11:02:14.0392 3628 Product type: Workstation 2011/03/11 11:02:14.0392 3628 ComputerName: ANDRE-PC 2011/03/11 11:02:14.0392 3628 UserName: Andre 2011/03/11 11:02:14.0392 3628 Windows directory: C:\Windows 2011/03/11 11:02:14.0392 3628 System windows directory: C:\Windows 2011/03/11 11:02:14.0392 3628 Processor architecture: Intel x86 2011/03/11 11:02:14.0392 3628 Number of processors: 2 2011/03/11 11:02:14.0392 3628 Page size: 0x1000 2011/03/11 11:02:14.0392 3628 Boot type: Normal boot 2011/03/11 11:02:14.0392 3628 ================================================================================ 2011/03/11 11:02:14.0922 3628 Initialize success 2011/03/11 11:02:18.0557 1668 ================================================================================ 2011/03/11 11:02:18.0557 1668 Scan started 2011/03/11 11:02:18.0557 1668 Mode: Manual; 2011/03/11 11:02:18.0557 1668 ================================================================================ 2011/03/11 11:02:19.0150 1668 acedrv11 (27f954120babb8a00f8745d8f5bc9b82) C:\Windows\system32\drivers\acedrv11.sys 2011/03/11 11:02:19.0228 1668 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys 2011/03/11 11:02:19.0275 1668 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 2011/03/11 11:02:19.0321 1668 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 2011/03/11 11:02:19.0353 1668 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 2011/03/11 11:02:19.0399 1668 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 2011/03/11 11:02:19.0462 1668 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys 2011/03/11 11:02:19.0509 1668 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 2011/03/11 11:02:19.0540 1668 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/03/11 11:02:19.0571 1668 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 2011/03/11 11:02:19.0602 1668 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 2011/03/11 11:02:19.0633 1668 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 2011/03/11 11:02:19.0665 1668 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 2011/03/11 11:02:19.0696 1668 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 2011/03/11 11:02:19.0774 1668 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/03/11 11:02:19.0821 1668 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 2011/03/11 11:02:19.0867 1668 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 2011/03/11 11:02:19.0945 1668 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/03/11 11:02:19.0977 1668 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys 2011/03/11 11:02:20.0039 1668 atksgt (e46d344412d1abc60c58e95c73bcdc70) C:\Windows\system32\DRIVERS\atksgt.sys 2011/03/11 11:02:20.0148 1668 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2011/03/11 11:02:20.0195 1668 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys 2011/03/11 11:02:20.0226 1668 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys 2011/03/11 11:02:20.0304 1668 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/03/11 11:02:20.0351 1668 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 2011/03/11 11:02:20.0398 1668 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys 2011/03/11 11:02:20.0445 1668 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/03/11 11:02:20.0476 1668 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/03/11 11:02:20.0507 1668 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/03/11 11:02:20.0554 1668 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/03/11 11:02:20.0585 1668 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/03/11 11:02:20.0616 1668 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/03/11 11:02:20.0679 1668 BthEnum (e5145a9dec2a863de262d40eff7d793a) C:\Windows\system32\DRIVERS\BthEnum.sys 2011/03/11 11:02:20.0725 1668 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys 2011/03/11 11:02:20.0772 1668 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys 2011/03/11 11:02:20.0788 1668 BTHPORT (9f299c5274672900591e7c616d725f56) C:\Windows\system32\Drivers\BTHport.sys 2011/03/11 11:02:20.0835 1668 BTHUSB (31c9453df130b4b89eafcdc97319ccc2) C:\Windows\system32\Drivers\BTHUSB.sys 2011/03/11 11:02:20.0897 1668 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys 2011/03/11 11:02:20.0944 1668 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys 2011/03/11 11:02:20.0991 1668 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys 2011/03/11 11:02:21.0053 1668 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/03/11 11:02:21.0100 1668 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys 2011/03/11 11:02:21.0131 1668 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 2011/03/11 11:02:21.0178 1668 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys 2011/03/11 11:02:21.0240 1668 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/03/11 11:02:21.0271 1668 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 2011/03/11 11:02:21.0287 1668 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/03/11 11:02:21.0318 1668 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 2011/03/11 11:02:21.0349 1668 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 2011/03/11 11:02:21.0381 1668 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys 2011/03/11 11:02:21.0459 1668 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys 2011/03/11 11:02:21.0537 1668 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/03/11 11:02:21.0599 1668 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys 2011/03/11 11:02:21.0677 1668 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys 2011/03/11 11:02:21.0708 1668 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/03/11 11:02:21.0771 1668 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys 2011/03/11 11:02:21.0849 1668 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 2011/03/11 11:02:21.0895 1668 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 2011/03/11 11:02:21.0989 1668 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys 2011/03/11 11:02:22.0005 1668 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys 2011/03/11 11:02:22.0051 1668 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 2011/03/11 11:02:22.0098 1668 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/03/11 11:02:22.0145 1668 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/03/11 11:02:22.0223 1668 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/03/11 11:02:22.0254 1668 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys 2011/03/11 11:02:22.0301 1668 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/03/11 11:02:22.0363 1668 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 2011/03/11 11:02:22.0504 1668 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/03/11 11:02:22.0660 1668 hcw95bda (a9157afe4b6f32dcce9bd18fecd53a0d) C:\Windows\system32\Drivers\hcw95bda.sys 2011/03/11 11:02:22.0800 1668 hcw95rc (eb77f3c96c62e65cc25f04220b9a204a) C:\Windows\system32\DRIVERS\hcw95rc.sys 2011/03/11 11:02:22.0925 1668 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/03/11 11:02:23.0019 1668 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/03/11 11:02:23.0143 1668 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\DRIVERS\hidbth.sys 2011/03/11 11:02:23.0159 1668 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/03/11 11:02:23.0221 1668 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys 2011/03/11 11:02:23.0346 1668 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 2011/03/11 11:02:23.0565 1668 HTTP (406c027c18e98a396faa1963dad5ff70) C:\Windows\system32\drivers\HTTP.sys 2011/03/11 11:02:23.0643 1668 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 2011/03/11 11:02:23.0705 1668 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/03/11 11:02:23.0767 1668 iaNvStor (92b37e0a61cd710a0c66dc3567a8bf3c) C:\Windows\system32\drivers\ianvstor.sys 2011/03/11 11:02:23.0986 1668 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys 2011/03/11 11:02:24.0126 1668 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 2011/03/11 11:02:24.0157 1668 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/03/11 11:02:24.0251 1668 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 2011/03/11 11:02:24.0376 1668 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/03/11 11:02:24.0438 1668 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/03/11 11:02:24.0641 1668 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 2011/03/11 11:02:24.0672 1668 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/03/11 11:02:24.0719 1668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/03/11 11:02:24.0750 1668 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 2011/03/11 11:02:24.0797 1668 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/03/11 11:02:24.0813 1668 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/03/11 11:02:24.0875 1668 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/03/11 11:02:24.0937 1668 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/03/11 11:02:24.0984 1668 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys 2011/03/11 11:02:25.0125 1668 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys 2011/03/11 11:02:25.0203 1668 lirsgt (8ccf9ed46d52af1375875f74a91ffacf) C:\Windows\system32\DRIVERS\lirsgt.sys 2011/03/11 11:02:25.0234 1668 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/03/11 11:02:25.0296 1668 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 2011/03/11 11:02:25.0374 1668 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 2011/03/11 11:02:25.0421 1668 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 2011/03/11 11:02:25.0483 1668 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/03/11 11:02:25.0546 1668 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 2011/03/11 11:02:25.0608 1668 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 2011/03/11 11:02:25.0702 1668 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/03/11 11:02:25.0733 1668 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/03/11 11:02:25.0795 1668 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/03/11 11:02:25.0827 1668 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/03/11 11:02:25.0951 1668 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/03/11 11:02:26.0045 1668 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 2011/03/11 11:02:26.0076 1668 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/03/11 11:02:26.0170 1668 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/03/11 11:02:26.0201 1668 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys 2011/03/11 11:02:26.0263 1668 mrxsmb (c4ad205530888404e2b5fc8d9319b119) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/03/11 11:02:26.0326 1668 mrxsmb10 (0a986b34f1678a2697574d7b1664e2dd) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/03/11 11:02:26.0341 1668 mrxsmb20 (3268b8c3fa92bfc086355c39b45e9cc9) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/03/11 11:02:26.0435 1668 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 2011/03/11 11:02:26.0466 1668 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 2011/03/11 11:02:26.0544 1668 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/03/11 11:02:26.0607 1668 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/03/11 11:02:26.0700 1668 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/03/11 11:02:26.0731 1668 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/03/11 11:02:26.0825 1668 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/03/11 11:02:26.0841 1668 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys 2011/03/11 11:02:26.0887 1668 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/03/11 11:02:26.0934 1668 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/03/11 11:02:26.0965 1668 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys 2011/03/11 11:02:27.0059 1668 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys 2011/03/11 11:02:27.0121 1668 NDIS (c8560010a542b5dca94c62468dc20784) C:\Windows\system32\drivers\ndis.sys 2011/03/11 11:02:27.0184 1668 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\Windows\system32\DRIVERS\NetMotCM.sys 2011/03/11 11:02:27.0215 1668 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/03/11 11:02:27.0231 1668 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/03/11 11:02:27.0293 1668 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/03/11 11:02:27.0355 1668 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/03/11 11:02:27.0418 1668 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/03/11 11:02:27.0449 1668 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys 2011/03/11 11:02:27.0699 1668 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys 2011/03/11 11:02:27.0761 1668 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/03/11 11:02:27.0886 1668 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys 2011/03/11 11:02:27.0964 1668 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/03/11 11:02:28.0011 1668 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys 2011/03/11 11:02:28.0073 1668 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/03/11 11:02:28.0104 1668 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/03/11 11:02:28.0853 1668 nvlddmkm (747ab0334b95e5cf91b7cf63f9005530) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/03/11 11:02:29.0118 1668 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 2011/03/11 11:02:29.0212 1668 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 2011/03/11 11:02:29.0259 1668 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 2011/03/11 11:02:29.0430 1668 OEM02Dev (19cac780b858822055f46c58a111723c) C:\Windows\system32\DRIVERS\OEM02Dev.sys 2011/03/11 11:02:29.0493 1668 OEM02Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\OEM02Vfx.sys 2011/03/11 11:02:29.0539 1668 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/03/11 11:02:29.0586 1668 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/03/11 11:02:29.0649 1668 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys 2011/03/11 11:02:29.0742 1668 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/03/11 11:02:29.0789 1668 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys 2011/03/11 11:02:29.0820 1668 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys 2011/03/11 11:02:29.0898 1668 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/03/11 11:02:29.0961 1668 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/03/11 11:02:30.0101 1668 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/03/11 11:02:30.0132 1668 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 2011/03/11 11:02:30.0210 1668 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys 2011/03/11 11:02:30.0288 1668 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys 2011/03/11 11:02:30.0429 1668 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 2011/03/11 11:02:30.0507 1668 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/03/11 11:02:30.0553 1668 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/03/11 11:02:30.0834 1668 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys 2011/03/11 11:02:30.0928 1668 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/03/11 11:02:30.0990 1668 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/03/11 11:02:31.0053 1668 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/03/11 11:02:31.0084 1668 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys 2011/03/11 11:02:31.0146 1668 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys 2011/03/11 11:02:31.0177 1668 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/03/11 11:02:31.0255 1668 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 2011/03/11 11:02:31.0271 1668 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/03/11 11:02:31.0333 1668 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys 2011/03/11 11:02:31.0443 1668 RFCOMM (34cc78c06587718c2ad6d3aa83b1f072) C:\Windows\system32\DRIVERS\rfcomm.sys 2011/03/11 11:02:31.0489 1668 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 2011/03/11 11:02:31.0552 1668 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 2011/03/11 11:02:31.0583 1668 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 2011/03/11 11:02:31.0630 1668 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/03/11 11:02:31.0708 1668 RTL8187B (872c4e777bedcd7f99dc09016b5e6f39) C:\Windows\system32\DRIVERS\wg111v3.sys 2011/03/11 11:02:31.0755 1668 s217bus (0266151de3f36429f6ac3c4b28085061) C:\Windows\system32\DRIVERS\s217bus.sys 2011/03/11 11:02:31.0786 1668 s217mdfl (a43c0af0e46be7ef0c7e8ccf0f058600) C:\Windows\system32\DRIVERS\s217mdfl.sys 2011/03/11 11:02:31.0848 1668 s217mdm (005f5ded1ed8f8a9d2399d765ead20f1) C:\Windows\system32\DRIVERS\s217mdm.sys 2011/03/11 11:02:31.0911 1668 s217mgmt (de9562ad0c91e1857d11f65a91ee1a47) C:\Windows\system32\DRIVERS\s217mgmt.sys 2011/03/11 11:02:31.0942 1668 s217nd5 (11cc5d7f992799e7e75d018e9c018563) C:\Windows\system32\DRIVERS\s217nd5.sys 2011/03/11 11:02:31.0973 1668 s217obex (0f9f4045799afb66b85eef999d0609ec) C:\Windows\system32\DRIVERS\s217obex.sys 2011/03/11 11:02:32.0020 1668 s217unic (1c91e1023f07b6407d84b5a43537d984) C:\Windows\system32\DRIVERS\s217unic.sys 2011/03/11 11:02:32.0082 1668 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/03/11 11:02:32.0145 1668 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 2011/03/11 11:02:32.0176 1668 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/03/11 11:02:32.0223 1668 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/03/11 11:02:32.0254 1668 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/03/11 11:02:32.0301 1668 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/03/11 11:02:32.0347 1668 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 2011/03/11 11:02:32.0363 1668 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 2011/03/11 11:02:32.0410 1668 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\DRIVERS\sffp_sd.sys 2011/03/11 11:02:32.0441 1668 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/03/11 11:02:32.0472 1668 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 2011/03/11 11:02:32.0503 1668 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 2011/03/11 11:02:32.0550 1668 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 2011/03/11 11:02:32.0597 1668 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys 2011/03/11 11:02:32.0628 1668 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/03/11 11:02:32.0706 1668 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys 2011/03/11 11:02:32.0706 1668 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b 2011/03/11 11:02:32.0706 1668 sptd - detected Locked file (1) 2011/03/11 11:02:32.0753 1668 srv (73dddbeec61e78568082916a27aadaee) C:\Windows\system32\DRIVERS\srv.sys 2011/03/11 11:02:32.0815 1668 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys 2011/03/11 11:02:32.0862 1668 srvnet (f63a0a58aafe34d7a1a0a74abccdd9c0) C:\Windows\system32\DRIVERS\srvnet.sys 2011/03/11 11:02:32.0925 1668 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2011/03/11 11:02:33.0003 1668 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys 2011/03/11 11:02:33.0034 1668 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/03/11 11:02:33.0081 1668 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/03/11 11:02:33.0112 1668 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/03/11 11:02:33.0143 1668 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/03/11 11:02:33.0221 1668 Tcpip (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\drivers\tcpip.sys 2011/03/11 11:02:33.0283 1668 Tcpip6 (8a7ad2a214233f684242f289ed83ebc3) C:\Windows\system32\DRIVERS\tcpip.sys 2011/03/11 11:02:33.0315 1668 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys 2011/03/11 11:02:33.0377 1668 TcUsb (d623a84feaf092ab2fcfbf68d194a3df) C:\Windows\system32\Drivers\tcusb.sys 2011/03/11 11:02:33.0424 1668 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/03/11 11:02:33.0439 1668 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/03/11 11:02:33.0471 1668 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys 2011/03/11 11:02:33.0502 1668 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys 2011/03/11 11:02:33.0564 1668 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/03/11 11:02:33.0611 1668 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/03/11 11:02:33.0627 1668 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys 2011/03/11 11:02:33.0658 1668 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 2011/03/11 11:02:33.0705 1668 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys 2011/03/11 11:02:33.0767 1668 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 2011/03/11 11:02:33.0798 1668 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 2011/03/11 11:02:33.0845 1668 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/03/11 11:02:33.0876 1668 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/03/11 11:02:33.0923 1668 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/03/11 11:02:33.0985 1668 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 2011/03/11 11:02:34.0032 1668 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys 2011/03/11 11:02:34.0063 1668 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/03/11 11:02:34.0095 1668 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/03/11 11:02:34.0141 1668 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys 2011/03/11 11:02:34.0173 1668 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys 2011/03/11 11:02:34.0219 1668 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys 2011/03/11 11:02:34.0251 1668 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/03/11 11:02:34.0297 1668 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/03/11 11:02:34.0329 1668 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/03/11 11:02:34.0360 1668 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/03/11 11:02:34.0422 1668 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/03/11 11:02:34.0453 1668 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/03/11 11:02:34.0485 1668 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 2011/03/11 11:02:34.0516 1668 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 2011/03/11 11:02:34.0563 1668 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 2011/03/11 11:02:34.0594 1668 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/03/11 11:02:34.0625 1668 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys 2011/03/11 11:02:34.0656 1668 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys 2011/03/11 11:02:34.0703 1668 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 2011/03/11 11:02:34.0797 1668 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS 2011/03/11 11:02:34.0906 1668 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2011/03/11 11:02:34.0968 1668 w800bus (b8c182df79ac8938311ac8e193d52762) C:\Windows\system32\DRIVERS\w800bus.sys 2011/03/11 11:02:34.0999 1668 w800mdfl (3af69f28c17e1e03bb894f00d905add8) C:\Windows\system32\DRIVERS\w800mdfl.sys 2011/03/11 11:02:35.0031 1668 w800mdm (0d12afd1e1c95226b4268c1777625d05) C:\Windows\system32\DRIVERS\w800mdm.sys 2011/03/11 11:02:35.0062 1668 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/03/11 11:02:35.0093 1668 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/11 11:02:35.0124 1668 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/03/11 11:02:35.0171 1668 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 2011/03/11 11:02:35.0218 1668 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/03/11 11:02:35.0311 1668 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2011/03/11 11:02:35.0389 1668 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/03/11 11:02:35.0467 1668 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys 2011/03/11 11:02:35.0514 1668 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/03/11 11:02:35.0577 1668 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/03/11 11:02:35.0686 1668 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys 2011/03/11 11:02:35.0748 1668 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/03/11 11:02:35.0764 1668 ================================================================================ 2011/03/11 11:02:35.0764 1668 Scan finished 2011/03/11 11:02:35.0764 1668 ================================================================================ 2011/03/11 11:02:35.0779 4912 Detected object count: 2 2011/03/11 11:02:49.0242 4912 Locked file(sptd) - User select action: Skip 2011/03/11 11:02:49.0320 4912 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/03/11 11:02:49.0320 4912 \HardDisk0 - ok 2011/03/11 11:02:49.0320 4912 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2011/03/11 11:02:58.0087 4360 Deinitialize success |
|
11.03.2011, 11:24
| #12 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... zehn zeichen Geändert von andreddy (11.03.2011 um 11:26 Uhr) Grund: doppelpost |
|
11.03.2011, 11:31
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Oh interessant! Auf MBRCheck ist also auch kein echter Verlass mehr. Der hat einen Vista MBR gefunden, also alles ok, dennoch war ein Rootkit am Werkeln!! Schau mal ob die Symptome mit Windowsupdate und Google weg sind. Wenn ja, mach einen Vollscan mit SUPERAntiSpyware und Malwarebytes zur Kontrolle. Beide Tools vor dem Scan updaten!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.03.2011, 12:32
| #14 |
| | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... also ich kann das wort windowsupdate wieder schreiben und werde auch bei google auf keine anderen seiten mehr umgeleitet. aber windows updaten geht leider immer noch nicht. soll ich trotzdem einen Vollscan mit SUPERAntiSpyware und Malwarebytes machen? |
|
11.03.2011, 13:55
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... Ja mach bitte die Vollscans.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc... |
| .com, antivir, automatisch, avgntflt.sys, beendet, call of duty, counter-strike source, excel.exe, fehlermeldung, folge, folgendes, funktioniert, google, hostprozess, install.exe, interne, internet, intranet, laden, langsam, location, microsoft office word, minute, minuten, neues, nvlddmkm.sys, office 2007, oldtimer, otl.exe, plug-in, problem, probleme, programdata, prozess, rechner, richtig, saver, sched.exe, searchplugins, sehr langsam, seite, shell32.dll, shortcut, skype.exe, sptd.sys, start menu, sttray.exe, usb 2.0, verbindung, videos, world at war, youtube downloader |
Probleme mit windowsupdat(e), Hostprozess für Windowsdienste wurde beendet etc...
Linear-Darstellung
