Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows just pop up and computer is extremely slow


  • This topic is locked This topic is locked

#1
jaffacake

jaffacake

    Member

  • Member
  • PipPip
  • 40 posts
Hi,
Is there anyone who can help me with a problem:
My computer is extremely slow and ads keep on popping up, without any browser open or anything.

Here is the OTL log:

OTL logfile created on: 22.06.2011 00:53:46 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Anwender\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

767,00 Mb Total Physical Memory | 204,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,04 Gb Total Space | 125,19 Gb Free Space | 84,00% Space Free | Partition Type: NTFS
Drive J: | 958,83 Mb Total Space | 663,01 Mb Free Space | 69,15% Space Free | Partition Type: FAT32

Computer Name: ANWENDER-PC | User Name: Anwender | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.06 14:41:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe
PRC - [2011.04.28 12:39:42 | 000,829,504 | ---- | M] (Jumping Bytes) -- C:\Programme\PureSync\PureSyncTray.exe
PRC - [2011.04.27 09:56:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.04 15:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.03.04 15:36:11 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.04 13:00:16 | 000,133,160 | ---- | M] (Jumping Bytes) -- C:\Programme\Gemeinsame Dateien\Jumping Bytes\jbUpdater.exe
PRC - [2010.02.03 17:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2010.01.21 02:52:14 | 000,167,528 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2010.01.21 02:52:12 | 000,370,792 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.06.03 12:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\Ir.exe
PRC - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\EPG Services\System\EPGService.exe
PRC - [2008.05.15 16:30:36 | 000,688,128 | ---- | M] (Hauppauge Inc.) -- C:\Programme\WinTV\EPG Services\System\EPGClient.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.31 17:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (SafeList) ==========

MOD - [2011.05.06 14:41:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Anwender\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.04.27 09:56:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 15:36:11 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.01.21 02:52:14 | 000,167,528 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2010.01.21 02:52:12 | 000,370,792 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.06.02 16:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2008.05.30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Programme\WinTV\EPG Services\System\EPGService.exe -- (EPGService)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011.03.04 17:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.03.04 15:36:34 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.05.15 13:11:40 | 002,136,224 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2010.04.08 20:30:10 | 000,168,040 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2010.03.04 12:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010.03.04 12:02:08 | 000,070,912 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2008.04.17 17:59:02 | 000,015,616 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008.04.17 17:58:00 | 000,560,640 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2005.03.15 17:25:44 | 000,127,574 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:1.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.4
FF - prefs.js..extensions.enabledItems: {71C54606-83ED-4ea6-9315-1AAB29466D33}:3.1
FF - prefs.js..extensions.enabledItems: {446c03e0-2c35-11db-a98b-0800200c9a67}:0.5
FF - prefs.js..extensions.enabledItems: {6e84150a-d526-41f1-a480-a67d3fed910d}:1.4.5.1
FF - prefs.js..extensions.enabledItems: {220249CE-F888-11DD-B868-4CB456D89593}:0.0.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.04.12 22:34:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.04.12 22:34:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.03 23:27:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.22 00:40:30 | 000,000,000 | ---D | M]

[2011.03.19 16:45:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Extensions
[2011.06.05 16:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions
[2011.03.22 12:27:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.16 21:21:06 | 000,000,000 | ---D | M] (OpenDownload (fixed)) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{220249CE-F888-11DD-B868-4CB456D89593}
[2011.04.16 21:26:05 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.04.16 21:10:12 | 000,000,000 | ---D | M] (Firefox Sync) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2011.05.12 22:34:01 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2011.04.16 21:21:07 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2011.04.16 21:21:07 | 000,000,000 | ---D | M] (IE View) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
[2011.04.16 21:21:07 | 000,000,000 | ---D | M] ("CuteMenus2") -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{71C54606-83ED-4ea6-9315-1AAB29466D33}
[2011.06.05 16:21:41 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2011.04.16 21:21:07 | 000,000,000 | ---D | M] (Clippings) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271}
[2011.04.21 16:58:24 | 000,000,000 | ---D | M] (Read It Later) -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\extensions\[email protected]
[2011.04.16 21:14:37 | 000,004,855 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\searchplugins\google-images.xml
[2011.04.16 21:14:57 | 000,005,551 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\searchplugins\google-maps.xml
[2011.04.16 21:14:10 | 000,004,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Mozilla\Firefox\Profiles\e1su56gw.default\searchplugins\youtube.xml
[2011.06.18 16:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.16 21:23:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.01 16:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.18 16:12:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANWENDER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\E1SU56GW.DEFAULT\EXTENSIONS\{1280606B-2510-4FE0-97EF-9B5A22EAFE30}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANWENDER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\E1SU56GW.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ANWENDER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\E1SU56GW.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2011.05.01 16:39:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPGServiceTool] C:\Programme\WinTV\EPG Services\System\EPGClient.exe (Hauppauge Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [PureSync] C:\Programme\PureSync\PureSyncTray.exe (Jumping Bytes)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.18 15:18:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.22 00:40:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2011.06.22 00:40:09 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.06.21 21:01:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Matus Tomlein
[2011.06.21 21:01:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\.Synkron
[2011.06.21 20:46:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Synkron
[2011.06.21 20:46:15 | 000,000,000 | ---D | C] -- C:\Programme\Synkron
[2011.06.21 19:28:53 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.19 10:52:09 | 000,102,400 | ---- | C] (MARS) -- C:\WINDOWS\System32\mr310ifc.dll
[2011.06.19 10:52:09 | 000,000,000 | ---D | C] -- C:\Programme\MARS
[2011.06.19 10:52:05 | 000,073,728 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\mr310ipc.dll
[2011.06.19 10:51:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MY CAMERA
[2011.06.19 10:37:07 | 000,127,574 | ---- | C] (Mars Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\MR97310c.sys
[2011.06.18 16:13:14 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.06.10 10:48:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\PDF24
[2011.06.09 23:51:07 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2011.06.08 20:16:28 | 000,000,000 | ---D | C] -- C:\Downloads
[2011.06.07 19:11:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\dvdcss
[2011.05.26 14:55:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2011.03.18 15:26:38 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll
[2011.03.18 15:26:38 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.06.22 00:56:33 | 000,070,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\master1.pdf
[2011.06.22 00:45:47 | 000,016,556 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\vorauss-ma-studium.pdf
[2011.06.22 00:17:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.21 23:58:00 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.21 22:08:45 | 000,006,488 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2011.06.21 20:46:19 | 000,000,596 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Synkron.lnk
[2011.06.21 17:53:24 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.06.21 17:53:24 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.21 17:53:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.21 17:53:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.19 11:03:14 | 000,000,097 | ---- | M] () -- C:\WINDOWS\marscam.ini
[2011.06.19 10:51:04 | 000,001,355 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MY CAMERA.lnk
[2011.06.18 16:12:36 | 000,452,300 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.06.18 16:12:36 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.06.18 16:12:36 | 000,081,132 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.06.18 16:12:36 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.18 14:37:06 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\Microsoft Office Outlook 2003.lnk
[2011.06.15 22:41:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.06.10 09:22:09 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.06.22 00:45:46 | 000,016,556 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\Desktop\vorauss-ma-studium.pdf
[2011.06.22 00:40:31 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2011.06.21 20:46:19 | 000,000,596 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Synkron.lnk
[2011.06.19 11:03:14 | 000,000,097 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2011.06.19 10:52:09 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2011.06.19 10:52:09 | 000,012,106 | ---- | C] () -- C:\WINDOWS\mr310twc.src
[2011.06.19 10:51:04 | 000,001,355 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MY CAMERA.lnk
[2011.06.19 10:37:07 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2011.06.19 10:37:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2011.06.15 22:39:20 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.05.06 20:45:50 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.05.06 20:45:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.05.06 20:45:50 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.05.06 20:45:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.05.06 20:45:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.05.05 17:19:10 | 000,000,221 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011.05.05 17:19:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011.05.05 17:19:02 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011.05.05 17:18:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011.05.05 17:14:40 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011.03.22 10:25:05 | 000,005,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.22 00:17:05 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.03.22 00:17:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011.03.19 23:12:49 | 000,000,399 | ---- | C] () -- C:\WINDOWS\vtplus32.ini
[2011.03.19 23:12:47 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2011.03.19 23:12:46 | 000,149,504 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011.03.19 23:12:23 | 000,032,297 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2011.03.19 23:12:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2011.03.19 23:12:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2011.03.19 23:11:26 | 000,006,488 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2011.03.19 23:04:56 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011.03.19 16:45:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.19 15:34:12 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.03.18 15:36:05 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2011.03.18 15:36:05 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2011.03.18 15:36:03 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2011.03.18 15:36:03 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2011.03.18 15:27:26 | 000,010,084 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.03.18 15:25:54 | 000,035,264 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2011.03.18 15:23:50 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2011.03.18 15:23:46 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.03.18 15:23:42 | 000,026,638 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.03.18 15:23:42 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.03.18 15:20:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.03.18 15:16:56 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.03.18 15:08:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.18 15:08:06 | 000,212,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.15 17:52:00 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,452,300 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.14 14:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,081,132 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.14 14:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011.04.08 15:27:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2011.03.19 22:57:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2011.05.05 17:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2011.05.01 17:17:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.04.20 17:13:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Ashampoo
[2011.05.18 22:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\BeautyGuide
[2011.04.27 14:57:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\BVS Solitaire Collection
[2011.04.12 22:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\DDMSettings
[2011.04.28 19:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\GetRightToGo
[2011.03.22 01:25:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\GHISLER
[2011.05.06 20:01:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Jumping Bytes
[2011.05.18 22:18:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\MakeupGuide
[2011.06.21 21:01:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Matus Tomlein
[2011.03.20 22:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\OpenCandy
[2011.05.05 17:31:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\ScanSoft
[2011.03.22 10:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\TeamViewer
[2011.03.21 09:12:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Uniblue
[2011.06.22 00:17:00 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hello jaffacake, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.
  • Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Next,

Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
jaffacake

jaffacake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thanks very much! The first scan didn't find anything. Here's the log:

2011/06/25 22:52:13.0093 0716 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 22:52:13.0687 0716 ================================================================================
2011/06/25 22:52:13.0687 0716 SystemInfo:
2011/06/25 22:52:13.0687 0716
2011/06/25 22:52:13.0687 0716 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/25 22:52:13.0687 0716 Product type: Workstation
2011/06/25 22:52:13.0687 0716 ComputerName: ANWENDER-PC
2011/06/25 22:52:13.0687 0716 UserName: Anwender
2011/06/25 22:52:13.0687 0716 Windows directory: C:\WINDOWS
2011/06/25 22:52:13.0687 0716 System windows directory: C:\WINDOWS
2011/06/25 22:52:13.0687 0716 Processor architecture: Intel x86
2011/06/25 22:52:13.0687 0716 Number of processors: 2
2011/06/25 22:52:13.0687 0716 Page size: 0x1000
2011/06/25 22:52:13.0687 0716 Boot type: Normal boot
2011/06/25 22:52:13.0687 0716 ================================================================================
2011/06/25 22:52:15.0046 0716 Initialize success
2011/06/25 22:52:28.0562 0576 ================================================================================
2011/06/25 22:52:28.0562 0576 Scan started
2011/06/25 22:52:28.0562 0576 Mode: Manual;
2011/06/25 22:52:28.0562 0576 ================================================================================
2011/06/25 22:52:29.0703 0576 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/25 22:52:29.0734 0576 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/25 22:52:29.0812 0576 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/25 22:52:29.0890 0576 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/25 22:52:29.0968 0576 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
2011/06/25 22:52:30.0062 0576 AsIO (9d8cb58b9a9e177ddd599791a58a654d) C:\WINDOWS\system32\drivers\AsIO.sys
2011/06/25 22:52:30.0140 0576 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/25 22:52:30.0171 0576 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/25 22:52:30.0203 0576 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/25 22:52:30.0265 0576 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/25 22:52:30.0375 0576 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/06/25 22:52:30.0421 0576 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/06/25 22:52:30.0453 0576 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/06/25 22:52:30.0515 0576 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/25 22:52:30.0593 0576 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
2011/06/25 22:52:30.0781 0576 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/25 22:52:30.0828 0576 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/25 22:52:30.0875 0576 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/25 22:52:30.0937 0576 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/25 22:52:31.0000 0576 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/25 22:52:31.0156 0576 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/25 22:52:31.0187 0576 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/25 22:52:31.0250 0576 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/25 22:52:31.0296 0576 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/25 22:52:31.0343 0576 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/25 22:52:31.0406 0576 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/25 22:52:31.0468 0576 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/25 22:52:31.0484 0576 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/25 22:52:31.0531 0576 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/25 22:52:31.0562 0576 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/25 22:52:31.0625 0576 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/25 22:52:31.0640 0576 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/25 22:52:31.0734 0576 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/25 22:52:31.0750 0576 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/25 22:52:31.0859 0576 hcw95bda (a036414384b1f3f36d7e40286cf6dd07) C:\WINDOWS\system32\Drivers\hcw95bda.sys
2011/06/25 22:52:31.0906 0576 hcw95rc (a83862f32f86da77b1ab3a11e18bb62f) C:\WINDOWS\system32\DRIVERS\hcw95rc.sys
2011/06/25 22:52:31.0968 0576 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/25 22:52:32.0031 0576 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/25 22:52:32.0093 0576 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/25 22:52:32.0156 0576 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/25 22:52:32.0234 0576 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/25 22:52:32.0328 0576 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/25 22:52:32.0375 0576 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/25 22:52:32.0421 0576 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/25 22:52:32.0453 0576 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/25 22:52:32.0500 0576 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/25 22:52:32.0562 0576 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/25 22:52:32.0609 0576 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/25 22:52:32.0640 0576 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/25 22:52:32.0671 0576 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/25 22:52:32.0734 0576 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/25 22:52:32.0812 0576 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/25 22:52:32.0859 0576 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/25 22:52:32.0906 0576 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/25 22:52:32.0968 0576 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/25 22:52:33.0062 0576 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/25 22:52:33.0109 0576 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/25 22:52:33.0140 0576 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/06/25 22:52:33.0218 0576 MR97310_USB_DUAL_CAMERA (d2edba04df4d3e428e1e5dbd217e242a) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
2011/06/25 22:52:33.0265 0576 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/25 22:52:33.0312 0576 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/25 22:52:33.0343 0576 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/25 22:52:33.0390 0576 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/25 22:52:33.0421 0576 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/25 22:52:33.0468 0576 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/25 22:52:33.0531 0576 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/25 22:52:33.0562 0576 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/25 22:52:33.0609 0576 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/06/25 22:52:33.0671 0576 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/25 22:52:33.0718 0576 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/25 22:52:33.0781 0576 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/25 22:52:33.0812 0576 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/25 22:52:33.0843 0576 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/25 22:52:33.0890 0576 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/25 22:52:33.0937 0576 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/25 22:52:34.0000 0576 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/25 22:52:34.0031 0576 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/25 22:52:34.0062 0576 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/25 22:52:34.0109 0576 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/25 22:52:34.0156 0576 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/25 22:52:34.0203 0576 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/25 22:52:34.0421 0576 nv (cd9ed87b4fc6ec41d3b5be0b923843fc) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/25 22:52:34.0750 0576 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/06/25 22:52:34.0796 0576 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys
2011/06/25 22:52:34.0796 0576 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/06/25 22:52:34.0859 0576 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/25 22:52:34.0906 0576 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/25 22:52:34.0984 0576 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/25 22:52:35.0031 0576 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/25 22:52:35.0093 0576 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/25 22:52:35.0140 0576 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/25 22:52:35.0156 0576 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/25 22:52:35.0187 0576 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/25 22:52:35.0500 0576 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/25 22:52:35.0578 0576 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/25 22:52:35.0593 0576 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/25 22:52:35.0656 0576 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/25 22:52:35.0750 0576 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/25 22:52:35.0812 0576 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/25 22:52:35.0859 0576 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/25 22:52:35.0906 0576 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/25 22:52:35.0953 0576 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/25 22:52:35.0984 0576 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/25 22:52:36.0000 0576 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/25 22:52:36.0078 0576 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/25 22:52:36.0125 0576 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/25 22:52:36.0203 0576 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/25 22:52:36.0265 0576 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/25 22:52:36.0296 0576 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/25 22:52:36.0359 0576 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/25 22:52:36.0437 0576 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/25 22:52:36.0484 0576 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/25 22:52:36.0562 0576 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/25 22:52:36.0609 0576 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/25 22:52:36.0656 0576 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/06/25 22:52:36.0718 0576 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/25 22:52:36.0781 0576 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/25 22:52:36.0859 0576 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/25 22:52:36.0953 0576 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/25 22:52:37.0015 0576 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/25 22:52:37.0046 0576 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/25 22:52:37.0078 0576 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/25 22:52:37.0125 0576 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/25 22:52:37.0218 0576 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/25 22:52:37.0281 0576 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/25 22:52:37.0343 0576 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/25 22:52:37.0390 0576 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/25 22:52:37.0437 0576 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/25 22:52:37.0468 0576 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/25 22:52:37.0546 0576 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/25 22:52:37.0593 0576 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/25 22:52:37.0640 0576 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/25 22:52:37.0750 0576 VIAHdAudAddService (cbc1ce0a1fce0deed4f6f093be91d132) C:\WINDOWS\system32\drivers\viahduaa.sys
2011/06/25 22:52:37.0859 0576 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/25 22:52:37.0875 0576 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/25 22:52:37.0921 0576 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/25 22:52:38.0031 0576 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/25 22:52:38.0062 0576 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/06/25 22:52:38.0203 0576 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
2011/06/25 22:52:38.0515 0576 ================================================================================
2011/06/25 22:52:38.0515 0576 Scan finished
2011/06/25 22:52:38.0515 0576 ================================================================================
2011/06/25 22:52:38.0515 0168 Detected object count: 0
2011/06/25 22:52:38.0515 0168 Actual detected object count: 0





This is the second log:

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-26 00:49:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 SAMSUNG_ rev.1AC0
Running: uhhdmene.exe; Driver: C:\DOKUME~1\Anwender\LOKALE~1\Temp\awliqkow.sys


---- System - GMER 1.0.15 ----

SSDT EC3BE94E ZwCreateKey
SSDT EC3BE944 ZwCreateThread
SSDT EC3BE953 ZwDeleteKey
SSDT EC3BE95D ZwDeleteValueKey
SSDT EC3BE962 ZwLoadKey
SSDT EC3BE930 ZwOpenProcess
SSDT EC3BE935 ZwOpenThread
SSDT EC3BE96C ZwReplaceKey
SSDT EC3BE967 ZwRestoreKey
SSDT EC3BE958 ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 4 Bytes [4E, E9, 3B, EC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 4 Bytes JMP EFBF3194
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE0 8050457C 4 Bytes JMP D2DB31BC
.text ntkrnlpa.exe!ZwCallbackReturn + 2CE8 80504584 4 Bytes [5D, E9, 3B, EC]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D6C 80504608 4 Bytes JMP DF713248
.text ...
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF576F380, 0x566465, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#4
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter
    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the Licence agreement and click on next
  • It will by default install it to your desktop folder.Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#5
jaffacake

jaffacake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thank you! There was a number of objects that could not be neutralized. These are the detected objects:

26.06.2011 21:37:37 C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temporary Internet Files\Content.IE5\PU5UOWUT\imgsource[1].htm
26.06.2011 21:34:59 C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\jar_cache7279978233286349708.tmp/applet.class
26.06.2011 21:10:19 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62\34424abe-7b5f1f90/google/stomp.class
26.06.2011 21:10:07 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\62\34424abe-7b5f1f90/google/mongo.class
26.06.2011 21:10:07 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\7061701b-232f0d9d/vmain.class
26.06.2011 21:09:19 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\27\7061701b-232f0d9d/vload.class
26.06.2011 21:09:19 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1\378d6ac1-18e58c6e/vmain.class
26.06.2011 21:09:19 C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\1\7ff6ff01-3c7a3f0a/vmain.class
  • 0

#6
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Those files are just temporary files. The program below should clear your temporary files.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

What pop-up are you getting on startup? Can you take a screen shot of it? Next time you see pop-up press the print screen button on your keyboard. Go to start->all programs->accessories->paint. Select edit then paste. The picture of your screen should be there. Save the picture and attach it here.
  • 0

#7
jaffacake

jaffacake

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Thank you. I did the cleanup and it deleted a lot.
I haven't seen the popups in a while, I think we got rid of that problem. They were basically ads, and some about the Adobe flash player, but they showed up even if I wasn't working on the computer at all.
A while after this started, the Adobe PDF Reader stopped working (flash is fine though), and everytime I try to open a pdf file I just get an error message telling me that I don't have the rights to do that, even though I'm logged in as admin and it worked perfectly well before that.
My Avira software just found HTML/Rce.Gen and could not destroy it. What is this?
  • 0

#8
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Does Avast say where the file is located? Since it is an HTML file my guess that it is in the temporary internet files. If it is then you should run TFC again. You probably visited an infected website.

Go to your control panel and click on add or remove programs. Find adobe reader and click on it. If there is a button called "change" click on it. The setup application will start, select repair installation and click next. The installer will attempt to repair adobe reader, after if is done try to open a PDF file.
  • 0

#9
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP