Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Plagegeister aller Art und deren Bekämpfung: Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 31.10.2010, 14:13   #1
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


hier zu 6.
Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/10/31 11:41
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP2
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8F3BC000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x807AB000	Size: 286720	File Visible: -	Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8243D000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x904FC000	Size: 294912	File Visible: -	Signed: -
Status: -

Name: apkaqhr4.SYS
Image Path: C:\Windows\System32\Drivers\apkaqhr4.SYS
Address: 0x82DB5000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82A84000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82A8C000	Size: 122880	File Visible: -	Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\Windows\System32\ATMFD.DLL
Address: 0x9CCE0000	Size: 311296	File Visible: -	Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x917B3000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x916AE000	Size: 139264	File Visible: -	Signed: -
Status: -

Name: BdaSup.SYS
Image Path: C:\Windows\system32\drivers\BdaSup.SYS
Address: 0x8F37F000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x90200000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: BHDrvx86.sys
Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys
Address: 0x9160F000	Size: 548864	File Visible: -	Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80484000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0xA19A0000	Size: 102400	File Visible: -	Signed: -
Status: -

Name: ccHPx86.sys
Image Path: C:\Windows\system32\drivers\NIS\1108000.005\ccHPx86.sys
Address: 0x9091C000	Size: 520192	File Visible: -	Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x9CCD0000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x91749000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8F3CA000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804CD000	Size: 917504	File Visible: -	Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8FD29000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x8AB9C000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8048C000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x9175F000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8ABBD000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x90905000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8AB8B000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8FD94000	Size: 151552	File Visible: -	Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x91777000	Size: 32768	File Visible: No	Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x9176C000	Size: 45056	File Visible: No	Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x9177F000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x82F16000	Size: 659456	File Visible: -	Signed: -
Status: -

Name: e1e6032.sys
Image Path: C:\Windows\system32\DRIVERS\e1e6032.sys
Address: 0x82FB7000	Size: 229376	File Visible: -	Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8AB64000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: eeCtrl.sys
Image Path: C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0x908A7000	Size: 385024	File Visible: -	Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x82B32000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x82AAA000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x903F0000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x82EEC000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
Address: 0x8F3E2000	Size: 21120	File Visible: -	Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x8240A000	Size: 208896	File Visible: -	Signed: -
Status: -

Name: HCW85BDA.sys
Image Path: C:\Windows\system32\drivers\HCW85BDA.sys
Address: 0x8F292000	Size: 968064	File Visible: -	Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8F205000	Size: 577536	File Visible: -	Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x916D9000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x91729000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x90207000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x916D0000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0xA1916000	Size: 446464	File Visible: -	Signed: -
Status: -

Name: IDSvix86.sys
Image Path: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100520.001\IDSvix86.sys
Address: 0x9084F000	Size: 360448	File Visible: -	Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\DRIVERS\intelide.sys
Address: 0x82A58000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x82F07000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\Windows\system32\DRIVERS\ipnat.sys
Address: 0xA2B9F000	Size: 155648	File Visible: -	Signed: -
Status: -

Name: Ironx86.SYS
Image Path: C:\Windows\system32\drivers\NIS\1108000.005\Ironx86.SYS
Address: 0x905AD000	Size: 126976	File Visible: -	Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8FD11000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x916E9000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x877EA000	Size: 12288	File Visible: -	Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\drivers\ks.sys
Address: 0x8F382000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x82B79000	Size: 462848	File Visible: -	Signed: -
Status: -

Name: LHidKE.Sys
Image Path: C:\Windows\system32\DRIVERS\LHidKE.Sys
Address: 0x91708000	Size: 27008	File Visible: -	Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0xA18BF000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: LMouKE.sys
Image Path: C:\Windows\System32\Drivers\LMouKE.sys
Address: 0x91717000	Size: 69760	File Visible: -	Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x91798000	Size: 110592	File Visible: -	Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80403000	Size: 458752	File Visible: -	Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x91789000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8FD1C000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x9170F000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x82A74000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0xA19B9000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0xA19CE000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x917D0000	Size: 126976	File Visible: -	Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9099B000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x909D4000	Size: 98304	File Visible: -	Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x90432000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x807F1000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8FC09000	Size: 192512	File Visible: -	Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x82D11000	Size: 176128	File Visible: -	Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8FD37000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8AB55000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x82C06000	Size: 1093632	File Visible: -	Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8FC9B000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0xA18F9000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8FCA6000	Size: 143360	File Visible: -	Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8FD83000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x9058C000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x90544000	Size: 204800	File Visible: -	Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x82D3C000	Size: 241664	File Visible: -	Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x9043D000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x90845000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8AA04000	Size: 1114112	File Visible: -	Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8243D000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x903F9000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: nvlddmkm.sys
Image Path: C:\Windows\system32\DRIVERS\nvlddmkm.sys
Address: 0x8E80A000	Size: 8237120	File Visible: -	Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0xA18CF000	Size: 172032	File Visible: -	Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8F3AC000	Size: 62208	File Visible: -	Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x90576000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x805D4000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x805AD000	Size: 159744	File Visible: -	Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82A6D000	Size: 28672	File Visible: -	Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\DRIVERS\PCIIDEX.SYS
Address: 0x82A5F000	Size: 57344	File Visible: -	Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0xA2A84000	Size: 909312	File Visible: -	Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8243D000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x903C3000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80473000	Size: 69632	File Visible: -	Signed: -
Status: -

Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x82B6F000	Size: 38080	File Visible: -	Signed: -
Status: -

Name: pxldipoc.sys
Image Path: C:\Users\Nico\AppData\Local\Temp\pxldipoc.sys
Address: 0xA2BC9000	Size: 93824	File Visible: No	Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x9044B000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8FC84000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8FCC9000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8FCD8000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8FCEC000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8243D000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x90809000	Size: 245760	File Visible: -	Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x90422000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x9042A000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA2BE0000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0xA1903000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: RTKVHDA.sys
Image Path: C:\Windows\system32\drivers\RTKVHDA.sys
Address: 0x9020E000	Size: 1788480	File Visible: -	Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\System32\Drivers\SCSIPORT.SYS
Address: 0x80785000	Size: 155648	File Visible: -	Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0xA2B62000	Size: 40960	File Visible: -	Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x904E8000	Size: 81920	File Visible: -	Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8AB4D000	Size: 32768	File Visible: -	Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0xA180F000	Size: 720896	File Visible: -	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: spvl.sys
Image Path: C:\Windows\System32\Drivers\spvl.sys
Address: 0x80689000	Size: 995328	File Visible: No	Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: C:\Windows\system32\drivers\NIS\1108000.005\SRTSPX.SYS
Address: 0x905D2000	Size: 36992	File Visible: -	Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0xA2A36000	Size: 319488	File Visible: -	Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0xA2A0E000	Size: 163840	File Visible: -	Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0xA1983000	Size: 118784	File Visible: -	Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x905CC000	Size: 23040	File Visible: -	Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8FC38000	Size: 266240	File Visible: -	Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8FD27000	Size: 4992	File Visible: -	Signed: -
Status: -

Name: SYMDS.SYS
Image Path: C:\Windows\system32\drivers\NIS\1108000.005\SYMDS.SYS
Address: 0x82ADC000	Size: 352256	File Visible: -	Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: C:\Windows\system32\drivers\NIS\1108000.005\SYMEFA.SYS
Address: 0x82B42000	Size: 184320	File Visible: -	Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: C:\Windows\system32\Drivers\SYMEVENT.SYS
Address: 0x904C3000	Size: 151552	File Visible: -	Signed: -
Status: -

Name: SYMTDIV.SYS
Image Path: C:\Windows\System32\Drivers\NIS\1108000.005\SYMTDIV.SYS
Address: 0x9046A000	Size: 364544	File Visible: -	Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x82E02000	Size: 958464	File Visible: -	Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0xA2B6C000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8FC79000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x90454000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8FD01000	Size: 65536	File Visible: -	Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x9CCB0000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8ABF1000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8ABE6000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8FD41000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x91695000	Size: 94208	File Visible: -	Signed: -
Status: -

Name: usbcir.sys
Image Path: C:\Windows\system32\DRIVERS\usbcir.sys
Address: 0x916F2000	Size: 90112	File Visible: -	Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x916AC000	Size: 8192	File Visible: -	Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x82FEF000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8FD4E000	Size: 217088	File Visible: -	Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x82D77000	Size: 253952	File Visible: -	Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x91734000	Size: 86016	File Visible: -	Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8EFF2000	Size: 45056	File Visible: -	Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8FDD5000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x90401000	Size: 135168	File Visible: -	Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x805E3000	Size: 61440	File Visible: -	Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x82A0E000	Size: 303104	File Visible: -	Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8AB14000	Size: 233472	File Visible: -	Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x9059A000	Size: 77824	File Visible: -	Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8EFE6000	Size: 49152	File Visible: -	Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80600000	Size: 507904	File Visible: -	Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067C000	Size: 53248	File Visible: -	Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x9CA90000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x9CA90000	Size: 2109440	File Visible: -	Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\System32\Drivers\WMILIB.SYS
Address: 0x8077C000	Size: 36864	File Visible: -	Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8243D000	Size: 3903488	File Visible: -	Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0xA2B8D000	Size: 73728	File Visible: -	Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0xA2B78000	Size: 83328	File Visible: -	Signed: -
Status: -






Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 2360)	Address: 0x6cf30000	Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 2360)	Address: 0x6e770000	Size: 372736

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 2360)	Address: 0x70310000	Size: 20480

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x864101f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8640f1f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System	Address: 0x877f91f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System	Address: 0x88eec1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x878631f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_CREATE]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_CLOSE]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_CLEANUP]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: Smb??????, IRP_MJ_PNP]
Process: System	Address: 0x87fc51f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_CREATE]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_CLOSE]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_POWER]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: apkaqhr4???????, IRP_MJ_PNP]
Process: System	Address: 0x878d71f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_CREATE]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_CLOSE]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_CLEANUP]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: netbt?, IRP_MJ_PNP]
Process: System	Address: 0x881741f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_CREATE]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_CLOSE]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_POWER]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: iScsiPrt???, IRP_MJ_PNP]
Process: System	Address: 0x879ef1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x8640d1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x878641f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System	Address: 0x878231f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_CREATE]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_CLOSE]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_READ]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_WRITE]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_CLEANUP]
Process: System	Address: 0x88f241f8	Size: 121

Object: Hidden Code [Driver: cdfs????, IRP_MJ_PNP]
Process: System	Address: 0x88f241f8	Size: 121






Hidden Services
-------------------

Jedes mal wenn ich versuche die HJTscanlist zu posten kommt die Nachricht der Server hat die Verbindung unterbrochen und ich kann es nicht posten.

Ich hoffe das hilft auch so weiter.

gruß

Alt 01.11.2010, 06:47   #2
kira
/// Helfer-Team
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


1.
eigentlich wird ungefragt mitinstalliert :
Code:
ATTFilter
Viewpoint Manager
kannst deinstallieren
falls nicht (mehr) vorhanden:

"Start--> Ausführen" dann folgende Befehl bitte eingeben: cmd --> ok
es öffnet sich ein Kommando-Fenster
danach folgende Befehl eingeben und nach jedem Befehl die Eingabetaste [Enter] drücken:

Code:
ATTFilter
sc stop Viewpoint Corporation
sc delete Viewpoint Corporation
Exit

Falls eine Fehlermeldung erscheint, probiere mit "Viewpoint Manager Service"

2.
→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
Tipps für die Suche nach Dateien
Code:
ATTFilter
C:\Windows\System32\Drivers\apkaqhr4.SYS
→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:
Code:
ATTFilter
File name: 
<<Dateiname>>
Submission date:
2010-10-22 03:34:01 (UTC)
Current status:
queued queued analysing finished
Result:
.....%
    
VT Community

goodware/badware
 Safety score: 100.0% 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.22.00    2010.10.21    -
AntiVir    7.10.13.15    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.22    -
Authentium    5.2.0.5    2010.10.22    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
usw........
...über 40 Virenscannern...also Geduld!!
__________________

Geändert von kira (01.11.2010 um 06:53 Uhr)

Alt 01.11.2010, 10:18   #3
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Also das mit dem Viewpoint deinstallieren geht nicht, da erscheint bei beiden Versionen immer die Meldung:

Code:
ATTFilter
[SC] OpenService FEHLER 1060
Außerdem ist die Datei
Code:
ATTFilter
C:\Windows\System32\Drivers\apkaqhr4.SYS
nicht zu finden weder wenn ich im Explorer bei Drivers alles durchschaue noch wenn ich es über "Suchen" eingebe.

gruß
__________________
Alt 02.11.2010, 06:39   #4
kira
/// Helfer-Team
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Zitat:
Zitat von nico885 Beitrag anzeigen

Jedes mal wenn ich versuche die HJTscanlist zu posten kommt die Nachricht der Server hat die Verbindung unterbrochen und ich kann es nicht posten.
Du kannst aber auch den Text in mehrere Teile teilen und so posten

Alt 02.11.2010, 12:36   #5
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Gut dann hier in mehreren Teilen.

Code:
ATTFilter
 
 Microsoft Windows [Version 6.0.6002]
 
 
C:

  31.10.2010 10:01     C:\rsit --------- 0   
  31.10.2010 10:01     C:\Program Files --------- 20480   
  31.10.2010 09:59     C:\WINDOWS --------- 28672   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  30.10.2010 22:56     C:\System Volume Information --------- 16384   
  28.10.2010 19:01     C:\Config.Msi --------- 0   
  21.10.2010 15:29     C:\ProgramData --------- 8192   
  21.10.2010 15:27     C:\lopR.txt --------- 12058   
  21.10.2010 15:27     C:\Lop SD --------- 8192   
  18.10.2010 17:39     C:\ping.txt --------- 500   
  28.05.2010 10:14     C:\IO.SYS --------- 0   
  28.05.2010 10:14     C:\MSDOS.SYS --------- 0   
  14.04.2010 15:41     C:\MSOCache --------- 0   
  18.03.2010 17:45     C:\divx --------- 0   
  18.03.2010 16:17     C:\found.000 --------- 0   
  13.03.2010 14:16     C:\TO_InstallLog.txt --------- 161   
  02.03.2010 16:58     C:\$Recycle.Bin --------- 4096   
  02.03.2010 16:57     C:\Users --------- 4096   
  09.02.2010 08:00     C:\Boot --------- 4096   
  02.02.2010 19:36     C:\hp --------- 4096   
  02.02.2010 17:30     C:\Programme --------- 0   
  02.02.2010 17:30     C:\Dokumente und Einstellungen --------- 0   
  11.04.2009 07:36     C:\bootmgr --------- 333257   
  18.09.2006 22:43     C:\config.sys --------- 10   
  08.02.2002 09:51     C:\BOOTSECT.BAK --------- 8192   
  08.02.2002 01:40     C:\autoexec.bat --------- 74   
----------------------------------------


Alt 02.11.2010, 12:38   #6
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Code:
ATTFilter
C:\Windows\System

 02.02.2010 17:40      C:\Windows\System\hpsysdrv.dat --------- 44 
 02.11.2006 13:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 13:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 13:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 13:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 13:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 13:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 08:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 08:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 08:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 08:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 08:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 08:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 08:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 08:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 08:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 08:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 08:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 08:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 22:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 22:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 22:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 22:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 31.10.2010 10:06     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 31.10.2010 10:06     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 31.10.2010 09:55     C:\Windows\system32\perfh009.dat --------- 586980  
 31.10.2010 09:55     C:\Windows\system32\perfc009.dat --------- 101052  
 31.10.2010 09:55     C:\Windows\system32\perfh007.dat --------- 618204  
 31.10.2010 09:55     C:\Windows\system32\perfc007.dat --------- 122442  
 31.10.2010 09:55     C:\Windows\system32\PerfStringBackup.INI --------- 1418612  
 26.10.2010 14:23     C:\Windows\system32\Tasks --------- 4096  
 25.10.2010 17:31     C:\Windows\system32\drivers --------- 61440  
 24.10.2010 16:30     C:\Windows\system32\%APPDATA% --------- 0  
 19.10.2010 20:53     C:\Windows\system32\AU8Settings.ini --------- 144  
 19.10.2010 13:26     C:\Windows\system32\Adobe --------- 0  
 19.10.2010 13:19     C:\Windows\system32\Macromed --------- 0  
 18.10.2010 17:14     C:\Windows\system32\javaws.exe --------- 153376  
 18.10.2010 17:14     C:\Windows\system32\javaw.exe --------- 145184  
 18.10.2010 17:14     C:\Windows\system32\java.exe --------- 145184  
 18.10.2010 17:14     C:\Windows\system32\deployJava1.dll --------- 472808  
 18.10.2010 16:06     C:\Windows\system32\catroot2 --------- 8192  
 18.10.2010 16:06     C:\Windows\system32\FNTCACHE.DAT --------- 1774632  
 16.10.2010 18:43     C:\Windows\system32\jupdate-1.6.0_22-b04.log --------- 4034  
 16.10.2010 11:45     C:\Windows\system32\AGEIA --------- 0  
 14.10.2010 14:49     C:\Windows\system32\de-DE --------- 266240  
 13.10.2010 20:43     C:\Windows\system32\mrt.exe --------- 35385288  
 13.10.2010 17:05     C:\Windows\system32\catroot --------- 4096  
 01.10.2010 19:51     C:\Windows\system32\TVUAx --------- 4096  
 16.09.2010 15:31     C:\Windows\system32\migration --------- 0  
 16.09.2010 15:31     C:\Windows\system32\wbem --------- 61440  
 16.09.2010 15:31     C:\Windows\system32\en-US --------- 8192  
 16.09.2010 15:25     C:\Windows\system32\icrav03.rat --------- 8798  
 16.09.2010 15:25     C:\Windows\system32\ticrf.rat --------- 1988  
 13.09.2010 16:46     C:\Windows\system32\wmp.dll --------- 10628096  
 13.09.2010 14:56     C:\Windows\system32\wmploc.DLL --------- 8147456  
 08.09.2010 10:17     C:\Windows\system32\QuickTime.qts --------- 69632  
 08.09.2010 10:17     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 06.09.2010 17:20     C:\Windows\system32\srvsvc.dll --------- 125952  
 06.09.2010 17:19     C:\Windows\system32\netevent.dll --------- 17920  
 31.08.2010 23:55     C:\Windows\system32\iedkcs32.dll --------- 460088  
 31.08.2010 23:47     C:\Windows\system32\mshtml.dll --------- 10199040  
 31.08.2010 23:46     C:\Windows\system32\jscript9.dll --------- 1355264  
 31.08.2010 23:45     C:\Windows\system32\ieframe.dll --------- 12348928  
 31.08.2010 23:44     C:\Windows\system32\html.iec --------- 367104  
 31.08.2010 23:44     C:\Windows\system32\inetcpl.cpl --------- 1448448  
 31.08.2010 23:44     C:\Windows\system32\wininet.dll --------- 1122304  
 31.08.2010 23:44     C:\Windows\system32\ieapfltr.dll --------- 441856  
 31.08.2010 23:44     C:\Windows\system32\urlmon.dll --------- 1097728  
 31.08.2010 23:44     C:\Windows\system32\vbscript.dll --------- 424960  
 31.08.2010 23:43     C:\Windows\system32\webcheck.dll --------- 208384  
 31.08.2010 23:43     C:\Windows\system32\occache.dll --------- 128000  
 31.08.2010 23:43     C:\Windows\system32\msrating.dll --------- 166400  
 31.08.2010 23:43     C:\Windows\system32\url.dll --------- 109568  
 31.08.2010 23:43     C:\Windows\system32\licmgr10.dll --------- 23552  
 31.08.2010 23:43     C:\Windows\system32\jsproxy.dll --------- 65024  
 31.08.2010 23:43     C:\Windows\system32\ieUnatt.exe --------- 142848  
 31.08.2010 23:43     C:\Windows\system32\SetDepNx.exe --------- 72704  
 31.08.2010 23:43     C:\Windows\system32\iesysprep.dll --------- 114176  
 31.08.2010 23:43     C:\Windows\system32\RegisterIEPKEYs.exe --------- 74752  
 31.08.2010 23:43     C:\Windows\system32\SetIEInstalledDate.exe --------- 76800  
 31.08.2010 23:43     C:\Windows\system32\advpack.dll --------- 114176  
 31.08.2010 23:43     C:\Windows\system32\ieaksie.dll --------- 227840  
 31.08.2010 23:43     C:\Windows\system32\ieakeng.dll --------- 130560  
 31.08.2010 23:42     C:\Windows\system32\admparse.dll --------- 51200  
 31.08.2010 23:42     C:\Windows\system32\ieakui.dll --------- 163840  
 31.08.2010 23:42     C:\Windows\system32\ie4uinit.exe --------- 193024  
 31.08.2010 23:42     C:\Windows\system32\iesetup.dll --------- 75264  
 31.08.2010 23:42     C:\Windows\system32\inseng.dll --------- 80384  
 31.08.2010 23:42     C:\Windows\system32\iernonce.dll --------- 32768  
 31.08.2010 23:42     C:\Windows\system32\IEAdvpack.dll --------- 110592  
 31.08.2010 23:42     C:\Windows\system32\jscript.dll --------- 719360  
 31.08.2010 23:42     C:\Windows\system32\iexpress.exe --------- 150016  
 31.08.2010 23:42     C:\Windows\system32\iertutil.dll --------- 2056192  
 31.08.2010 23:42     C:\Windows\system32\wextract.exe --------- 149504  
 31.08.2010 23:42     C:\Windows\system32\msfeeds.dll --------- 596480  
 31.08.2010 23:42     C:\Windows\system32\msfeedsbs.dll --------- 44544  
 31.08.2010 23:42     C:\Windows\system32\dxtmsft.dll --------- 353280  
 31.08.2010 23:42     C:\Windows\system32\iepeers.dll --------- 111104  
 31.08.2010 23:42     C:\Windows\system32\icardie.dll --------- 59392  
 31.08.2010 23:42     C:\Windows\system32\dxtrans.dll --------- 223232  
 31.08.2010 23:42     C:\Windows\system32\imgutil.dll --------- 33280  
 31.08.2010 23:42     C:\Windows\system32\msfeedssync.exe --------- 10240  
 31.08.2010 23:42     C:\Windows\system32\pngfilt.dll --------- 49664  
 31.08.2010 23:42     C:\Windows\system32\mshtmled.dll --------- 67072  
 31.08.2010 23:42     C:\Windows\system32\mshtmler.dll --------- 48640  
 31.08.2010 23:42     C:\Windows\system32\mshta.exe --------- 11264  
 31.08.2010 23:42     C:\Windows\system32\mshtml.tlb --------- 2381824  
 31.08.2010 23:42     C:\Windows\system32\tdc.ocx --------- 63488  
 31.08.2010 23:41     C:\Windows\system32\msls31.dll --------- 160768  
 31.08.2010 23:41     C:\Windows\system32\ieui.dll --------- 176640  
 31.08.2010 23:36     C:\Windows\system32\ieuinit.inf --------- 72533  
 31.08.2010 16:46     C:\Windows\system32\mfc40u.dll --------- 954288  
 31.08.2010 16:46     C:\Windows\system32\mfc40.dll --------- 954752  
 31.08.2010 16:44     C:\Windows\system32\comctl32.dll --------- 531968  
 31.08.2010 14:27     C:\Windows\system32\win32k.sys --------- 2038272  
 26.08.2010 17:37     C:\Windows\system32\t2embed.dll --------- 157184  
 20.08.2010 17:05     C:\Windows\system32\wmpmde.dll --------- 867328  
 18.08.2010 00:54     C:\Windows\system32\XpsGdiConverter.dll --------- 280064  
 18.08.2010 00:54     C:\Windows\system32\XpsRasterService.dll --------- 135680  
 18.08.2010 00:52     C:\Windows\system32\MFH264Dec.dll --------- 979456  
 18.08.2010 00:51     C:\Windows\system32\MFHEAACdec.dll --------- 357376  
 18.08.2010 00:51     C:\Windows\system32\mfreadwrite.dll --------- 261632  
 18.08.2010 00:51     C:\Windows\system32\mfmp4src.dll --------- 302592  
----------------------------------------

Alt 02.11.2010, 12:38   #7
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Code:
ATTFilter
 
C:\Windows\Prefetch

 31.10.2010 10:10     C:\Windows\Prefetch\WERFAULT.EXE-B7E27BE5.pf --------- 92466  
 31.10.2010 10:09     C:\Windows\Prefetch\CONIME.EXE-B273009A.pf --------- 19852  
 31.10.2010 10:09     C:\Windows\Prefetch\CMD.EXE-89305D47.pf --------- 18778  
 31.10.2010 10:09     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-AA7A1FDD.pf --------- 17950  
 31.10.2010 10:09     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-AFAD3EF9.pf --------- 27742  
 31.10.2010 10:09     C:\Windows\Prefetch\WINRAR.EXE-6F42D4E7.pf --------- 53306  
 31.10.2010 10:08     C:\Windows\Prefetch\DLLHOST.EXE-71214090.pf --------- 26036  
 31.10.2010 10:07     C:\Windows\Prefetch\RUNDLL32.EXE-CC74A1C3.pf --------- 22422  
 31.10.2010 10:06     C:\Windows\Prefetch\WMIPRVSE.EXE-43972D0F.pf --------- 35132  
 31.10.2010 10:06     C:\Windows\Prefetch\CONTROL.EXE-9459D5A0.pf --------- 39752  
 31.10.2010 10:06     C:\Windows\Prefetch\HELPPANE.EXE-D1016F9E.pf --------- 110890  
 31.10.2010 10:05     C:\Windows\Prefetch\TASKENG.EXE-5BAF290C.pf --------- 137784  
 31.10.2010 10:03     C:\Windows\Prefetch\NOTEPAD.EXE-EB1B961A.pf --------- 23350  
 31.10.2010 10:03     C:\Windows\Prefetch\WERMGR.EXE-2A1BCBC7.pf --------- 76264  
 31.10.2010 10:02     C:\Windows\Prefetch\AVWSC.EXE-877F4F63.pf --------- 32042  
 31.10.2010 10:02     C:\Windows\Prefetch\RUNDLL32.EXE-E447C111.pf --------- 38626  
 31.10.2010 10:01     C:\Windows\Prefetch\NICO.EXE-75BDB2B1.pf --------- 24214  
 31.10.2010 10:01     C:\Windows\Prefetch\RSIT.EXE-502122B4.pf --------- 27862  
 31.10.2010 10:00     C:\Windows\Prefetch\WSQMCONS.EXE-E2CE6542.pf --------- 3136  
 31.10.2010 09:59     C:\Windows\Prefetch\SYSTEMPROPERTIESPROTECTION.EX-47C43498.pf --------- 49974  
 31.10.2010 09:58     C:\Windows\Prefetch\SVCHOST.EXE-8FD92526.pf --------- 19088  
 31.10.2010 09:58     C:\Windows\Prefetch\VSSVC.EXE-04D079CC.pf --------- 118982  
 31.10.2010 09:58     C:\Windows\Prefetch\RSTRUI.EXE-4841C8C8.pf --------- 37510  
 31.10.2010 09:58     C:\Windows\Prefetch\VERCLSID.EXE-4D95F5A7.pf --------- 24976  
 31.10.2010 09:58     C:\Windows\Prefetch\RUNDLL32.EXE-0F830E3C.pf --------- 45136  
 31.10.2010 09:55     C:\Windows\Prefetch\CLTLMH.EXE-B0401503.pf --------- 27786  
 31.10.2010 09:54     C:\Windows\Prefetch\WMIADAP.EXE-369DF1CD.pf --------- 36480  
 31.10.2010 09:53     C:\Windows\Prefetch\HPHC_SERVICE.EXE-B8B935C8.pf --------- 42848  
 31.10.2010 09:52     C:\Windows\Prefetch\WSCSTUB.EXE-B9878F16.pf --------- 28132  
 31.10.2010 09:52     C:\Windows\Prefetch\TASKMGR.EXE-72398DC0.pf --------- 51886  
 31.10.2010 09:52     C:\Windows\Prefetch\LOGONUI.EXE-1BEE4A84.pf --------- 32906  
 31.10.2010 09:51     C:\Windows\Prefetch\ReadyBoot --------- 4096  
 31.10.2010 09:51     C:\Windows\Prefetch\OPERA.EXE-E1830577.pf --------- 106390  
 31.10.2010 09:51     C:\Windows\Prefetch\WLCOMM.EXE-648065CA.pf --------- 76520  
 31.10.2010 09:51     C:\Windows\Prefetch\UNSECAPP.EXE-CD982D99.pf --------- 26296  
 31.10.2010 09:51     C:\Windows\Prefetch\IPODSERVICE.EXE-FE1A6FF7.pf --------- 19336  
 31.10.2010 09:51     C:\Windows\Prefetch\WMPLAYER.EXE-9DE758AE.pf --------- 58554  
 31.10.2010 09:51     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 2916296  
 30.10.2010 23:15     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 2150625  
 30.10.2010 23:15     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 930309  
 30.10.2010 23:15     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3449370  
 30.10.2010 23:15     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 508  
 30.10.2010 23:15     C:\Windows\Prefetch\AgRobust.db --------- 191796  
 30.10.2010 23:06     C:\Windows\Prefetch\RUNDLL32.EXE-D05D2FD4.pf --------- 44322  
 30.10.2010 23:03     C:\Windows\Prefetch\UPDATE.EXE-3FBE35E6.pf --------- 318412  
 30.10.2010 23:03     C:\Windows\Prefetch\AVCENTER.EXE-087DA68F.pf --------- 120608  
 30.10.2010 23:03     C:\Windows\Prefetch\AVCONFIG.EXE-25BB6BD8.pf --------- 80456  
 30.10.2010 22:52     C:\Windows\Prefetch\ALG.EXE-5BBFFD2F.pf --------- 19862  
 30.10.2010 22:52     C:\Windows\Prefetch\PSI.EXE-973712FB.pf --------- 4300  
 30.10.2010 22:51     C:\Windows\Prefetch\SVCHOST.EXE-B421B09A.pf --------- 97218  
 30.10.2010 22:28     C:\Windows\Prefetch\SCHTASKS.EXE-2DE769BF.pf --------- 1182  
 30.10.2010 22:14     C:\Windows\Prefetch\AVNOTIFY.EXE-4291C867.pf --------- 63474  
 30.10.2010 22:14     C:\Windows\Prefetch\AVSCAN.EXE-1FDA38F3.pf --------- 190804  
 30.10.2010 22:12     C:\Windows\Prefetch\SVCHOST.EXE-135A30D8.pf --------- 53588  
 29.10.2010 22:21     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1520337693-1879009250-3396951402-1001.db --------- 976780  
 29.10.2010 22:21     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1520337693-1879009250-3396951402-1001.db --------- 2118552  
 29.10.2010 22:20     C:\Windows\Prefetch\AgCx_SC1.db --------- 739965  
 29.10.2010 22:20     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 147970  
 29.10.2010 19:43     C:\Windows\Prefetch\ASOELNCH.EXE-9154F828.pf --------- 27326  
 29.10.2010 18:43     C:\Windows\Prefetch\ADOBEARM.EXE-ACA00A4A.pf --------- 21986  
 29.10.2010 17:29     C:\Windows\Prefetch\INTEGRATOR.EXE-6F86C88D.pf --------- 71018  
 29.10.2010 17:29     C:\Windows\Prefetch\INITIALIZE.EXE-68F10AC4.pf --------- 36328  
 29.10.2010 17:29     C:\Windows\Prefetch\REGSVR32.EXE-55A4EE79.pf --------- 34004  
 29.10.2010 17:28     C:\Windows\Prefetch\IS-4M0O6.TMP-D450AF1C.pf --------- 44314  
 29.10.2010 17:28     C:\Windows\Prefetch\GUSETUPNEW.EXE-16019D4D.pf --------- 27254  
 29.10.2010 17:28     C:\Windows\Prefetch\ASKINSTALLCHECKER.EXE-EFB499D6.pf --------- 32596  
 29.10.2010 17:05     C:\Windows\Prefetch\GAMEOVERLAYUI.EXE-E24BB2EF.pf --------- 70340  
 29.10.2010 17:05     C:\Windows\Prefetch\HL2.EXE-6869E142.pf --------- 175344  
 29.10.2010 16:55     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-1D5F6C6B.pf --------- 93922  
 29.10.2010 16:54     C:\Windows\Prefetch\FIREFOX.EXE-E60C0AA7.pf --------- 251606  
 29.10.2010 16:54     C:\Windows\Prefetch\STEAM.EXE-786CC607.pf --------- 12900  
 29.10.2010 14:17     C:\Windows\Prefetch\HELPER.EXE-36267E56.pf --------- 28276  
 29.10.2010 14:17     C:\Windows\Prefetch\UPDATER.EXE-1FA191F8.pf --------- 166280  
 29.10.2010 14:14     C:\Windows\Prefetch\KHALMNPR.EXE-EB9C0624.pf --------- 5970  
 29.10.2010 14:13     C:\Windows\Prefetch\EXPLORER.EXE-7A3328DA.pf --------- 277970  
 29.10.2010 14:13     C:\Windows\Prefetch\CCSVCHST.EXE-589EE114.pf --------- 83512  
 29.10.2010 14:13     C:\Windows\Prefetch\DWM.EXE-AEABE78B.pf --------- 32134  
 29.10.2010 14:13     C:\Windows\Prefetch\USERINIT.EXE-F39AB672.pf --------- 16270  
 29.10.2010 14:13     C:\Windows\Prefetch\DLLHOST.EXE-893DDF55.pf --------- 45434  
 29.10.2010 14:13     C:\Windows\Prefetch\RUNDLL32.EXE-7768279B.pf --------- 952  
 28.10.2010 19:43     C:\Windows\Prefetch\SYMERR.EXE-181CA669.pf --------- 3128  
 28.10.2010 19:29     C:\Windows\Prefetch\JAVA.EXE-066C5985.pf --------- 101530  
 28.10.2010 19:29     C:\Windows\Prefetch\JP2LAUNCHER.EXE-42754454.pf --------- 17060  
 28.10.2010 19:23     C:\Windows\Prefetch\MFPMP.EXE-73140A33.pf --------- 62114  
 28.10.2010 19:15     C:\Windows\Prefetch\VLC.EXE-CE8E9BE1.pf --------- 279658  
 28.10.2010 19:14     C:\Windows\Prefetch\DIVX PLUS PLAYER.EXE-50BD3554.pf --------- 150256  
 28.10.2010 19:13     C:\Windows\Prefetch\RUNDLL32.EXE-C21D3DCD.pf --------- 40822  
 28.10.2010 19:03     C:\Windows\Prefetch\DISTNOTED.EXE-6676BA54.pf --------- 21604  
 28.10.2010 19:03     C:\Windows\Prefetch\APPLEMOBILEDEVICEHELPER.EXE-B651274A.pf --------- 44272  
 28.10.2010 19:03     C:\Windows\Prefetch\ITUNES.EXE-049DB451.pf --------- 142856  
 28.10.2010 19:03     C:\Windows\Prefetch\SAFARI.EXE-29E0FDAD.pf --------- 150600  
 28.10.2010 19:03     C:\Windows\Prefetch\SOFTWAREUPDATE.EXE-2B0C49F7.pf --------- 111502  
 28.10.2010 19:03     C:\Windows\Prefetch\DLLHOST.EXE-91B07125.pf --------- 27408  
 28.10.2010 19:01     C:\Windows\Prefetch\APPLESYNCNOTIFIER.EXE-B83D62EB.pf --------- 46872  
 28.10.2010 19:00     C:\Windows\Prefetch\SETUPADMIN.EXE-8CCF9633.pf --------- 13624  
 28.10.2010 19:00     C:\Windows\Prefetch\MSIEXEC.EXE-B5AFA339.pf --------- 45142  
 28.10.2010 18:52     C:\Windows\Prefetch\ITUNESHELPER.EXE-302622F9.pf --------- 28242  
 28.10.2010 18:51     C:\Windows\Prefetch\ITUNESPHOTOPROCESSOR.EXE-0D78BCAB.pf --------- 12410  
 28.10.2010 18:51     C:\Windows\Prefetch\DIFXINSTALL32.EXE-ED9609C9.pf --------- 34558  
 28.10.2010 18:49     C:\Windows\Prefetch\ITUNESSETUP.EXE-6DBAE2C9.pf --------- 15514  
 28.10.2010 18:48     C:\Windows\Prefetch\IEXPLORE.EXE-1B894AFB.pf --------- 92788  
 28.10.2010 18:40     C:\Windows\Prefetch\ACRORD32INFO.EXE-E3F62CBD.pf --------- 51178  
 28.10.2010 18:39     C:\Windows\Prefetch\QUICKTIMEPLAYER.EXE-5CACBC1C.pf --------- 26860  
 28.10.2010 18:37     C:\Windows\Prefetch\RUNDLL32.EXE-B04C85B7.pf --------- 44676  
 28.10.2010 17:51     C:\Windows\Prefetch\JAVAW.EXE-C4EA16F0.pf --------- 94394  
 28.10.2010 17:51     C:\Windows\Prefetch\JAUCHECK.EXE-04AFF24E.pf --------- 24366  
 28.10.2010 17:51     C:\Windows\Prefetch\JAVAWS.EXE-25FD1E0F.pf --------- 20218  
 28.10.2010 17:10     C:\Windows\Prefetch\RUNDLL32.EXE-F452D79D.pf --------- 3284  
 28.10.2010 17:01     C:\Windows\Prefetch\Layout.ini --------- 1543366  
 28.10.2010 16:55     C:\Windows\Prefetch\LOGON.SCR-7C80CA1C.pf --------- 36040  
 28.10.2010 16:27     C:\Windows\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-9F32D4F0.pf --------- 25306  
 28.10.2010 16:24     C:\Windows\Prefetch\WINLOGON.EXE-8163EECC.pf --------- 17058  
 28.10.2010 16:24     C:\Windows\Prefetch\CSRSS.EXE-8C04D631.pf --------- 27980  
 28.10.2010 16:24     C:\Windows\Prefetch\SMSS.EXE-1DCD0EB1.pf --------- 2240  
 27.10.2010 19:33     C:\Windows\Prefetch\CCLEANER.EXE-7590636D.pf --------- 34216  
 23.10.2010 13:59     C:\Windows\Prefetch\AgCx_SC3_87B69224.db --------- 507423  
 23.10.2010 13:54     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-1520337693-1879009250-3396951402-1001.snp.db --------- 3877723  
 05.10.2010 13:59     C:\Windows\Prefetch\AgCx_SC2.db --------- 810460  
 24.07.2010 20:23     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-1520337693-1879009250-3396951402-1002.db --------- 906521  
 24.07.2010 20:23     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-1520337693-1879009250-3396951402-1002.db --------- 419210  
 02.02.2010 17:30     C:\Windows\Prefetch\AgAppLaunch.db --------- 332116  
----------------------------------------

 
C:\Windows\Tasks

 31.10.2010 09:50     C:\Windows\Tasks\SA.DAT --------- 6  
 30.10.2010 23:15     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534  
 29.10.2010 17:29     C:\Windows\Tasks\GlaryInitialize.job --------- 304  
 28.10.2010 16:02     C:\Windows\Tasks\Norton Security Scan for Nico.job --------- 472  
----------------------------------------

 
C:\Windows\Temp

 31.10.2010 10:10     C:\Windows\Temp\WER1C68.tmp.hdmp --------- 109183602  
 31.10.2010 10:10     C:\Windows\Temp\WER1C57.tmp.appcompat.txt --------- 18556  
 31.10.2010 10:10     C:\Windows\Temp\WER1C46.tmp.version.txt --------- 476  
 31.10.2010 09:50     C:\Windows\Temp\nmsmc_DQLWinService.log --------- 149  
 29.10.2010 18:43     C:\Windows\Temp\AdobeARM.log --------- 762  
 27.10.2010 16:05     C:\Windows\Temp\CPSSMasterCatalog.ini --------- 417  
----------------------------------------

 
C:\Users\Nico\AppData\Local\Temp

 31.10.2010 09:55     C:\Users\Nico\AppData\Local\Temp\jusched.log --------- 2011  
 31.10.2010 09:50     C:\Users\Nico\AppData\Local\Temp\WPDNSE --------- 0  
 31.10.2010 09:50     C:\Users\Nico\AppData\Local\Temp\divDC2B.tmp --------- 0  
 31.10.2010 09:50     C:\Users\Nico\AppData\Local\Temp\AdobeARM.log --------- 4983  
 31.10.2010 09:50     C:\Users\Nico\AppData\Local\Temp\Nico.bmp --------- 31832  
 30.10.2010 22:12     C:\Users\Nico\AppData\Local\Temp\divDF94.tmp --------- 0  
 29.10.2010 17:29     C:\Users\Nico\AppData\Local\Temp\~gu-ver.dat --------- 590  
 29.10.2010 16:54     C:\Users\Nico\AppData\Local\Temp\scoped_dir17254 --------- 0  
 29.10.2010 16:54     C:\Users\Nico\AppData\Local\Temp\scoped_dir19331 --------- 0  
 29.10.2010 15:48     C:\Users\Nico\AppData\Local\Temp\MessengerCache --------- 8192  
 29.10.2010 14:14     C:\Users\Nico\AppData\Local\Temp\div46A0.tmp --------- 0  
 28.10.2010 19:32     C:\Users\Nico\AppData\Local\Temp\hsperfdata_Nico --------- 0  
 28.10.2010 19:08     C:\Users\Nico\AppData\Local\Temp\divFA64.tmp --------- 0  
 28.10.2010 19:00     C:\Users\Nico\AppData\Local\Temp\SetupAdmin10F0.log --------- 86  
 28.10.2010 18:49     C:\Users\Nico\AppData\Local\Temp\QTInstallCode.log --------- 763  
 28.10.2010 18:36     C:\Users\Nico\AppData\Local\Temp\divDE2D.tmp --------- 0  
 27.10.2010 17:07     C:\Users\Nico\AppData\Local\Temp\div8AD1.tmp --------- 0  
 19.10.2010 17:17     C:\Users\Nico\AppData\Local\Temp\Low --------- 0  
----------------------------------------

 
C:\Program Files

 31.10.2010 10:01     C:\Program Files\trend micro --------- 0  
 29.10.2010 14:17     C:\Program Files\Mozilla Firefox --------- 24576  
 28.10.2010 19:00     C:\Program Files\Safari --------- 4096  
 24.10.2010 16:30     C:\Program Files\Windows Media Player --------- 4096  
 19.10.2010 17:19     C:\Program Files\Adobe --------- 0  
 19.10.2010 13:21     C:\Program Files\NOS --------- 0  
 18.10.2010 18:44     C:\Program Files\Viewpoint --------- 4096  
 17.10.2010 19:13     C:\Program Files\Windows Sidebar --------- 4096  
 17.10.2010 19:13     C:\Program Files\PC-Doctor 5 for Windows --------- 839680  
 17.10.2010 19:13     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 17.10.2010 19:13     C:\Program Files\HP --------- 0  
 17.10.2010 19:09     C:\Program Files\DivX --------- 4096  
 16.10.2010 18:43     C:\Program Files\Java --------- 4096  
 16.10.2010 11:45     C:\Program Files\AGEIA Technologies --------- 8192  
 16.10.2010 08:18     C:\Program Files\Opera --------- 4096  
 07.10.2010 17:58     C:\Program Files\iTunes --------- 8192  
 07.10.2010 17:58     C:\Program Files\iPod --------- 0  
 01.10.2010 12:48     C:\Program Files\Microsoft Silverlight --------- 4096  
 29.09.2010 21:03     C:\Program Files\Common Files --------- 8192  
 29.09.2010 21:02     C:\Program Files\InstallShield Installation Information --------- 4096  
 16.09.2010 15:31     C:\Program Files\Internet Explorer --------- 4096  
 13.08.2010 09:18     C:\Program Files\Movie Maker --------- 4096  
 01.08.2010 11:23     C:\Program Files\DVDVideoSoft --------- 4096  
 15.07.2010 13:08     C:\Program Files\VideoLAN --------- 0  
 15.07.2010 12:41     C:\Program Files\PPLive --------- 0  
 28.06.2010 18:20     C:\Program Files\DVD Audio Extractor --------- 0  
 25.05.2010 12:38     C:\Program Files\Norton Security Scan --------- 0  
 25.05.2010 12:38     C:\Program Files\NortonInstaller --------- 0  
 18.05.2010 11:34     C:\Program Files\Symantec --------- 0  
 18.05.2010 11:33     C:\Program Files\Norton Internet Security --------- 0  
 13.05.2010 16:23     C:\Program Files\Windows Mail --------- 4096  
 18.04.2010 21:16     C:\Program Files\Microsoft Works --------- 28672  
 14.04.2010 15:45     C:\Program Files\MSBuild --------- 0  
 14.04.2010 15:45     C:\Program Files\Microsoft Office --------- 4096  
 14.04.2010 15:45     C:\Program Files\Microsoft Visual Studio --------- 0  
 14.04.2010 15:44     C:\Program Files\Microsoft.NET --------- 0  
 13.04.2010 15:35     C:\Program Files\GIMP-2.0 --------- 0  
 10.04.2010 22:13     C:\Program Files\Veetle --------- 0  
 03.04.2010 20:04     C:\Program Files\Avira --------- 0  
 13.03.2010 22:46     C:\Program Files\AVS4YOU --------- 4096  
 25.02.2010 19:50     C:\Program Files\Apple Software Update --------- 4096  
 22.02.2010 16:00     C:\Program Files\WinRAR --------- 4096  
 09.02.2010 07:56     C:\Program Files\Windows Calendar --------- 0  
 09.02.2010 07:56     C:\Program Files\Windows Collaboration --------- 4096  
 09.02.2010 07:56     C:\Program Files\Windows Photo Gallery --------- 4096  
 09.02.2010 07:56     C:\Program Files\Windows Defender --------- 4096  
 03.02.2010 16:33     C:\Program Files\Microsoft --------- 0  
 03.02.2010 16:33     C:\Program Files\Windows Live --------- 0  
 03.02.2010 15:18     C:\Program Files\EASEUS --------- 0  
 02.02.2010 21:41     C:\Program Files\desktop.ini --------- 174  
 02.02.2010 20:27     C:\Program Files\Logitech --------- 0  
 02.02.2010 17:50     C:\Program Files\T-Online --------- 0  
 02.02.2010 17:30     C:\Program Files\Windows NT --------- 4096  
 02.02.2010 17:30     C:\Program Files\Gemeinsame Dateien --------- 0  
 15.06.2007 12:37     C:\Program Files\EasyBits --------- 0  
 02.11.2006 14:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 13:37     C:\Program Files\Microsoft Games --------- 4096  
 02.11.2006 13:37     C:\Program Files\Reference Assemblies --------- 0  
 08.02.2002 01:48     C:\Program Files\Google --------- 4096  
 08.02.2002 01:48     C:\Program Files\Online-Dienste --------- 4096  
 08.02.2002 01:46     C:\Program Files\Hewlett-Packard --------- 4096  
 08.02.2002 01:40     C:\Program Files\muvee Technologies --------- 0  
 08.02.2002 01:38     C:\Program Files\Roxio --------- 4096  
 08.02.2002 01:30     C:\Program Files\Intel --------- 0  
 08.02.2002 01:29     C:\Program Files\Realtek --------- 0  
 08.02.2002 01:28     C:\Program Files\WinTV --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

IUSR_NMPR    
Default    
Nico    
Evi    
desktop.ini    
All Users    
Default User    
Public    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        14.476 K
smss.exe                       492 Services                   0           800 K
csrss.exe                      560 Services                   0         6.996 K
wininit.exe                    608 Services                   0         4.464 K
csrss.exe                      616 Console                    1         9.648 K
services.exe                   652 Services                   0         7.504 K
lsass.exe                      664 Services                   0         4.060 K
lsm.exe                        672 Services                   0         4.800 K
svchost.exe                    828 Services                   0         6.072 K
winlogon.exe                   860 Console                    1         5.916 K
svchost.exe                    960 Services                   0         6.972 K
svchost.exe                   1064 Services                   0        14.716 K
svchost.exe                   1092 Services                   0        78.376 K
svchost.exe                   1120 Services                   0       142.712 K
audiodg.exe                   1204 Services                   0        16.588 K
svchost.exe                   1316 Services                   0         4.820 K
SLsvc.exe                     1336 Services                   0        11.784 K
svchost.exe                   1408 Services                   0        12.484 K
svchost.exe                   1540 Services                   0        14.428 K
spoolsv.exe                   1820 Services                   0         9.056 K
sched.exe                     1844 Services                   0         1.772 K
svchost.exe                   1856 Services                   0        16.236 K
dwm.exe                        692 Console                    1        76.016 K
taskeng.exe                    836 Console                    1        11.032 K
explorer.exe                  1052 Console                    1        71.904 K
RtHDVCpl.exe                  2104 Console                    1         7.264 K
rundll32.exe                  2148 Console                    1         7.628 K
rundll32.exe                  2156 Console                    1         5.704 K
avgnt.exe                     2168 Console                    1         4.384 K
DivXUpdate.exe                2200 Console                    1        15.916 K
jusched.exe                   2240 Console                    1         3.636 K
iTunesHelper.exe              2320 Console                    1        11.144 K
sidebar.exe                   2352 Console                    1        41.388 K
msnmsgr.exe                   2360 Console                    1        53.504 K
SetPoint.exe                  2400 Console                    1        13.036 K
KHALMNPR.exe                  2464 Console                    1         5.608 K
taskeng.exe                   2568 Services                   0         5.464 K
avguard.exe                   2772 Services                   0         7.808 K
AppleMobileDeviceService.     2804 Services                   0         4.108 K
DQLWinService.exe             2824 Services                   0         3.128 K
HPBtnSrv.exe                  2952 Services                   0         5.384 K
avshadow.exe                  3020 Services                   0         5.864 K
LSSrvc.exe                    3076 Services                   0         4.072 K
ccsvchst.exe                  3104 Services                   0         8.656 K
svchost.exe                   3140 Services                   0         5.100 K
svchost.exe                   3232 Services                   0         6.440 K
ViewpointService.exe          3312 Services                   0         3.872 K
svchost.exe                   3380 Services                   0         4.264 K
SearchIndexer.exe             3492 Services                   0        16.132 K
WUDFHost.exe                  3828 Services                   0         5.492 K
ccsvchst.exe                  3872 Console                    1         4.832 K
alg.exe                       2052 Services                   0         4.552 K
WmiPrvSE.exe                  2068 Services                   0        10.584 K
svchost.exe                   2388 Services                   0        14.820 K
mobsync.exe                    356 Console                    1         7.912 K
iPodService.exe               4832 Services                   0         5.628 K
wlcomm.exe                    5000 Console                    1        24.132 K
unsecapp.exe                  5048 Console                    1         6.328 K
opera.exe                     4544 Console                    1       165.780 K
HPHC_Service.exe              5068 Services                   0         9.092 K
WinRAR.exe                    5556 Console                    1        14.852 K
SearchProtocolHost.exe        4216 Services                   0         8.812 K
SearchFilterHost.exe          4752 Services                   0         5.608 K
cmd.exe                       3068 Console                    1         4.152 K
conime.exe                    4860 Console                    1         5.224 K
WerFault.exe                  5552 Services                   0        11.768 K
dllhost.exe                    424 Console                    1         6.116 K
tasklist.exe                  2348 Console                    1         5.176 K
WmiPrvSE.exe                  5196 Services                   0         6.384 K

 
***** Ende des Scans 31.10.2010 um 10:11:03,87 ***

Alt 02.11.2010, 12:44   #8
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Also ich hab das jetzt einige male probiert und mir ist aufgefallen, dass ich alles posten kann außer den Teil
Code:
ATTFilter
C:\Windows
von der hjt-log.
ich weiß nicht warum aber jedesmal wenn ich das reinkopiere und auf antworten drücke, kommt die Meldung "Verbindung wurde vom Server unterbrochen".

Alt 02.11.2010, 12:46   #9
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Also ich hab das jetzt einige male probiert und mir ist aufgefallen, dass ich alles posten kann außer den Teil
Code:
ATTFilter
C:\Windows
ich weiß nicht warum aber jedesmal wenn ich das reinkopiere und auf antworten drücke, kommt die Meldung "Verbindung wurde vom Server unterbrochen".

Alt 03.11.2010, 06:29   #10
kira
/// Helfer-Team
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


versuche mal als Textdatei oder ZIP-Dateiformat anhängen, oder bei File-Upload.net/kostenlos hochladen und den Link mir hier posten.

Alt 09.11.2010, 07:04   #11
kira
/// Helfer-Team
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


1.
stelle zunächst auf "Deaktiviert":
Code:
ATTFilter
Viewpoint Manager Service
2.
- "mbr.log" wenn gespeichert, löschen
- Lass MBR erneut laufen, Log posten

Alt 10.11.2010, 19:57   #12
nico885
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


Code:
ATTFilter
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6002 Disk: SAMSUNG_HD501LJ rev.CR100-10 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK 
copy of MBR has been found in sector 9 !

Alt 11.11.2010, 07:58   #13
kira
/// Helfer-Team
 
Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - Standard

Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


wie verhält sich den dein System?

Antwort

Themen zu Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden
32-bit, adresse, arbeitsspeicher, benutzer, bildschirm, bildschirm schwarz, browser, gen, hostprozess, laden, malwarebytes, meldung, neu, neues, problem, prozess, prozesse, sanduhr, schwarz, seite, seiten, spybot, taskmanager, vista, windows, öffnet, öffnet seiten


« Infiziert? | Spam Mails+Anhang,system kompromittiert? »


Ähnliche Themen: Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden


  1. Problem: Die Anwendung konnte nicht korrekt ausgeführt werden (0xc0000006)
    Plagegeister aller Art und deren Bekämpfung - 08.09.2015 (9)
  2. Windows 8.1 Update konnte nicht abgeschlossen werden
    Alles rund um Windows - 10.08.2015 (3)
  3. Windows 8 / "Feun2Save": Nur noch Werbelinks usw. im Browser; Browser öffnet sich von alleine
    Log-Analyse und Auswertung - 06.10.2014 (18)
  4. Browser öffnet alleine Werbe-Seiten (z.B Java-Aktualisierungen; Casino o. Finanzen), zeigt auf den Seiten übermäßig viel Werbung an.
    Log-Analyse und Auswertung - 08.08.2014 (7)
  5. Windows konnte nicht gestartet werden,...
    Plagegeister aller Art und deren Bekämpfung - 29.04.2014 (14)
  6. Taskmanager öffnet nicht, Browser reagiert nicht, XP kann nicht herunter gefahren werden.
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (3)
  7. selbstständig öffnende Browser-Werbefenster und "DataMngr" konnte nicht entfernt werden
    Log-Analyse und Auswertung - 22.01.2014 (9)
  8. Mozilla/Browser öffnet manche Seiten nicht
    Log-Analyse und Auswertung - 07.10.2012 (29)
  9. Catalyst Controll Center Applikation konnte nicht ausgeführt werden und Benutzerordner verschwunden
    Plagegeister aller Art und deren Bekämpfung - 24.07.2011 (1)
  10. [Windows 7] gpedit.msc konnte nicht gefunden werden
    Alles rund um Windows - 06.03.2011 (4)
  11. Browser startet verdächtige Websites, Schutz-Programme können nicht ausgeführt werden
    Plagegeister aller Art und deren Bekämpfung - 16.11.2009 (6)
  12. read konnte nich ausgeführt werden
    Alles rund um Windows - 07.07.2009 (2)
  13. seite konnte nicht gefunden werden [nur bei einigen seiten]
    Log-Analyse und Auswertung - 03.05.2009 (6)
  14. IE öffnet alleine seiten...!!!
    Plagegeister aller Art und deren Bekämpfung - 31.03.2008 (6)
  15. seiten werden im browser nicht geladen - icq funktioniert, aber einwandfrei
    Alles rund um Windows - 06.09.2007 (8)
  16. Internet explorer problem, vorgang read konnte nicht ausgeführt werden
    Log-Analyse und Auswertung - 03.07.2007 (5)
  17. Windows konnte nicht gestartet werden...
    Alles rund um Windows - 06.10.2006 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden - hier zu 6. Code: Alles auswählen Aufklappen ATTFilter ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2010/10/31 11:41 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- - Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden...
Archiv
Du betrachtest: Browser öffnet Seiten von alleine und Windows Hostprozess konnte nicht ausgeführt werden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132