TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg

Swillswissen · 15.03.2012, 22:49

Hallo,

ich habe Avira Antivir und bei mir kam ganz oft die gleiche Meldung, dass etwas schädliches gefunden wurde. Die Auswahl "In Quarantäne verschieben" gab es nicht, deshalb habe ich "Entfernen" gedrückt. Gleichzeit hat sich ein Suchlauf gestartet. So ging das über eine Stunde... dann habe ich einen Suchlauf durch Antivir gemacht, der hat die vorherigen Viren/Trojaner alle immer noch gefunden (knapp 170 Dateien betroffen), dann ging es auch sie in Quarantäne zu verschieben. Leider wird aber weiterhin etwas gefunden, d.h. das ganze ist irgendwie immer noch nciht weg. Angezeigt wurde:
TR/Sirefef.BP.1 --> am öftesten
Tr/Crypt.XPACK.Gen --> selten
TR/Rootkit.Gen2 --> selten

Ich hab die verlangten Programme laufen lassen, hier das Ergebnis. Ich hoffe das passt so? Ich kenn mich mit solchen Programmen etc. sehr wenig aus... Danke für Hilfe!
Lg Swillswissen

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:17 on 15/03/2012 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS:

DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by admin at 18:19:53 on 2012-03-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.321 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Programme\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - 
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>] 
mRun: [Dell QuickSet] c:\programme\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [NokiaMServer] c:\programme\gemeinsame dateien\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178992216781
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7C20709-6F15-4A19-A72B-64383BD5111B} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - component: c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\2hfot8x9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-10 36000]
R1 uigxrdr;uigxrdr;c:\windows\system32\drivers\uigxrdr.SYS [2010-12-12 148992]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\avira\antivir desktop\sched.exe [2011-11-10 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\programme\avira\antivir desktop\avguard.exe [2011-11-10 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-14 74640]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\gemeinsame dateien\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-7-1 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\gemeinsame dateien\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-7-1 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-29 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-29 27632]
S2 mclserviceatl;Mssqlserveradhelper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 mcshield;Modemcsa;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 mksvirmonsvc;MREMPR5;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 navap;Vpctcom;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 pav_security;Fetnd5bv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 vetmonnt;DFUBTUSB;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\drivers\o4501u.sys --> c:\windows\system32\drivers\O4501U.sys [?]
.
=============== Created Last 30 ================
.
2012-03-15 02:31:00	0	--sha-w-	c:\windows\system32\dds_log_ad13.cmd
2012-03-15 02:28:29	--------	d-sh--w-	c:\dokumente und einstellungen\admin\lokale einstellungen\anwendungsdaten\f4631c47
.
==================== Find3M  ====================
.
2012-02-16 16:45:11	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20:28	1860096	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:43:23	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:43:23	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:43:23	1469440	------w-	c:\windows\system32\inetcpl.cpl
2008-12-01 16:30:46	12681040	-c--a-w-	c:\programme\mm20deu.exe
.
============= FINISH: 18:22:34,90 ===============

--- --- ---

Attach von DDS:

Code:

ATTFilter

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 13.04.2006 16:05:51
System Uptime: 15.03.2012 16:57:36 (2 hours ago)
.
Motherboard: Dell Inc. |  | 0RJ272
Processor: Intel(R) Celeron(R) M processor         1.50GHz | Microprocessor | 1496/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 2,286 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Mehrfach-Kommunikationsanschluss
Device ID: ROOT\PORTS\0001
Manufacturer: (Standardanschlusstypen)
Name: Mehrfach-Kommunikationsanschluss (COM6)
PNP Device ID: ROOT\PORTS\0001
Service: Serial
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: ECP-Druckeranschluss
Device ID: ROOT\PORTS\0002
Manufacturer: (Standardanschlusstypen)
Name: ECP-Druckeranschluss (LPT3)
PNP Device ID: ROOT\PORTS\0002
Service: Parport
.
==== System Restore Points ===================
.
RP1715: 25.01.2012 22:22:43 - Systemprüfpunkt
RP1716: 27.01.2012 00:50:52 - Systemprüfpunkt
RP1717: 28.01.2012 11:25:16 - Systemprüfpunkt
RP1718: 29.01.2012 21:28:06 - Systemprüfpunkt
RP1719: 30.01.2012 21:39:47 - Systemprüfpunkt
RP1720: 31.01.2012 23:33:11 - Systemprüfpunkt
RP1721: 02.02.2012 00:19:50 - Systemprüfpunkt
RP1722: 03.02.2012 01:32:44 - Systemprüfpunkt
RP1723: 05.02.2012 15:33:36 - Systemprüfpunkt
RP1724: 06.02.2012 18:53:27 - Systemprüfpunkt
RP1725: 07.02.2012 20:04:25 - Systemprüfpunkt
RP1726: 08.02.2012 20:10:20 - Systemprüfpunkt
RP1727: 10.02.2012 00:06:21 - Systemprüfpunkt
RP1728: 12.02.2012 23:28:59 - Systemprüfpunkt
RP1729: 13.02.2012 23:54:53 - Systemprüfpunkt
RP1730: 15.02.2012 00:26:57 - Systemprüfpunkt
RP1731: 16.02.2012 01:05:51 - Systemprüfpunkt
RP1732: 17.02.2012 17:00:59 - Systemprüfpunkt
RP1733: 18.02.2012 23:43:00 - Software Distribution Service 3.0
RP1734: 20.02.2012 11:48:38 - Systemprüfpunkt
RP1735: 21.02.2012 18:35:48 - Systemprüfpunkt
RP1736: 22.02.2012 23:43:43 - Systemprüfpunkt
RP1737: 25.02.2012 14:31:50 - Systemprüfpunkt
RP1738: 26.02.2012 20:29:16 - Systemprüfpunkt
RP1739: 27.02.2012 20:33:23 - Systemprüfpunkt
RP1740: 28.02.2012 20:39:58 - Systemprüfpunkt
RP1741: 29.02.2012 23:15:18 - Systemprüfpunkt
RP1742: 01.03.2012 23:20:18 - Systemprüfpunkt
RP1743: 03.03.2012 11:19:53 - Systemprüfpunkt
RP1744: 04.03.2012 12:49:26 - Systemprüfpunkt
RP1745: 05.03.2012 21:32:46 - Systemprüfpunkt
RP1746: 06.03.2012 21:42:25 - Systemprüfpunkt
RP1747: 07.03.2012 21:45:38 - Systemprüfpunkt
RP1748: 08.03.2012 22:10:03 - Systemprüfpunkt
RP1749: 10.03.2012 13:06:38 - Systemprüfpunkt
RP1750: 11.03.2012 15:21:39 - Systemprüfpunkt
RP1751: 12.03.2012 18:12:14 - Systemprüfpunkt
RP1752: 13.03.2012 18:54:15 - Systemprüfpunkt
RP1753: 14.03.2012 19:32:25 - Systemprüfpunkt
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0 - Deutsch
AliceHilfe
Apple Application Support
Apple Software Update
ARTEuro
Avanquest update
Avira Free Antivirus
Bonjour
Broadcom Management Programs
Compatibility Pack für 2007 Office System
Conexant HDA D110 MDC V.92 Modem
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.1
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DesignWorkshop Lite
Digital Line Detect
ElsterFormular für Privatanwender
Emma Core
F-pro 1.3
f4 3.0.3
Free Studio version 5.2.1
Free YouTube Download version 2.10.29
freenet.de Zugangssoftware
GMX Upload-Manager
High Definition Audio Driver Package - KB835221
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB2570791)
Hotfix für Windows XP (KB2633952)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Color LaserJet 2820/2830/2840 2.0
HP OfficeJet T Series (Nur entfernen)
hppFaxUtility
hppIOFiles
hppManuals2800
hppscan2800
hppTooCool
Intel(R) Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java(TM) 6 Update 29
MCU
MediaManager
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MicroStaff WINASPI
Modem Helper
Mozilla Firefox (2.0.0.20)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MVBdP Version 1.5.3
NetWaiting
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Olympus Digital Wave Player
OpenVPN 2.1.4
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDFCreator
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
SEMC OMSI Module
Sibelius Scorch (ActiveX Only)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476490)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2503665)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2507938)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB2535512)
Sicherheitsupdate für Windows XP (KB2536276-v2)
Sicherheitsupdate für Windows XP (KB2536276)
Sicherheitsupdate für Windows XP (KB2544893-v2)
Sicherheitsupdate für Windows XP (KB2544893)
Sicherheitsupdate für Windows XP (KB2555917)
Sicherheitsupdate für Windows XP (KB2562937)
Sicherheitsupdate für Windows XP (KB2566454)
Sicherheitsupdate für Windows XP (KB2567053)
Sicherheitsupdate für Windows XP (KB2567680)
Sicherheitsupdate für Windows XP (KB2570222)
Sicherheitsupdate für Windows XP (KB2570947)
Sicherheitsupdate für Windows XP (KB2584146)
Sicherheitsupdate für Windows XP (KB2585542)
Sicherheitsupdate für Windows XP (KB2592799)
Sicherheitsupdate für Windows XP (KB2598479)
Sicherheitsupdate für Windows XP (KB2603381)
Sicherheitsupdate für Windows XP (KB2618451)
Sicherheitsupdate für Windows XP (KB2619339)
Sicherheitsupdate für Windows XP (KB2620712)
Sicherheitsupdate für Windows XP (KB2624667)
Sicherheitsupdate für Windows XP (KB2631813)
Sicherheitsupdate für Windows XP (KB2633171)
Sicherheitsupdate für Windows XP (KB2639417)
Sicherheitsupdate für Windows XP (KB2646524)
Sicherheitsupdate für Windows XP (KB2660465)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.5
Sonic Activation Module
Sony Ericsson PC Suite 6.009.00
Synaptics Pointing Device Driver
Systemsteuerung "MobileMe"
T-Online Installationsdateien
TeamViewer 7
TextMaker Viewer
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB971180)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB2541763)
Update für Windows XP (KB2607712)
Update für Windows XP (KB2616676-v2)
Update für Windows XP (KB2641690)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Wie man's spricht DEMO
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Communication Foundation Language Pack - DEU
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
Windows Workflow Foundation DE Language Pack
Windows XP Service Pack 3
WinRAR
Wizard101(DE)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
15.03.2012 06:37:50, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 06:24:26, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 06:11:42, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 05:54:40, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
.
==== End Of File ===========================

GMER:

Code:

ATTFilter

MER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-15 22:23:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapod.sys


---- System - GMER 1.0.15 ----

SSDT            F8C0306C                                                                                              ZwClose
SSDT            F8C03026                                                                                              ZwCreateKey
SSDT            F8C03076                                                                                              ZwCreateSection
SSDT            F8C0301C                                                                                              ZwCreateThread
SSDT            F8C0302B                                                                                              ZwDeleteKey
SSDT            F8C03035                                                                                              ZwDeleteValueKey
SSDT            F8C03067                                                                                              ZwDuplicateObject
SSDT            F8C0303A                                                                                              ZwLoadKey
SSDT            F8C03008                                                                                              ZwOpenProcess
SSDT            F8C0300D                                                                                              ZwOpenThread
SSDT            F8C0308F                                                                                              ZwQueryValueKey
SSDT            F8C03044                                                                                              ZwReplaceKey
SSDT            F8C03080                                                                                              ZwRequestWaitReplyPort
SSDT            F8C0303F                                                                                              ZwRestoreKey
SSDT            F8C0307B                                                                                              ZwSetContextThread
SSDT            F8C03085                                                                                              ZwSetSecurityObject
SSDT            F8C03030                                                                                              ZwSetValueKey
SSDT            F8C0308A                                                                                              ZwSystemDebugControl
SSDT            F8C03017                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           atapi.sys                                                                                             F8340852 1 Byte  [CC] {INT 3 }
?               C:\DOKUME~1\admin\LOKALE~1\Temp\mbr.sys                                                               Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\program files\real\realplayer\update\realsched.exe[3440] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                               SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                               SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Fastfat \Fat                                                                              A19C8D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread          System [4:116]                                                                                        82CE139F
Thread          System [4:120]                                                                                        82C6A0F4

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\$NtUninstallKB6107$\1412421291                                                             0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007                                                             0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\@                                                           2048 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\L                                                           0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\L\nnffsaqa                                                  456320 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\loader.tlb                                                  2632 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U                                                           0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@00000001                                                 45968 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000c0                                                 2560 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cb                                                 3072 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cf                                                 1536 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@80000000                                                 73728 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000c0                                                 43008 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cb                                                 25600 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cf                                                 31232 bytes

---- EOF - GMER 1.0.15 ----

Chris4You · 15.03.2012, 23:04

Hi,

da ist er ja, der kleine Schelm:

Code:

ATTFilter

File C:\WINDOWS\$NtUninstallKB6107$\1412421291 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\L 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\L\nnffsaqa 456320 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@80000000 73728 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000c0 43008 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cb 25600 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cf 31232 bytes

Bevor ich mich jetzt verkünstele, CF runterladen, auf test.com umbenennen und laufen lassen...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Danach:
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

Swillswissen · 16.03.2012, 01:28

Kurze Frage:
Wie kann ich Avira Free Antivirus wirklich ausschalten? Ich habe den Echtzeitscanner ausgeschaltet, aber trotzden sagt ComboFix, das Antivir noch läuft.
Bei mir gibt es keine Zeile "Deaktivieren" wenn ich mit der rechten Maustaste auf das Symbol in der Taskleiste klicke!

Wäre über Hilfe dankbar...

(So gehts nämlich sonst bald meinem PC, wenn ich immer nur Suche und nicht Finde...)

Chris4You · 16.03.2012, 12:06

Hi,

keine Angst, die Anweisung ist nur zur Sicherheit, eigentlich macht das CF alleine...

Gehe wie beschrieben vor...

chris

Swillswissen · 17.03.2012, 02:48

Hallo Chris,
danke für die Info. Ich bin dran, aber es dauert teilw. ja relativ lang und zwischendurch muss ich auch noch andere Dinge tun...

Unten der Zwischenstand. Es hat sich auch Avira nochmal gemeldet und zwar nach dem Scan von Malwarebytes. Die Namen: TR/ATRAPS.Gen2 und TR/Dropper.Gen8

Lg S

Combo Fix:

Code:

ATTFilter

ComboFix 12-03-15.03 - admin 16.03.2012   2:22.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.95 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\test.com.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\X
c:\windows\IsUn0407.exe
c:\windows\system32\STEC3.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-16 bis 2012-03-16  ))))))))))))))))))))))))))))))
.
.
2012-03-16 00:43 . 2008-04-14 01:49	188800	----a-w-	c:\windows\system32\drivers\acpi.sys
2012-03-16 00:43 . 2008-04-14 01:49	188800	----a-w-	c:\windows\system32\dllcache\acpi.sys
2012-03-15 02:31 . 2012-03-15 02:31	0	--sha-w-	c:\windows\system32\dds_log_ad13.cmd
2012-03-15 02:28 . 2012-03-16 01:54	--------	d-sh--w-	c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:35 . 2011-11-10 16:45	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-16 16:45 . 2011-05-18 12:37	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-18 12:05	1860096	----a-w-	c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-08-18 12:05	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-18 12:05	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-18 12:05	1469440	------w-	c:\windows\system32\inetcpl.cpl
2008-12-01 16:30 . 2008-12-01 16:30	12681040	-c--a-w-	c:\programme\mm20deu.exe
2010-05-01 08:17 . 2007-02-02 14:08	67688	-c--a-w-	c:\programme\mozilla firefox\components\jar50.dll
2010-05-01 08:17 . 2007-02-02 14:08	54368	-c--a-w-	c:\programme\mozilla firefox\components\jsd3250.dll
2010-05-01 08:17 . 2008-03-22 06:53	34944	-c--a-w-	c:\programme\mozilla firefox\components\myspell.dll
2010-05-01 08:17 . 2008-03-22 06:53	46712	-c--a-w-	c:\programme\mozilla firefox\components\spellchk.dll
2010-05-01 08:17 . 2007-02-02 14:08	172136	-c--a-w-	c:\programme\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49	176936	----a-w-	c:\programme\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-06 273528]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Philips SNU5600 Wireless USB-Adapter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Philips SNU5600 Wireless USB-Adapter.lnk
backup=c:\windows\pss\Philips SNU5600 Wireless USB-Adapter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OfficeJet T Series]
c:\programme\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet T Series\Install [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12	111936	-c--a-w-	c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 00:04	332800	-c--a-w-	c:\programme\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12	94208	-c----w-	c:\programme\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44	81920	-c--a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 15:30	282624	-c--a-w-	c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56	761947	-c--a-w-	c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\F-pro\\fscommand\\PipeBeama.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Programme\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\ipmgui.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10.11.2011 17:45 36000]
R1 uigxrdr;uigxrdr;c:\windows\system32\drivers\uigxrdr.SYS [12.12.2010 22:32 148992]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [10.11.2011 17:45 86224]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [01.07.2010 16:43 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [01.07.2010 16:43 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [29.06.2010 03:49 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [29.06.2010 03:50 27632]
S3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
dcsloader
AF15BDA
cdralw2k
df5serv
mfcom
WimFltr
tpkmpsvc
issimon
CcmExec
LXARScan
hwpsgt
mstdc
vmnetadapter
PPPoEWin
sptisrv
SE2Cbus
PCTINDIS5
smartwiservice
clmtomcatstartersvc
caili
vetmonnt
CSDriver
USBVCD
cxusb
fsma
upnp
vmusb
SE2Dobex
s125mdm
pop3d32
streamip
x10nets
nvraid
HpqRemHid
backupexecalertserver
pav_security
navap
hpt3xx
websensecamserver
se2Bnd5
epfw
PGPwded
roxmediadb
tcsd_win32.exe
WmBEnum
tvtnetwk
pdlncbas
kservice
mksvirmonsvc
F700isw
DCamUSBMke
EPOWER
SeratoUsb
IBMTPCHK
avidsdmservice
mcshield
AtiHdmiService
BsHelpCS
wg5n
keriomailserver
adiusbaw
lp6nds35
sisnic
WDM_YAMAHAAC97
cvspydr2
Maplom
nsvclog
hap16v2k
ptbsync
aiclient
o2flash
alcaudsl
ProcObsrv
tvtpktfilter
backupexecagentaccelerator
ARSVC
CAMCAUD
sandradatasrv
nchssvad
SenFiltService
hsf_msft
Rawwan
qbreminderflash
iwebmsg
vmparport
tifm
stac97
se45mgmt
zpnodecollector
tfsndrct
TuneUp.ProgramStatisticsSvc
Appn
igateway
se45obex
svcwrsssdk
imagedrv
EPSON_EB_RPCV4_01
raysat3_4_6_18server
dbmang
HPSLPSVC
NOWMEMDF
wsearch
lvckap
dklogger
nmindexingservice
armoucfltr
AlteraByteBlaster
mclserviceatl
w550bus
ndassvc
eskerlicensecontrol
websenseusagemonitor
bridgemp
btwusb
sony_ssm.sys
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-02-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
AddRemove-HP OfficeJet T Series - c:\windows\ISUN0407.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-16 06:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\System32\uigxnp.dll
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\uigxnp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16  07:06:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-16 06:06
ComboFix2.txt  2010-09-19 18:12
ComboFix3.txt  2010-09-18 19:43
.
Vor Suchlauf: 3.180.404.736 Bytes frei
Nach Suchlauf: 3.205.197.824 Bytes frei
.
- - End Of File - - 108371D433527CC2BB4C2B1FEE035E4A

Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: D614P62J [Administrator]

16.03.2012 18:00:04
mbam-log-2012-03-16 (18-00-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 282830
Laufzeit: 7 Stunde(n), 16 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\X.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You · 17.03.2012, 13:10

Hi,

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).

Code:

ATTFilter

Folder::
C:\WINDOWS\$NtUninstallKB6107$\4100136007
C:\WINDOWS\$NtUninstallKB6107$\1412421291
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47

Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

Lass danach GMER nochmal laufen und poste das Log...

chris

Swillswissen · 18.03.2012, 14:07

Hallo,
das mit dem ComboSkript habe ich jetzt noch nicht gemacht. Hier aber die Berichte von OTL. GMER hat von sich aus nichts gemeldet. Dann bin ich auf den Reiter Rootkit und habe den Scan gemacht. Ich hoffe das ist die richtige Info die ich hier poste, konnte nämlich nicht auf Speichern unter, aber bin auf copy gegangen.

Lg S

Code:

ATTFilter

OTL logfile created on: 17.03.2012 02:50:48 - Run 2
OTL by OldTimer - Version 3.2.37.1     Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,37 Mb Total Physical Memory | 227,14 Mb Available Physical Memory | 45,12% Memory free
1,21 Gb Paging File | 0,72 Gb Available in Paging File | 59,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 2,91 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
 
Computer Name: D614P62J | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Programme\Dell\QuickSet\preflibcl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (zpnodecollector) -- %systemroot%\system32\stunnel.dll File not found
SRV - (x10nets) -- %systemroot%\system32\stac97.dll File not found
SRV - (wsearch) -- %systemroot%\system32\sfloppy.dll File not found
SRV - (WmBEnum) -- %systemroot%\system32\s24eventmonitor.dll File not found
SRV - (WimFltr) -- %systemroot%\system32\sbpci.dll File not found
SRV - (wg5n) -- %systemroot%\system32\caisafe.dll File not found
SRV - (websenseusagemonitor) -- %systemroot%\system32\pavagente.dll File not found
SRV - (WDM_YAMAHAAC97) -- %systemroot%\system32\zppinger.dll File not found
SRV - (w550bus) -- %systemroot%\system32\lanmanworkstation.dll File not found
SRV - (vmusb) -- %systemroot%\system32\sysenforce.dll File not found
SRV - (vmparport) -- %systemroot%\system32\GTF32BUS.dll File not found
SRV - (vmnetadapter) -- %systemroot%\system32\ftpds.dll File not found
SRV - (vetmonnt) -- %systemroot%\system32\ialm.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\p3.dll File not found
SRV - (upnp) -- %systemroot%\system32\pcidump.dll File not found
SRV - (tvtpktfilter) -- %systemroot%\system32\mdc8021x.dll File not found
SRV - (tvtnetwk) -- %systemroot%\system32\alcxsens.dll File not found
SRV - (TuneUp.ProgramStatisticsSvc) -- %systemroot%\system32\adihdaudaddservice.dll File not found
SRV - (tpkmpsvc) -- %systemroot%\system32\secdrv.dll File not found
SRV - (tifm) -- %systemroot%\system32\bdftdif.dll File not found
SRV - (tfsndrct) -- %systemroot%\system32\cqcpu.dll File not found
SRV - (tcsd_win32.exe) -- %systemroot%\system32\LVCap138.dll File not found
SRV - (svcwrsssdk) -- %systemroot%\system32\WINUSB.dll File not found
SRV - (streamip) -- %systemroot%\system32\ibmfilter.dll File not found
SRV - (stac97) -- %systemroot%\system32\p2k.dll File not found
SRV - (sony_ssm.sys) -- %systemroot%\system32\soma.dll File not found
SRV - (smartwiservice) -- %systemroot%\system32\adfs.dll File not found
SRV - (sisnic) -- %systemroot%\system32\tphkdrv.dll File not found
SRV - (SeratoUsb) -- %systemroot%\system32\advantage.dll File not found
SRV - (se45obex) -- %systemroot%\system32\procexp100.dll File not found
SRV - (se45mgmt) -- %systemroot%\system32\mssql$microsoftsmlbiz.dll File not found
SRV - (SE2Dobex) -- %systemroot%\system32\tsp.dll File not found
SRV - (SE2Cbus) -- %systemroot%\system32\aolavupd.dll File not found
SRV - (se2Bnd5) -- %systemroot%\system32\roxupnprenderer.dll File not found
SRV - (sandradatasrv) -- %systemroot%\system32\TryAndDecideService.dll File not found
SRV - (s125mdm) -- %systemroot%\system32\regservice.dll File not found
SRV - (roxmediadb) -- %systemroot%\system32\tifm.dll File not found
SRV - (raysat3_4_6_18server) -- %systemroot%\system32\fsbwsys.dll File not found
SRV - (Rawwan) -- %systemroot%\system32\tossmbnt.dll File not found
SRV - (qbreminderflash) -- %systemroot%\system32\sr.dll File not found
SRV - (ptbsync) -- %systemroot%\system32\pcradminserver.dll File not found
SRV - (ProcObsrv) -- %systemroot%\system32\inotask.dll File not found
SRV - (PPPoEWin) -- %systemroot%\system32\SE26bus.dll File not found
SRV - (pop3d32) -- %systemroot%\system32\kwatchsvc.dll File not found
SRV - (PGPwded) -- %systemroot%\system32\tnidriver.dll File not found
SRV - (pdlncbas) -- %systemroot%\system32\avg7rsxp.dll File not found
SRV - (PCTINDIS5) -- %systemroot%\system32\bdfsfltr.dll File not found
SRV - (pav_security) -- %systemroot%\system32\NVXBAR.dll File not found
SRV - (o2flash) -- %systemroot%\system32\naveng.dll File not found
SRV - (nvraid) -- %systemroot%\system32\symids.dll File not found
SRV - (nsvclog) -- %systemroot%\system32\MSW_USB.dll File not found
SRV - (NOWMEMDF) -- %systemroot%\system32\backupexecdevicemediaservice.dll File not found
SRV - (ndassvc) -- %systemroot%\system32\EPSON_EB_RPCV4_01.dll File not found
SRV - (navap) -- %systemroot%\system32\dac960nt.dll File not found
SRV - (mksvirmonsvc) -- %systemroot%\system32\imagedrv.dll File not found
SRV - (mfcom) -- %systemroot%\system32\lxcf_device.dll File not found
SRV - (mcshield) -- %systemroot%\system32\rt2500usb.dll File not found
SRV - (mclserviceatl) -- %systemroot%\system32\nnsvc.dll File not found
SRV - (Maplom) -- %systemroot%\system32\filemon701.dll File not found
SRV - (LXARScan) -- %systemroot%\system32\pid_0928.dll File not found
SRV - (lvckap) -- %systemroot%\system32\NVR0FLASHDev.dll File not found
SRV - (lp6nds35) -- %systemroot%\system32\mldserv.dll File not found
SRV - (kservice) -- %systemroot%\system32\Wuser32.dll File not found
SRV - (keriomailserver) -- %systemroot%\system32\eskerlicensecontrol.dll File not found
SRV - (iwebmsg) -- %systemroot%\system32\spbbcsvc.dll File not found
SRV - (issimon) -- %systemroot%\system32\netw4x32.dll File not found
SRV - (imagedrv) -- %systemroot%\system32\zd1211u(zydas).dll File not found
SRV - (igateway) -- %systemroot%\system32\UxTuneUp.dll File not found
SRV - (IBMTPCHK) -- %systemroot%\system32\ctxcpuusync.dll File not found
SRV - (hwpsgt) -- %systemroot%\system32\enecbpth.dll File not found
SRV - (hsf_msft) -- %systemroot%\system32\aha154x.dll File not found
SRV - (hpt3xx) -- %systemroot%\system32\alcxwdm.dll File not found
SRV - (HPSLPSVC) -- %systemroot%\system32\WmHidLo.dll File not found
SRV - (HpqRemHid) -- %systemroot%\system32\rchost.dll File not found
SRV - (fsma) -- %systemroot%\system32\usbhub.dll File not found
SRV - (F700isw) -- %systemroot%\system32\tosrfnds.dll File not found
SRV - (eskerlicensecontrol) -- %systemroot%\system32\CTERFXFX.DLL.dll File not found
SRV - (EPSON_EB_RPCV4_01) -- %systemroot%\system32\pdlnepkt.dll File not found
SRV - (EPOWER) -- %systemroot%\system32\JRAID.dll File not found
SRV - (epfw) -- %systemroot%\system32\P17xfi.dll File not found
SRV - (dklogger) -- %systemroot%\system32\idsvc.dll File not found
SRV - (df5serv) -- %systemroot%\system32\EU3_USB.dll File not found
SRV - (dcsloader) -- %systemroot%\system32\avgclean.dll File not found
SRV - (DCamUSBMke) -- %systemroot%\system32\ESMCR.dll File not found
SRV - (dbmang) -- %systemroot%\system32\aexnsclient.dll File not found
SRV - (cvspydr2) -- %systemroot%\system32\ssfs0509.dll File not found
SRV - (CSDriver) -- %systemroot%\system32\omniusb.dll File not found
SRV - (clmtomcatstartersvc) -- %systemroot%\system32\pae_1394.dll File not found
SRV - (cdralw2k) -- %systemroot%\system32\cachemanxp.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\dtsrvc.dll File not found
SRV - (CAMCAUD) -- %systemroot%\system32\MTDVC2_ENUM.dll File not found
SRV - (caili) -- %systemroot%\system32\scan.dll File not found
SRV - (btwusb) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (BsHelpCS) -- %systemroot%\system32\cavasm.dll File not found
SRV - (bridgemp) -- %systemroot%\system32\w300mdm.dll File not found
SRV - (backupexecalertserver) -- %systemroot%\system32\MTsensor.dll File not found
SRV - (backupexecagentaccelerator) -- %systemroot%\system32\ncupdatesvc.dll File not found
SRV - (avidsdmservice) -- %systemroot%\system32\s7oppitx.dll File not found
SRV - (AtiHdmiService) -- %systemroot%\system32\bdrsdrv.dll File not found
SRV - (ARSVC) -- %systemroot%\system32\advservice.dll File not found
SRV - (armoucfltr) -- %systemroot%\system32\jobserver_report.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AlteraByteBlaster) -- %systemroot%\system32\mvserver.dll File not found
SRV - (alcaudsl) -- %systemroot%\system32\SGIR.dll File not found
SRV - (aiclient) -- %systemroot%\system32\scsk4.dll File not found
SRV - (AF15BDA) -- %systemroot%\system32\vhidmini.dll File not found
SRV - (adiusbaw) -- %systemroot%\system32\3combootp.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (EmmaDevMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (EmmaUpdMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WN4501HLFZZ) -- system32\DRIVERS\O4501U.sys File not found
DRV - (Winsock - Google Desktop Search Backup Before Last Install) --  File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) --  File not found
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (GEARAspiWDM) -- System32\Drivers\GEARAspiWDM.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\test.com\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (uigxrdr) -- C:\WINDOWS\system32\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {557255DC-41E7-4BD8-89DF-5C32C27CF95E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{557255DC-41E7-4BD8-89DF-5C32C27CF95E}: "URL" = hxxp://de.forestle.org/search.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
IE - HKCU\..\SearchScopes\{EB130F25-A656-412D-8E99-B31F4345EF0B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.06 11:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.06 11:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.13 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.01 11:29:18 | 000,000,000 | ---D | M]
 
[2012.03.16 17:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions
[2009.12.23 18:49:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 14:57:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.07.03 07:00:11 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011.01.17 05:26:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.16 17:53:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.10.24 10:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\staged-xpis
[2012.03.16 17:53:01 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\searchplugins\sweetim.xml
[2011.10.21 12:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.26 21:31:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.18 09:55:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.06 11:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.14 14:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 12:47:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2008.03.22 07:53:12 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Programme\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010.10.22 16:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008.03.22 07:53:12 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010.09.26 21:30:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2010.05.01 09:17:20 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2010.05.01 09:17:20 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2010.05.01 09:17:20 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll
[2010.05.01 09:17:26 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll
[2010.05.01 09:17:26 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.01 09:18:01 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.05.01 09:18:01 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.05.01 09:18:01 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.05.01 09:18:01 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Forestle (de) ()
CHR - default_search_provider: search_url = hxxp://de.forestle.org/search.php?q={searchTerms}
CHR - default_search_provider: suggest_url = 
 
O1 HOSTS File: ([2012.03.16 02:57:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178992216781 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 13:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.16 17:59:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.03.16 17:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.16 17:56:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.16 17:56:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.16 17:54:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.16 17:52:33 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2012.03.16 17:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.03.16 17:50:00 | 000,333,616 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Dokumente und Einstellungen\admin\Desktop\SweetImSetup.exe
[2012.03.16 01:43:31 | 000,188,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2012.03.15 23:47:39 | 004,436,988 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\test.com.exe
[2012.03.15 18:19:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\dds.com
[2012.03.15 05:38:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.03.15 03:28:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
[2012.03.12 02:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\Wizard101
[2012.03.10 09:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner (2)
[10 C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 02:41:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.03.17 02:27:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.03.17 02:16:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
[2012.03.17 02:15:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.17 02:15:08 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.16 21:52:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
[2012.03.16 17:56:29 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.16 17:54:29 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.16 17:50:02 | 000,333,616 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Dokumente und Einstellungen\admin\Desktop\SweetImSetup.exe
[2012.03.16 17:40:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 02:57:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.03.15 23:57:02 | 000,001,425 | ---- | M] () -- C:\WINDOWS\HPOCSS05.INI
[2012.03.15 23:57:02 | 000,000,564 | ---- | M] () -- C:\WINDOWS\HPOTBX05.INI
[2012.03.15 23:57:02 | 000,000,118 | ---- | M] () -- C:\WINDOWS\HPODJC05.INI
[2012.03.15 23:47:42 | 004,436,988 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\test.com.exe
[2012.03.15 18:30:19 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\vnfkzi98.exe
[2012.03.15 18:19:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\dds.com
[2012.03.15 18:17:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.03.15 18:15:52 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Defogger.exe
[2012.03.15 03:31:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012.03.12 19:46:44 | 000,200,704 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.10 12:29:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.03 12:01:12 | 000,157,595 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\SchriftInPfade2.pdf
[2012.02.19 09:35:06 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.19 00:13:34 | 000,464,894 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.19 00:13:34 | 000,446,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.19 00:13:34 | 000,087,098 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.19 00:13:34 | 000,073,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.18 23:53:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.17 15:35:11 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.16 17:45:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.16 17:56:28 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.15 18:30:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\vnfkzi98.exe
[2012.03.15 18:17:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.03.15 18:15:51 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Defogger.exe
[2012.03.15 03:31:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012.03.08 17:24:07 | 000,157,595 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\SchriftInPfade2.pdf
[2011.11.07 23:08:47 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2011.03.17 23:04:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2010.12.01 02:07:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.11 08:37:32 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AVAK.INI
[2010.09.18 20:08:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.18 20:08:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.18 20:08:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.18 20:08:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.18 20:08:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.08 20:39:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\HPODJC05.INI
[2010.06.08 20:38:52 | 000,001,425 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2010.06.08 20:38:52 | 000,000,564 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2010.06.08 20:31:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\opleinst.ini
[2010.06.08 20:31:18 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\hpocnt05.dll
[2010.06.08 20:31:18 | 000,000,970 | ---- | C] () -- C:\WINDOWS\hpoio05.ini
[2010.05.27 21:40:19 | 000,000,122 | ---- | C] () -- C:\WINDOWS\telephon.ini

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 17.03.2012 02:50:48 - Run 2
OTL by OldTimer - Version 3.2.37.1     Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,37 Mb Total Physical Memory | 227,14 Mb Available Physical Memory | 45,12% Memory free
1,21 Gb Paging File | 0,72 Gb Available in Paging File | 59,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 2,91 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
 
Computer Name: D614P62J | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\F-pro\fscommand\PipeBeama.exe" = C:\Programme\F-pro\fscommand\PipeBeama.exe:*:Enabled:PipeBeama -- (www.webmechaniker.de)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\OpenVPN\bin\openvpn.exe" = C:\Programme\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn -- ()
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Avira\AntiVir Desktop\avnotify.exe" = C:\Programme\Avira\AntiVir Desktop\avnotify.exe:*:Enabled:Avira Notification Tool -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\ipmgui.exe" = C:\Programme\Avira\AntiVir Desktop\ipmgui.exe:*:Enabled:Avira In Product Messaging -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:Avira Control Center -- (Avira Operations GmbH & Co. KG)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384A291D-1138-4218-A41B-87CBAE22CFBA}" = hppFaxUtility
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D460F2F5-645E-489F-AB9A-DEB24C47C2B5}" = T-Online Installationsdateien
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"Avira AntiVir Desktop" = Avira Free Antivirus
"BdP Mitgliederverwaltung_is1" = MVBdP Version 1.5.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DesignWorkshop Lite" = DesignWorkshop Lite
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"f4" = f4 3.0.3
"F-pro" = F-pro 1.3
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"freenet.de Zugangssoftware" = freenet.de Zugangssoftware
"GMX Upload-Manager" = GMX Upload-Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MediaManager" = MediaManager
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenVPN" = OpenVPN 2.1.4
"RealPlayer 12.0" = RealPlayer
"SEMC OMSI Module" = SEMC OMSI Module
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TextMaker Viewer" = TextMaker Viewer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Wie man's spricht DEMO" = Wie man's spricht DEMO
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wizard101(DE)_is1" = Wizard101(DE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 19:22:36 | Computer Name = D614P62J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 15.03.2012 20:59:21 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 15.03.2012 22:08:48 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 09:07:20 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:07:20 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:36:59 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:44:32 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 21:16:51 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 21:20:22 | Computer Name = D614P62J | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 16.03.2012 21:22:04 | Computer Name = D614P62J | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
Error - 16.03.2012 21:51:43 | Computer Name = D614P62J | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
 
Error - 16.03.2012 21:51:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:51:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1066
 
 
< End of report >

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-18 14:03:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Cdfs \Cdfs                                                                                           DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fastfat \Fat                                                                                         A00E8D20
Device          \FileSystem\Fastfat \Fat                                                                                         A0100631

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text           C:\program files\real\realplayer\update\realsched.exe[3584] kernel32.dll!SetUnhandledExceptionFilter             7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]   [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW]    5F0E0000
IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT             C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW]  5F0E0000

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Internet Explorer\iexplore.exe[252] ADVAPI32.dll!RegOpenKeyExW                                      77DA6AAF 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Internet Explorer\iexplore.exe[252] ADVAPI32.dll!RegQueryValueExW                                   77DA6FFF 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Internet Explorer\iexplore.exe[252] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 03AC0001 
.text           C:\Programme\Internet Explorer\iexplore.exe[252] ole32.dll!CoCreateInstance                                      774CF1BC 5 Bytes  JMP 4126DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] ole32.dll!OleLoadFromStream                                     774F983B 5 Bytes  JMP 41365717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CallNextHookEx                                       7E37B3C6 5 Bytes  JMP 4125D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateDialogParamA                                   7E38C7DB 5 Bytes  JMP 03F6D020 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateDialogParamW                                   7E36EA3B 5 Bytes  JMP 03F6CEA0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateWindowExW                                      7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxIndirectParamA                              7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxIndirectParamW                              7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxParamA                                      7E38B144 5 Bytes  JMP 03F6D110 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxParamW                                      7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxA                                          7E3A07EA 5 Bytes  JMP 03F6D380 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxExA                                        7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxExW                                        7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxIndirectA                                  7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxIndirectW                                  7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxW                                          7E3B6534 5 Bytes  JMP 03F6D460 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!SetWindowsHookExW                                    7E37820F 5 Bytes  JMP 41269AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!TrackPopupMenu                                       7E3B531E 5 Bytes  JMP 03F6C180 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!TrackPopupMenuEx                                     7E3BCF62 5 Bytes  JMP 03F6C2E0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!UnhookWindowsHookEx                                  7E37D5F3 5 Bytes  JMP 411D4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueA                                      77DCC79E 5 Bytes  JMP 0450CA90 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueExA                                    77DAEAE7 7 Bytes  JMP 0450CC10 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueExW                                    77DAD767 7 Bytes  JMP 0450CCD0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueW                                      77E06116 5 Bytes  JMP 0450CB50 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateDialogParamA                                  7E38C7DB 5 Bytes  JMP 0450D020 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateDialogParamW                                  7E36EA3B 5 Bytes  JMP 0450CEA0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateWindowExW                                     7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamA                             7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamW                             7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamA                                     7E38B144 5 Bytes  JMP 0450D110 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamW                                     7E3747AB 5 Bytes  JMP 0450D200 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxA                                         7E3A07EA 5 Bytes  JMP 0450D380 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExA                                       7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExW                                       7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectA                                 7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectW                                 7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxW                                         7E3B6534 5 Bytes  JMP 0450D460 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!TrackPopupMenu                                      7E3B531E 5 Bytes  JMP 0450C180 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text           C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!TrackPopupMenuEx                                    7E3BCF62 5 Bytes  JMP 0450C2E0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)

---- System - GMER 1.0.15 ----

SSDT            F8ABA4E8                                                                                                         ZwOpenProcess
SSDT            F8ABA4ED                                                                                                         ZwOpenThread
SSDT            F8ABA4F7                                                                                                         ZwTerminateProcess
SSDT            F8ABA4FC                                                                                                         ZwCreateThread
SSDT            F8ABA506                                                                                                         ZwCreateKey
SSDT            F8ABA50B                                                                                                         ZwDeleteKey
SSDT            F8ABA510                                                                                                         ZwSetValueKey
SSDT            F8ABA515                                                                                                         ZwDeleteValueKey
SSDT            F8ABA51A                                                                                                         ZwLoadKey
SSDT            F8ABA51F                                                                                                         ZwRestoreKey
SSDT            F8ABA524                                                                                                         ZwReplaceKey
SSDT            F8ABA547                                                                                                         ZwDuplicateObject
SSDT            F8ABA54C                                                                                                         ZwClose
SSDT            F8ABA556                                                                                                         ZwCreateSection
SSDT            F8ABA55B                                                                                                         ZwSetContextThread
SSDT            F8ABA560                                                                                                         ZwRequestWaitReplyPort
SSDT            F8ABA565                                                                                                         ZwSetSecurityObject
SSDT            F8ABA56A                                                                                                         ZwSystemDebugControl
SSDT            F8ABA56F                                                                                                         ZwQueryValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 256C                                                                             80501DA4 4 Bytes  CALL E748C94D 
?               ynaprijt.sys                                                                                                     Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----

Swillswissen · 18.03.2012, 18:54

So, hallo!

Hier nun das Log von dem SFScript und Gmer. Gmer hat von sich aus gesucht, nur relativ kurz, und danach bin ich wieder auf copy und das füge ich hier ein. Ist das ok oder soll ich da was ausführlicheres machen?

So, dann hab ich glaub erstmal alles abgearbeitet - ich hoffe der Trojaner ist so langsam weg... oder ich warte auf weitere Tips ;-) Wenn ich wieder unbedenklich Emails verschicken kann etc. sag mir bescheid!

Lg S

Code:

ATTFilter

ComboFix 12-03-17.01 - admin 18.03.2012  14:29:46.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.225 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\admin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\@
c:\dokumente und einstellungen\admin\WINDOWS
c:\windows\$NtUninstallKB6107$\4100136007
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-16 16:59 . 2012-03-17 01:27	40776	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-16 16:56 . 2012-03-16 16:56	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-03-16 16:56 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-16 16:52 . 2012-03-16 16:54	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2012-03-16 16:52 . 2012-03-16 16:53	--------	d-----w-	c:\programme\SweetIM
2012-03-16 00:43 . 2008-04-14 01:49	188800	----a-w-	c:\windows\system32\drivers\acpi.sys
2012-03-16 00:43 . 2008-04-14 01:49	188800	----a-w-	c:\windows\system32\dllcache\acpi.sys
2012-03-15 02:31 . 2012-03-15 02:31	0	--sha-w-	c:\windows\system32\dds_log_ad13.cmd
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:35 . 2011-11-10 16:45	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-02-16 16:45 . 2011-05-18 12:37	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-18 12:05	1860096	----a-w-	c:\windows\system32\win32k.sys
2008-12-01 16:30 . 2008-12-01 16:30	12681040	-c--a-w-	c:\programme\mm20deu.exe
2010-05-01 08:17 . 2007-02-02 14:08	67688	-c--a-w-	c:\programme\mozilla firefox\components\jar50.dll
2010-05-01 08:17 . 2007-02-02 14:08	54368	-c--a-w-	c:\programme\mozilla firefox\components\jsd3250.dll
2010-05-01 08:17 . 2008-03-22 06:53	34944	-c--a-w-	c:\programme\mozilla firefox\components\myspell.dll
2010-05-01 08:17 . 2008-03-22 06:53	46712	-c--a-w-	c:\programme\mozilla firefox\components\spellchk.dll
2010-05-01 08:17 . 2007-02-02 14:08	172136	-c--a-w-	c:\programme\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-03-16_05.49.58   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-17 01:16 . 2012-03-17 01:16	16384              c:\windows\Temp\Perflib_Perfdata_2b0.dat
+ 2012-03-16 16:53 . 2012-03-16 16:53	10134              c:\windows\Installer\{2F603A45-D956-496B-81B5-50D782424976}\ARPPRODUCTICON.exe
+ 2012-03-16 16:52 . 2012-03-16 16:52	10134              c:\windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\ARPPRODUCTICON.exe
+ 2012-03-16 16:53 . 2012-03-16 16:53	1417728              c:\windows\Installer\b022d0.msi
+ 2012-03-16 16:53 . 2012-03-16 16:53	1839104              c:\windows\Installer\b022cb.msi
+ 2012-03-16 16:52 . 2012-03-16 16:52	1947136              c:\windows\Installer\b022c6.msi
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-15 130864]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49	176936	----a-w-	c:\programme\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27	1330480	----a-w-	c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-06 273528]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Philips SNU5600 Wireless USB-Adapter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Philips SNU5600 Wireless USB-Adapter.lnk
backup=c:\windows\pss\Philips SNU5600 Wireless USB-Adapter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OfficeJet T Series]
c:\programme\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet T Series\Install [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07	843712	----a-r-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51	37296	----a-w-	c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12	111936	-c--a-w-	c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 00:04	332800	-c--a-w-	c:\programme\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12	94208	-c----w-	c:\programme\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44	81920	-c--a-w-	c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 15:30	282624	-c--a-w-	c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56	761947	-c--a-w-	c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\F-pro\\fscommand\\PipeBeama.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Programme\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\ipmgui.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\DRIVERS\O4501U.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 uigxrdr;uigxrdr;c:\windows\system32\DRIVERS\uigxrdr.sys [2010-11-19 148992]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-07-01 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-07-01 162936]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-17 40776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - uwdyapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
dcsloader
AF15BDA
cdralw2k
df5serv
mfcom
WimFltr
tpkmpsvc
issimon
CcmExec
LXARScan
hwpsgt
mstdc
vmnetadapter
PPPoEWin
sptisrv
SE2Cbus
PCTINDIS5
smartwiservice
clmtomcatstartersvc
caili
vetmonnt
CSDriver
USBVCD
cxusb
fsma
upnp
vmusb
SE2Dobex
s125mdm
pop3d32
streamip
x10nets
nvraid
HpqRemHid
backupexecalertserver
pav_security
navap
hpt3xx
websensecamserver
se2Bnd5
epfw
PGPwded
roxmediadb
tcsd_win32.exe
WmBEnum
tvtnetwk
pdlncbas
kservice
mksvirmonsvc
F700isw
DCamUSBMke
EPOWER
SeratoUsb
IBMTPCHK
avidsdmservice
mcshield
AtiHdmiService
BsHelpCS
wg5n
keriomailserver
adiusbaw
lp6nds35
sisnic
WDM_YAMAHAAC97
cvspydr2
Maplom
nsvclog
hap16v2k
ptbsync
aiclient
o2flash
alcaudsl
ProcObsrv
tvtpktfilter
backupexecagentaccelerator
ARSVC
CAMCAUD
sandradatasrv
nchssvad
SenFiltService
hsf_msft
Rawwan
qbreminderflash
iwebmsg
vmparport
tifm
stac97
se45mgmt
zpnodecollector
tfsndrct
TuneUp.ProgramStatisticsSvc
Appn
igateway
se45obex
svcwrsssdk
imagedrv
EPSON_EB_RPCV4_01
raysat3_4_6_18server
dbmang
HPSLPSVC
NOWMEMDF
wsearch
lvckap
dklogger
nmindexingservice
armoucfltr
AlteraByteBlaster
mclserviceatl
w550bus
ndassvc
eskerlicensecontrol
websenseusagemonitor
bridgemp
btwusb
sony_ssm.sys
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-18 15:05
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\uigxnp.dll
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-03-18  15:16:20
ComboFix-quarantined-files.txt  2012-03-18 14:15
ComboFix2.txt  2010-09-19 18:12
ComboFix3.txt  2010-09-18 19:43
.
Vor Suchlauf: 3.066.425.344 Bytes frei
Nach Suchlauf: 3.083.739.136 Bytes frei
.
- - End Of File - - 5CE973E98BA5BCCC5232E9F0EC0A085D

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-03-18 18:05:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapob.sys


---- System - GMER 1.0.15 ----

Code            \??\C:\DOKUME~1\admin\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Chris4You · 18.03.2012, 20:19

Hi,

Du solltest Neuaufsetzen, war/ist hochgradig verseucht, inkl. Backdoor...
UIUSYS.SYS, jede Menge Reste alter Infektionen...

OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
[2012.03.15 03:28:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

aswMBR
Folge den Anweisungen hier.
Kurzanleitung:
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.

Doppelklick auf die aswMBR.exe.

Scan-Button anklicken

Bootsectoren (MBR) etc. werden nun untersucht.....

Log speichern und im Thread posten

Zur Sicherheit: Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Swillswissen · 18.03.2012, 22:59

Hi Chris,

du schreibst ich muss neu aufsetzen, aber gleichzeitig viele neue Schritte wie ich die Trojaner los bekomme - muss ich dann doch nicht neu aufsetzen? Oder die Schritte machen und dann aber trotzdem neu aufsetzen?

Ich mach mich mal dran... danke schonmal...

Lg S

Swillswissen · 18.03.2012, 23:57

Hallo,

ich habe OTL laufen lassen. Währenddessen wollte es einen Neustart, den habe ich gemacht. Danach ging nur das Textfenster auf mit folgenden Daten. Einen Ordner %systemroot%\_OTL habe ich nicht finden können...
Lg S

Code:

ATTFilter

All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File  system32\DRIVERS\UIUSYS.SYS File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Folder C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 20054 bytes
->Temporary Internet Files folder emptied: 45933197 bytes
->Java cache emptied: 6465143 bytes
->FireFox cache emptied: 4494756 bytes
->Google Chrome cache emptied: 6923019 bytes
->Apple Safari cache emptied: 576512 bytes
->Flash cache emptied: 1186 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 300 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62,00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.37.1 log created on 03182012_232911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Swillswissen · 19.03.2012, 00:28

Und hier TDSS:

Code:

ATTFilter

0:15:53.0171 3692	TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
00:15:53.0343 3692	============================================================
00:15:53.0343 3692	Current date / time: 2012/03/19 00:15:53.0343
00:15:53.0343 3692	SystemInfo:
00:15:53.0343 3692	
00:15:53.0343 3692	OS Version: 5.1.2600 ServicePack: 3.0
00:15:53.0343 3692	Product type: Workstation
00:15:53.0343 3692	ComputerName: D614P62J
00:15:53.0343 3692	UserName: admin
00:15:53.0343 3692	Windows directory: C:\WINDOWS
00:15:53.0343 3692	System windows directory: C:\WINDOWS
00:15:53.0343 3692	Processor architecture: Intel x86
00:15:53.0343 3692	Number of processors: 1
00:15:53.0343 3692	Page size: 0x1000
00:15:53.0343 3692	Boot type: Normal boot
00:15:53.0343 3692	============================================================
00:15:56.0750 3692	Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:15:56.0750 3692	\Device\Harddisk0\DR0:
00:15:56.0750 3692	MBR used
00:15:56.0750 3692	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x445892D
00:15:56.0843 3692	Initialize success
00:15:56.0843 3692	============================================================
00:16:48.0718 1164	============================================================
00:16:48.0718 1164	Scan started
00:16:48.0718 1164	Mode: Manual; SigCheck; TDLFS; 
00:16:48.0718 1164	============================================================
00:16:50.0406 1164	Abiosdsk - ok
00:16:50.0921 1164	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:16:59.0234 1164	abp480n5 - ok
00:16:59.0953 1164	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:17:00.0609 1164	ACPI - ok
00:17:01.0093 1164	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:17:01.0281 1164	ACPIEC - ok
00:17:01.0921 1164	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:17:02.0125 1164	adpu160m - ok
00:17:02.0718 1164	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:17:02.0890 1164	aec - ok
00:17:03.0484 1164	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:17:03.0578 1164	AFD - ok
00:17:04.0093 1164	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:17:04.0296 1164	agp440 - ok
00:17:04.0812 1164	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:17:05.0000 1164	agpCPQ - ok
00:17:05.0671 1164	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:17:05.0750 1164	Aha154x - ok
00:17:06.0265 1164	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:17:06.0515 1164	aic78u2 - ok
00:17:07.0046 1164	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:17:07.0218 1164	aic78xx - ok
00:17:07.0718 1164	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:17:07.0890 1164	AliIde - ok
00:17:08.0468 1164	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:17:08.0671 1164	alim1541 - ok
00:17:09.0203 1164	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:17:09.0437 1164	amdagp - ok
00:17:09.0921 1164	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:17:10.0015 1164	amsint - ok
00:17:10.0546 1164	APPDRV          (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:17:10.0578 1164	APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:17:10.0578 1164	APPDRV - detected UnsignedFile.Multi.Generic (1)
00:17:11.0218 1164	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:17:11.0421 1164	asc - ok
00:17:11.0968 1164	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:17:12.0046 1164	asc3350p - ok
00:17:12.0531 1164	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:17:12.0718 1164	asc3550 - ok
00:17:13.0250 1164	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:17:13.0468 1164	AsyncMac - ok
00:17:14.0015 1164	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:17:14.0203 1164	atapi - ok
00:17:14.0671 1164	Atdisk - ok
00:17:15.0187 1164	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:17:15.0390 1164	Atmarpc - ok
00:17:15.0875 1164	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:17:16.0046 1164	audstub - ok
00:17:16.0656 1164	avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:17:17.0312 1164	avgntflt - ok
00:17:18.0031 1164	avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:17:18.0046 1164	avipbb - ok
00:17:18.0562 1164	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:17:18.0578 1164	avkmgr - ok
00:17:19.0437 1164	BCM43XX         (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:17:19.0890 1164	BCM43XX - ok
00:17:20.0484 1164	bcm4sbxp        (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:17:20.0640 1164	bcm4sbxp - ok
00:17:21.0171 1164	BCMWLNPF        (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
00:17:21.0187 1164	BCMWLNPF ( UnsignedFile.Multi.Generic ) - warning
00:17:21.0187 1164	BCMWLNPF - detected UnsignedFile.Multi.Generic (1)
00:17:21.0687 1164	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:17:21.0906 1164	Beep - ok
00:17:22.0125 1164	catchme - ok
00:17:22.0625 1164	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:17:22.0812 1164	cbidf - ok
00:17:23.0296 1164	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:17:23.0484 1164	cbidf2k - ok
00:17:23.0984 1164	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:17:24.0078 1164	cd20xrnt - ok
00:17:24.0671 1164	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:17:24.0859 1164	Cdaudio - ok
00:17:25.0406 1164	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:17:25.0656 1164	Cdfs - ok
00:17:26.0187 1164	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:17:26.0390 1164	Cdrom - ok
00:17:26.0859 1164	Changer - ok
00:17:27.0406 1164	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:17:27.0609 1164	CmBatt - ok
00:17:28.0109 1164	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:17:28.0312 1164	CmdIde - ok
00:17:28.0812 1164	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:17:28.0984 1164	Compbatt - ok
00:17:29.0531 1164	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:17:29.0765 1164	Cpqarray - ok
00:17:30.0484 1164	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:17:30.0734 1164	dac2w2k - ok
00:17:31.0218 1164	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:17:31.0421 1164	dac960nt - ok
00:17:31.0968 1164	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:17:32.0171 1164	Disk - ok
00:17:32.0781 1164	DLABOIOM        (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
00:17:32.0796 1164	DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
00:17:32.0796 1164	DLABOIOM - detected UnsignedFile.Multi.Generic (1)
00:17:33.0281 1164	DLACDBHM        (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:17:33.0296 1164	DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
00:17:33.0296 1164	DLACDBHM - detected UnsignedFile.Multi.Generic (1)
00:17:33.0796 1164	DLADResN        (8342c37a0667183e0d2d7dee77e0388f) C:\WINDOWS\system32\DLA\DLADResN.SYS
00:17:33.0796 1164	DLADResN ( UnsignedFile.Multi.Generic ) - warning
00:17:33.0796 1164	DLADResN - detected UnsignedFile.Multi.Generic (1)
00:17:34.0296 1164	DLAIFS_M        (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
00:17:34.0312 1164	DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
00:17:34.0312 1164	DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
00:17:34.0875 1164	DLAOPIOM        (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
00:17:34.0906 1164	DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
00:17:34.0906 1164	DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
00:17:35.0343 1164	DLAPoolM        (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
00:17:35.0359 1164	DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
00:17:35.0359 1164	DLAPoolM - detected UnsignedFile.Multi.Generic (1)
00:17:35.0890 1164	DLARTL_N        (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
00:17:35.0890 1164	DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
00:17:35.0890 1164	DLARTL_N - detected UnsignedFile.Multi.Generic (1)
00:17:36.0390 1164	DLAUDFAM        (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
00:17:36.0421 1164	DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
00:17:36.0421 1164	DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
00:17:36.0921 1164	DLAUDF_M        (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
00:17:36.0953 1164	DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
00:17:36.0953 1164	DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
00:17:38.0000 1164	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
00:17:38.0515 1164	dmboot - ok
00:17:39.0234 1164	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
00:17:39.0421 1164	dmio - ok
00:17:39.0921 1164	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:17:40.0093 1164	dmload - ok
00:17:40.0609 1164	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:17:40.0859 1164	DMusic - ok
00:17:41.0359 1164	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:17:41.0546 1164	dpti2o - ok
00:17:42.0046 1164	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:17:42.0250 1164	drmkaud - ok
00:17:42.0828 1164	DRVMCDB         (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:17:42.0843 1164	DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
00:17:42.0843 1164	DRVMCDB - detected UnsignedFile.Multi.Generic (1)
00:17:43.0343 1164	DRVNDDM         (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:17:43.0359 1164	DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
00:17:43.0359 1164	DRVNDDM - detected UnsignedFile.Multi.Generic (1)
00:17:43.0906 1164	E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:17:44.0093 1164	E100B - ok
00:17:44.0718 1164	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:17:44.0953 1164	Fastfat - ok
00:17:45.0468 1164	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:17:45.0656 1164	Fdc - ok
00:17:46.0281 1164	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
00:17:46.0453 1164	Fips - ok
00:17:46.0953 1164	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:17:47.0156 1164	Flpydisk - ok
00:17:47.0765 1164	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:17:48.0000 1164	FltMgr - ok
00:17:48.0500 1164	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:17:48.0671 1164	Fs_Rec - ok
00:17:49.0250 1164	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:17:49.0500 1164	Ftdisk - ok
00:17:49.0953 1164	GEARAspiWDM - ok
00:17:50.0546 1164	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:17:50.0718 1164	Gpc - ok
00:17:51.0281 1164	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:17:51.0531 1164	HDAudBus - ok
00:17:52.0093 1164	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:17:52.0296 1164	HidUsb - ok
00:17:52.0796 1164	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:17:52.0968 1164	hpn - ok
00:17:53.0625 1164	HSFHWAZL        (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:17:53.0750 1164	HSFHWAZL - ok
00:17:54.0859 1164	HSF_DPV         (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:17:55.0468 1164	HSF_DPV - ok
00:17:56.0171 1164	HSXHWAZL        (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:17:56.0218 1164	HSXHWAZL - ok
00:17:56.0875 1164	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:17:56.0968 1164	HTTP - ok
00:17:57.0750 1164	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:17:57.0921 1164	i2omgmt - ok
00:17:58.0671 1164	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:17:58.0859 1164	i2omp - ok
00:17:59.0375 1164	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:17:59.0828 1164	i8042prt - ok
00:18:01.0390 1164	ialm            (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:18:02.0484 1164	ialm - ok
00:18:03.0343 1164	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:18:03.0546 1164	Imapi - ok
00:18:04.0062 1164	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:18:04.0515 1164	ini910u - ok
00:18:05.0015 1164	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:18:05.0484 1164	IntelIde - ok
00:18:06.0015 1164	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:18:06.0468 1164	intelppm - ok
00:18:06.0953 1164	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:18:07.0390 1164	Ip6Fw - ok
00:18:08.0031 1164	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:18:08.0484 1164	IpFilterDriver - ok
00:18:09.0000 1164	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:18:09.0437 1164	IpInIp - ok
00:18:10.0031 1164	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:18:10.0484 1164	IpNat - ok
00:18:11.0031 1164	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:18:11.0500 1164	IPSec - ok
00:18:12.0000 1164	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:18:12.0125 1164	IRENUM - ok
00:18:12.0671 1164	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:18:12.0828 1164	isapnp - ok
00:18:13.0515 1164	k750bus         (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
00:18:13.0609 1164	k750bus - ok
00:18:14.0093 1164	k750mdfl        (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
00:18:14.0375 1164	k750mdfl - ok
00:18:14.0968 1164	k750mdm         (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
00:18:15.0015 1164	k750mdm - ok
00:18:15.0593 1164	k750mgmt        (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
00:18:15.0640 1164	k750mgmt - ok
00:18:16.0187 1164	k750obex        (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
00:18:16.0234 1164	k750obex - ok
00:18:16.0734 1164	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:18:16.0921 1164	Kbdclass - ok
00:18:17.0671 1164	kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:18:17.0859 1164	kbdhid - ok
00:18:18.0453 1164	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:18:18.0625 1164	kmixer - ok
00:18:19.0234 1164	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:18:19.0406 1164	KSecDD - ok
00:18:19.0875 1164	lbrtfdc - ok
00:18:20.0421 1164	MASPINT         (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
00:18:20.0437 1164	MASPINT ( UnsignedFile.Multi.Generic ) - warning
00:18:20.0437 1164	MASPINT - detected UnsignedFile.Multi.Generic (1)
00:18:20.0968 1164	MBAMSwissArmy   (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:18:20.0984 1164	MBAMSwissArmy - ok
00:18:21.0500 1164	mdmxsdk         (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:18:21.0531 1164	mdmxsdk - ok
00:18:22.0046 1164	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:18:22.0203 1164	mnmdd - ok
00:18:22.0828 1164	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:18:23.0015 1164	Modem - ok
00:18:23.0578 1164	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:18:23.0750 1164	Mouclass - ok
00:18:24.0328 1164	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:18:24.0500 1164	mouhid - ok
00:18:25.0031 1164	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:18:25.0187 1164	MountMgr - ok
00:18:25.0703 1164	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:18:25.0890 1164	mraid35x - ok
00:18:26.0515 1164	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:18:26.0734 1164	MRxDAV - ok
00:18:27.0234 1164	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:18:27.0468 1164	Msfs - ok
00:18:27.0984 1164	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:18:28.0140 1164	MSKSSRV - ok
00:18:28.0734 1164	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:18:28.0968 1164	MSPCLOCK - ok
00:18:29.0453 1164	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:18:29.0640 1164	MSPQM - ok
00:18:30.0171 1164	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:18:30.0359 1164	mssmbios - ok
00:18:30.0953 1164	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:18:31.0015 1164	Mup - ok
00:18:31.0640 1164	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:18:31.0859 1164	NDIS - ok
00:18:32.0375 1164	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:18:32.0453 1164	NdisTapi - ok
00:18:33.0062 1164	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:18:33.0250 1164	Ndisuio - ok
00:18:33.0843 1164	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:18:34.0000 1164	NdisWan - ok
00:18:34.0546 1164	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:18:34.0625 1164	NDProxy - ok
00:18:35.0109 1164	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:18:35.0296 1164	NetBIOS - ok
00:18:35.0890 1164	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:18:36.0078 1164	NetBT - ok
00:18:36.0734 1164	nmwcd           (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
00:18:37.0359 1164	nmwcd - ok
00:18:37.0921 1164	nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
00:18:38.0031 1164	nmwcdc - ok
00:18:38.0562 1164	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:18:38.0734 1164	Npfs - ok
00:18:39.0640 1164	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:18:40.0015 1164	Ntfs - ok
00:18:40.0500 1164	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:18:40.0703 1164	Null - ok
00:18:42.0359 1164	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:18:43.0593 1164	nv - ok
00:18:44.0140 1164	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:18:44.0328 1164	NwlnkFlt - ok
00:18:44.0875 1164	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:18:45.0062 1164	NwlnkFwd - ok
00:18:45.0656 1164	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
00:18:45.0843 1164	Parport - ok
00:18:46.0328 1164	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:18:46.0500 1164	PartMgr - ok
00:18:46.0984 1164	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:18:47.0156 1164	ParVdm - ok
00:18:47.0718 1164	pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:18:47.0796 1164	pccsmcfd - ok
00:18:48.0343 1164	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:18:48.0531 1164	PCI - ok
00:18:49.0046 1164	PCIDump - ok
00:18:49.0531 1164	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:18:49.0703 1164	PCIIde - ok
00:18:50.0312 1164	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:18:50.0515 1164	Pcmcia - ok
00:18:51.0015 1164	PDCOMP - ok
00:18:51.0468 1164	PDFRAME - ok
00:18:51.0937 1164	PDRELI - ok
00:18:52.0421 1164	PDRFRAME - ok
00:18:52.0937 1164	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:18:53.0156 1164	perc2 - ok
00:18:53.0656 1164	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:18:53.0843 1164	perc2hib - ok
00:18:54.0421 1164	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:18:54.0593 1164	PptpMiniport - ok
00:18:55.0140 1164	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:18:55.0312 1164	PSched - ok
00:18:55.0828 1164	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:18:56.0000 1164	Ptilink - ok
00:18:56.0531 1164	PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:18:56.0562 1164	PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:18:56.0562 1164	PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:18:57.0156 1164	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:18:57.0328 1164	ql1080 - ok
00:18:57.0828 1164	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:18:58.0062 1164	Ql10wnt - ok
00:18:58.0578 1164	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:18:58.0781 1164	ql12160 - ok
00:18:59.0281 1164	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:18:59.0453 1164	ql1240 - ok
00:18:59.0968 1164	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:19:00.0140 1164	ql1280 - ok
00:19:00.0640 1164	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:19:00.0812 1164	RasAcd - ok
00:19:01.0359 1164	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:19:01.0531 1164	Rasl2tp - ok
00:19:02.0046 1164	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:19:02.0218 1164	RasPppoe - ok
00:19:02.0703 1164	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:19:02.0906 1164	Raspti - ok
00:19:03.0531 1164	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:19:03.0703 1164	Rdbss - ok
00:19:04.0203 1164	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:19:04.0390 1164	RDPCDD - ok
00:19:05.0078 1164	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:19:05.0281 1164	rdpdr - ok
00:19:05.0937 1164	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:19:05.0984 1164	RDPWD - ok
00:19:06.0484 1164	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:19:06.0656 1164	redbook - ok
00:19:07.0250 1164	s116bus         (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
00:19:07.0265 1164	s116bus - ok
00:19:07.0750 1164	s116mdfl        (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
00:19:07.0765 1164	s116mdfl - ok
00:19:08.0375 1164	s116mdm         (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
00:19:08.0390 1164	s116mdm - ok
00:19:08.0937 1164	s116mgmt        (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
00:19:08.0953 1164	s116mgmt - ok
00:19:09.0453 1164	s116nd5         (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
00:19:09.0468 1164	s116nd5 - ok
00:19:10.0015 1164	s116obex        (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
00:19:10.0031 1164	s116obex - ok
00:19:10.0640 1164	s116unic        (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
00:19:10.0656 1164	s116unic - ok
00:19:11.0203 1164	SDDMI2          (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
00:19:11.0234 1164	SDDMI2 ( UnsignedFile.Multi.Generic ) - warning
00:19:11.0234 1164	SDDMI2 - detected UnsignedFile.Multi.Generic (1)
00:19:11.0765 1164	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:19:11.0859 1164	Secdrv - ok
00:19:12.0453 1164	seehcri         (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
00:19:12.0546 1164	seehcri - ok
00:19:13.0109 1164	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:19:13.0296 1164	serenum - ok
00:19:13.0828 1164	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:19:14.0046 1164	Serial - ok
00:19:14.0593 1164	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:19:14.0765 1164	Sfloppy - ok
00:19:15.0250 1164	Simbad - ok
00:19:15.0765 1164	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:19:15.0921 1164	sisagp - ok
00:19:16.0453 1164	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:19:16.0546 1164	Sparrow - ok
00:19:17.0062 1164	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:19:17.0234 1164	splitter - ok
00:19:17.0750 1164	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:19:17.0843 1164	sr - ok
00:19:18.0593 1164	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:19:18.0812 1164	Srv - ok
00:19:19.0359 1164	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:19:19.0375 1164	ssmdrv - ok
00:19:20.0562 1164	STHDA           (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
00:19:21.0328 1164	STHDA - ok
00:19:21.0859 1164	StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:19:22.0093 1164	StillCam - ok
00:19:22.0625 1164	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:19:22.0796 1164	swenum - ok
00:19:23.0343 1164	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:19:23.0531 1164	swmidi - ok
00:19:24.0046 1164	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:19:24.0203 1164	symc810 - ok
00:19:24.0703 1164	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:19:24.0906 1164	symc8xx - ok
00:19:25.0406 1164	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:19:25.0593 1164	sym_hi - ok
00:19:26.0109 1164	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:19:26.0265 1164	sym_u3 - ok
00:19:26.0890 1164	SynTP           (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:19:27.0000 1164	SynTP - ok
00:19:27.0562 1164	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:19:27.0750 1164	sysaudio - ok
00:19:28.0312 1164	tap0901         (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:19:28.0328 1164	tap0901 ( UnsignedFile.Multi.Generic ) - warning
00:19:28.0328 1164	tap0901 - detected UnsignedFile.Multi.Generic (1)
00:19:29.0062 1164	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:19:29.0390 1164	Tcpip - ok
00:19:31.0203 1164	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:19:31.0390 1164	TDPIPE - ok
00:19:31.0906 1164	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:19:32.0140 1164	TDTCP - ok
00:19:32.0656 1164	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:19:32.0843 1164	TermDD - ok
00:19:33.0421 1164	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
00:19:33.0578 1164	TosIde - ok
00:19:34.0156 1164	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:19:34.0312 1164	Udfs - ok
00:19:34.0906 1164	uigxrdr         (7b1a3a08702bd8b9891ef6066f28647c) C:\WINDOWS\system32\DRIVERS\uigxrdr.sys
00:19:34.0937 1164	uigxrdr ( UnsignedFile.Multi.Generic ) - warning
00:19:34.0937 1164	uigxrdr - detected UnsignedFile.Multi.Generic (1)
00:19:35.0484 1164	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:19:35.0593 1164	ultra - ok
00:19:36.0421 1164	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:19:36.0765 1164	Update - ok
00:19:37.0296 1164	upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
00:19:37.0390 1164	upperdev - ok
00:19:37.0953 1164	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:19:38.0218 1164	usbaudio - ok
00:19:38.0765 1164	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:19:38.0937 1164	usbccgp - ok
00:19:39.0468 1164	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:19:39.0625 1164	usbehci - ok
00:19:40.0171 1164	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:19:40.0375 1164	usbhub - ok
00:19:40.0984 1164	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:19:41.0203 1164	usbprint - ok
00:19:41.0718 1164	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:19:41.0906 1164	usbscan - ok
00:19:42.0421 1164	usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
00:19:42.0593 1164	usbser - ok
00:19:43.0078 1164	UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
00:19:43.0218 1164	UsbserFilt - ok
00:19:43.0734 1164	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:19:43.0906 1164	USBSTOR - ok
00:19:44.0437 1164	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:19:44.0593 1164	usbuhci - ok
00:19:45.0109 1164	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:19:45.0312 1164	VgaSave - ok
00:19:45.0859 1164	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:19:46.0031 1164	viaagp - ok
00:19:46.0656 1164	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:19:46.0859 1164	ViaIde - ok
00:19:47.0406 1164	VNUSB           (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
00:19:47.0437 1164	VNUSB ( UnsignedFile.Multi.Generic ) - warning
00:19:47.0453 1164	VNUSB - detected UnsignedFile.Multi.Generic (1)
00:19:47.0953 1164	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:19:48.0125 1164	VolSnap - ok
00:19:48.0687 1164	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:19:48.0859 1164	Wanarp - ok
00:19:49.0625 1164	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:19:49.0812 1164	Wdf01000 - ok
00:19:50.0281 1164	WDICA - ok
00:19:50.0843 1164	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:19:51.0031 1164	wdmaud - ok
00:19:52.0156 1164	winachsf        (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:19:52.0515 1164	winachsf - ok
00:19:53.0046 1164	WN4501HLFZZ - ok
00:19:53.0593 1164	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:19:53.0781 1164	WpdUsb - ok
00:19:54.0375 1164	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:19:54.0625 1164	WS2IFSL - ok
00:19:55.0187 1164	WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:19:55.0265 1164	WudfPf - ok
00:19:55.0812 1164	WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:19:55.0859 1164	WudfRd - ok
00:19:56.0343 1164	ZDPSp50 - ok
00:19:56.0437 1164	MBR (0x1B8)     (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
00:19:56.0750 1164	\Device\Harddisk0\DR0 - ok
00:19:56.0781 1164	Boot (0x1200)   (bc5c996713b21ab9a9c28d9acce6b3ed) \Device\Harddisk0\DR0\Partition0
00:19:56.0781 1164	\Device\Harddisk0\DR0\Partition0 - ok
00:19:56.0796 1164	============================================================
00:19:56.0796 1164	Scan finished
00:19:56.0796 1164	============================================================
00:19:56.0921 3012	Detected object count: 19
00:19:56.0921 3012	Actual detected object count: 19
00:20:45.0562 3012	APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	BCMWLNPF ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	BCMWLNPF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0562 3012	DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012	DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0578 3012	SDDMI2 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012	SDDMI2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0593 3012	tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012	tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0593 3012	uigxrdr ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012	uigxrdr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
00:20:45.0593 3012	VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012	VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

Swillswissen · 19.03.2012, 02:01

Hier das Ergebnis von osam:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 01:55:59 on 19.03.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL
"cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NicConfigSvc.cpl" - "Dell Inc." - C:\WINDOWS\system32\NicConfigSvc.cpl
"STacGUI.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\STacGUI.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"802.11g Wireless USB Adapter" (WN4501HLFZZ) - ? - C:\WINDOWS\System32\DRIVERS\O4501U.sys  (File not found)
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"Broadcom Netgroup Packet Filter" (BCMWLNPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\bcmwlnpf.sys
"catchme" (catchme) - ? - C:\DOKUME~1\admin\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MASPINT" (MASPINT) - "MicroStaff Co.,Ltd." - C:\WINDOWS\system32\drivers\MASPINT.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SDDMI2" (SDDMI2) - "Gteko Ltd." - C:\WINDOWS\system32\DDMI2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys
"uigxrdr" (uigxrdr) - "1&1 Mail & Media GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"VN Series Device" (VNUSB) - "OLYMPUS IMAGING CORP." - C:\WINDOWS\System32\DRIVERS\VNUSB.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - ? - C:\WINDOWS\System32\Drivers\ZDPSp50.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "1&1 Mail & Media GmbH" - C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Yahoo! Toolbar" - ? -   (File not found | COM-object registry key not found)
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} "EPSON Web Printer-SelfTest Control Class" - ? - C:\WINDOWS\system32\Epson\EST\ESTPTest\ESTPTest.ocx / hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{A8F2B9BD-A6A0-486A-9744-18920D898429} "ScorchPlugin Class" - "Sibelius Software, a division of Avid Technology, Inc. and its licensors." - C:\Programme\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll / hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11f.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{49232000-16E4-426C-A231-62846947304B} "SysData Class" - "Hewlett-Packard" - C:\WINDOWS\DOWNLO~1\SysInfo.dll / hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? -   (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? -   (File not found | COM-object registry key not found)
<binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetPacks Browser Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe
"Dell QuickSet" - "Dell Inc" - C:\Programme\Dell\QuickSet\quickset.exe
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Sweetpacks Communicator" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\program files\real\realplayer\update\realsched.exe"  -osboot

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll
"GMX MediaCenter" - "1&1 Mail & Media GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\hptcpmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"A016mdfl" (IBMTPCHK) - ? - C:\WINDOWS\system32\ctxcpuusync.dll  (File not found)
"Acmservice" (SE2Cbus) - ? - C:\WINDOWS\system32\aolavupd.dll  (File not found)
"Anbmservice" (DCamUSBMke) - ? - C:\WINDOWS\system32\ESMCR.dll  (File not found)
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avgems" (ARSVC) - ? - C:\WINDOWS\system32\advservice.dll  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"BcmSqlStartupSvc" (armoucfltr) - ? - C:\WINDOWS\system32\jobserver_report.dll  (File not found)
"Bmwebcfg" (LXARScan) - ? - C:\WINDOWS\system32\pid_0928.dll  (File not found)
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Btaudio" (keriomailserver) - ? - C:\WINDOWS\system32\eskerlicensecontrol.dll  (File not found)
"CBN" (o2flash) - ? - C:\WINDOWS\system32\naveng.dll  (File not found)
"Ccs" (WDM_YAMAHAAC97) - ? - C:\WINDOWS\system32\zppinger.dll  (File not found)
"Cfosspeeds" (PGPwded) - ? - C:\WINDOWS\system32\tnidriver.dll  (File not found)
"Ctprxy2k" (tvtpktfilter) - ? - C:\WINDOWS\system32\mdc8021x.dll  (File not found)
"CTSBLFX.DLL" (epfw) - ? - C:\WINDOWS\system32\P17xfi.dll  (File not found)
"Cusrvc" (pop3d32) - ? - C:\WINDOWS\system32\kwatchsvc.dll  (File not found)
"Db2jds" (btwusb) - ? - C:\WINDOWS\system32\SNP2STD.dll  (File not found)
"DCamUSBDXGTech" (TuneUp.ProgramStatisticsSvc) - ? - C:\WINDOWS\system32\adihdaudaddservice.dll  (File not found)
"DcPTP" (mfcom) - ? - C:\WINDOWS\system32\lxcf_device.dll  (File not found)
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"DELL_A02" (ProcObsrv) - ? - C:\WINDOWS\system32\inotask.dll  (File not found)
"DevUpper" (NOWMEMDF) - ? - C:\WINDOWS\system32\backupexecdevicemediaservice.dll  (File not found)
"DFUBTUSB" (vetmonnt) - ? - C:\WINDOWS\system32\ialm.dll  (File not found)
"Dlpwd" (x10nets) - ? - C:\WINDOWS\system32\stac97.dll  (File not found)
"Dot4ufd" (CAMCAUD) - ? - C:\WINDOWS\system32\MTDVC2_ENUM.dll  (File not found)
"Dptrackerd" (eskerlicensecontrol) - ? - C:\WINDOWS\system32\CTERFXFX.DLL.dll  (File not found)
"Driverhardwarev2" (se45obex) - ? - C:\WINDOWS\system32\procexp100.dll  (File not found)
"DsNcAdpt" (issimon) - ? - C:\WINDOWS\system32\netw4x32.dll  (File not found)
"Ehstart" (EPSON_EB_RPCV4_01) - ? - C:\WINDOWS\system32\pdlnepkt.dll  (File not found)
"ELkbd" (caili) - ? - C:\WINDOWS\system32\scan.dll  (File not found)
"Elockservice" (qbreminderflash) - ? - C:\WINDOWS\system32\sr.dll  (File not found)
"EmAudio" (SE2Dobex) - ? - C:\WINDOWS\system32\tsp.dll  (File not found)
"Emma Device Management" (EmmaDevMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
"Emma Update Management" (EmmaUpdMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
"Enum1394" (zpnodecollector) - ? - C:\WINDOWS\system32\stunnel.dll  (File not found)
"Fetnd5bv" (pav_security) - ? - C:\WINDOWS\system32\NVXBAR.dll  (File not found)
"Flutilssvc" (tpkmpsvc) - ? - C:\WINDOWS\system32\secdrv.dll  (File not found)
"Gagp30kx" (s125mdm) - ? - C:\WINDOWS\system32\regservice.dll  (File not found)
"GcKernel" (backupexecagentaccelerator) - ? - C:\WINDOWS\system32\ncupdatesvc.dll  (File not found)
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"GTF32BUS" (hpt3xx) - ? - C:\WINDOWS\system32\alcxwdm.dll  (File not found)
"Gusvc" (clmtomcatstartersvc) - ? - C:\WINDOWS\system32\pae_1394.dll  (File not found)
"Hcmon" (ptbsync) - ? - C:\WINDOWS\system32\pcradminserver.dll  (File not found)
"Hpzipr12" (cvspydr2) - ? - C:\WINDOWS\system32\ssfs0509.dll  (File not found)
"Ikfilesec" (se45mgmt) - ? - C:\WINDOWS\system32\mssql$microsoftsmlbiz.dll  (File not found)
"Ino_fltr" (igateway) - ? - C:\WINDOWS\system32\UxTuneUp.dll  (File not found)
"Inport" (alcaudsl) - ? - C:\WINDOWS\system32\SGIR.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"InterBaseServer" (CSDriver) - ? - C:\WINDOWS\system32\omniusb.dll  (File not found)
"Ipssvc" (svcwrsssdk) - ? - C:\WINDOWS\system32\WINUSB.dll  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Jobserver_report" (hwpsgt) - ? - C:\WINDOWS\system32\enecbpth.dll  (File not found)
"Kerbkey" (USBVCD) - ? - C:\WINDOWS\system32\p3.dll  (File not found)
"Keriomailserver" (stac97) - ? - C:\WINDOWS\system32\p2k.dll  (File not found)
"KS0108" (avidsdmservice) - ? - C:\WINDOWS\system32\s7oppitx.dll  (File not found)
"Kwatchsvc" (df5serv) - ? - C:\WINDOWS\system32\EU3_USB.dll  (File not found)
"Ldlcserv" (hsf_msft) - ? - C:\WINDOWS\system32\aha154x.dll  (File not found)
"LEX_AS_NIC_SERVICE_YNOS" (sony_ssm.sys) - ? - C:\WINDOWS\system32\soma.dll  (File not found)
"Lgsnd_filter" (WmBEnum) - ? - C:\WINDOWS\system32\s24eventmonitor.dll  (File not found)
"LPCFilter" (WimFltr) - ? - C:\WINDOWS\system32\sbpci.dll  (File not found)
"Lsdiorw" (streamip) - ? - C:\WINDOWS\system32\ibmfilter.dll  (File not found)
"Lvusbsta" (HPSLPSVC) - ? - C:\WINDOWS\system32\WmHidLo.dll  (File not found)
"Lxcf_device" (EPOWER) - ? - C:\WINDOWS\system32\JRAID.dll  (File not found)
"Mbr" (PCTINDIS5) - ? - C:\WINDOWS\system32\bdfsfltr.dll  (File not found)
"Mcstrm" (fsma) - ? - C:\WINDOWS\system32\usbhub.dll  (File not found)
"Mctaskmanager" (cdralw2k) - ? - C:\WINDOWS\system32\cachemanxp.dll  (File not found)
"MMRTKRNL" (raysat3_4_6_18server) - ? - C:\WINDOWS\system32\fsbwsys.dll  (File not found)
"Modemcsa" (mcshield) - ? - C:\WINDOWS\system32\rt2500usb.dll  (File not found)
"MREMPR5" (mksvirmonsvc) - ? - C:\WINDOWS\system32\imagedrv.dll  (File not found)
"MSCamSvc" (SeratoUsb) - ? - C:\WINDOWS\system32\advantage.dll  (File not found)
"Msftpsvc" (AtiHdmiService) - ? - C:\WINDOWS\system32\bdrsdrv.dll  (File not found)
"Mssqlserveradhelper" (mclserviceatl) - ? - C:\WINDOWS\system32\nnsvc.dll  (File not found)
"Mvc25U870_VID_1262&PID_25FD" (imagedrv) - ? - C:\WINDOWS\system32\zd1211u(zydas).dll  (File not found)
"Mwagent" (websenseusagemonitor) - ? - C:\WINDOWS\system32\pavagente.dll  (File not found)
"NICCONFIGSVC" (NICCONFIGSVC) - "Dell Inc." - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
"Nocashio" (PPPoEWin) - ? - C:\WINDOWS\system32\SE26bus.dll  (File not found)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Ooclevercacheagent" (se2Bnd5) - ? - C:\WINDOWS\system32\roxupnprenderer.dll  (File not found)
"OpenVPN Service" (OpenVPNService) - ? - C:\Programme\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"PBADRV" (aiclient) - ? - C:\WINDOWS\system32\scsk4.dll  (File not found)
"Pdlndldl" (backupexecalertserver) - ? - C:\WINDOWS\system32\MTsensor.dll  (File not found)
"Pinnaclesys.mediaserver" (AF15BDA) - ? - C:\WINDOWS\system32\vhidmini.dll  (File not found)
"Plscsi" (nvraid) - ? - C:\WINDOWS\system32\symids.dll  (File not found)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"PQNTDrv" (dcsloader) - ? - C:\WINDOWS\system32\avgclean.dll  (File not found)
"Procexp100" (vmparport) - ? - C:\WINDOWS\system32\GTF32BUS.dll  (File not found)
"Procmon10" (w550bus) - ? - C:\WINDOWS\system32\lanmanworkstation.dll  (File not found)
"Protectionservice" (dklogger) - ? - C:\WINDOWS\system32\idsvc.dll  (File not found)
"PSSdk23" (lp6nds35) - ? - C:\WINDOWS\system32\mldserv.dll  (File not found)
"Remoteregistry" (tcsd_win32.exe) - ? - C:\WINDOWS\system32\LVCap138.dll  (File not found)
"RivaTuner32" (iwebmsg) - ? - C:\WINDOWS\system32\spbbcsvc.dll  (File not found)
"Rootmodem" (F700isw) - ? - C:\WINDOWS\system32\tosrfnds.dll  (File not found)
"S24trans" (Rawwan) - ? - C:\WINDOWS\system32\tossmbnt.dll  (File not found)
"S616obex" (pdlncbas) - ? - C:\WINDOWS\system32\avg7rsxp.dll  (File not found)
"SaiNtSub" (BsHelpCS) - ? - C:\WINDOWS\system32\cavasm.dll  (File not found)
"ScFBPNT3" (nsvclog) - ? - C:\WINDOWS\system32\MSW_USB.dll  (File not found)
"Sdbus" (AlteraByteBlaster) - ? - C:\WINDOWS\system32\mvserver.dll  (File not found)
"Sermouse" (tfsndrct) - ? - C:\WINDOWS\system32\cqcpu.dll  (File not found)
"SerTVOutCtlr" (HpqRemHid) - ? - C:\WINDOWS\system32\rchost.dll  (File not found)
"Service1" (sandradatasrv) - ? - C:\WINDOWS\system32\TryAndDecideService.dll  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"SiS7018" (wsearch) - ? - C:\WINDOWS\system32\sfloppy.dll  (File not found)
"Smartscaps" (roxmediadb) - ? - C:\WINDOWS\system32\tifm.dll  (File not found)
"Snpstd2" (sisnic) - ? - C:\WINDOWS\system32\tphkdrv.dll  (File not found)
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"SrvcEPIOMngr" (tifm) - ? - C:\WINDOWS\system32\bdftdif.dll  (File not found)
"Subsonic" (tvtnetwk) - ? - C:\WINDOWS\system32\alcxsens.dll  (File not found)
"Tosrfhid" (smartwiservice) - ? - C:\WINDOWS\system32\adfs.dll  (File not found)
"Tosrfusb" (vmnetadapter) - ? - C:\WINDOWS\system32\ftpds.dll  (File not found)
"Tsircsrv" (adiusbaw) - ? - C:\WINDOWS\system32\3combootp.dll  (File not found)
"Tvald" (ndassvc) - ? - C:\WINDOWS\system32\EPSON_EB_RPCV4_01.dll  (File not found)
"Umwdf" (wg5n) - ? - C:\WINDOWS\system32\caisafe.dll  (File not found)
"UsbDiag" (dbmang) - ? - C:\WINDOWS\system32\aexnsclient.dll  (File not found)
"Vpcnets2" (vmusb) - ? - C:\WINDOWS\system32\sysenforce.dll  (File not found)
"Vpctcom" (navap) - ? - C:\WINDOWS\system32\dac960nt.dll  (File not found)
"W8335XP" (kservice) - ? - C:\WINDOWS\system32\Wuser32.dll  (File not found)
"Wacomvhid" (upnp) - ? - C:\WINDOWS\system32\pcidump.dll  (File not found)
"Webdriveservice" (Maplom) - ? - C:\WINDOWS\system32\filemon701.dll  (File not found)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WinDriver6" (bridgemp) - ? - C:\WINDOWS\system32\w300mdm.dll  (File not found)
"Wmconnectcds" (CcmExec) - ? - C:\WINDOWS\system32\dtsrvc.dll  (File not found)
"XBCD" (lvckap) - ? - C:\WINDOWS\system32\NVR0FLASHDev.dll  (File not found)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Swillswissen · 19.03.2012, 02:57

Hi,

hier die Logs von aswMBR und Prevx. Dort hat es am Schluss geheißen "Systemstatus clean".

Lg S

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 02:07:32
-----------------------------
02:07:32.375    OS Version: Windows 5.1.2600 Service Pack 3
02:07:32.375    Number of processors: 1 586 0xD08
02:07:32.375    ComputerName: D614P62J  UserName: admin
02:07:34.812    Initialize success
02:08:11.734    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:08:11.734    Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
02:08:11.765    Disk 0 MBR read successfully
02:08:11.765    Disk 0 MBR scan
02:08:11.765    Disk 0 unknown MBR code
02:08:11.765    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       78 MB offset 63
02:08:11.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        34993 MB offset 160650
02:08:11.796    Disk 0 Partition 3 00     DB  CP/M / CTOS Dell 8.0     3074 MB offset 71826615
02:08:11.812    Disk 0 scanning sectors +78124095
02:08:11.968    Disk 0 scanning C:\WINDOWS\system32\drivers
02:08:49.015    Service scanning
02:09:34.296    Modules scanning
02:09:50.734    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
02:09:54.671    Disk 0 trace - called modules:
02:09:55.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
02:09:55.187    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d96030]
02:09:55.187    3 CLASSPNP.SYS[f84f2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82de6030]
02:09:55.187    Scan finished successfully
02:10:32.421    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat"
02:10:32.453    The log file has been saved successfully to "C:\Dokumente und Einstellungen\admin\Desktop\aswMBR.txt"

Code:

ATTFilter

Prevx Scan Log - Version v3.0.5.220
Log Generated: 19/3/2012 02:49, Type: 0,1
Windows XP Home Service Pack 3 (Build 2600) 32bit|1031
Hostname: D614P62J
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Mon 2012-03-19 02:46:51 Westeuropäische Normalzeit. Number of Scans: 1. Last Scan Duration: 34 minutes 18 seconds.
[U] (ACTIVE) c:\windows\system32\tsappcmp.dll	[PX5: 363C648000FE003ACC9400AEF73A0800EED8D05A]
[U] (ACTIVE) c:\windows\system32\riched32.dll	[PX5: 1C64DF6300CCABC30E6900044BCB3C00B79BCD14]
[U] (ACTIVE) c:\windows\system32\utildll.dll	[PX5: 3B9A0E3C00DCBAFF662200BA33A38B008D5A8FAC]
[U] (ACTIVE) c:\windows\system32\msacm32.drv	[PX5: 9617902F00A2596F522700876A3BC900E9999C01]
[U] (ACTIVE) c:\windows\system32\traffic.dll	[PX5: AE0C2A5200F668ED7A56003B43DDFF00546F45E7]
[U] (ACTIVE) c:\windows\system32\mfc42loc.dll	[PX5: E9D5BE22008DB9C1E03400AE9962B100B69221B3]
[U] (ACTIVE) c:\windows\system32\mprui.dll	[PX5: 62ABBE9600CE2AF7BCB10027822CE400AB8201A8]
[U] (ACTIVE) c:\windows\system32\netmsg.dll	[PX5: F6286C7B000D820F0CC0033D73FE0D00BB4C9655]
[U] (ACTIVE) c:\windows\system32\netui2.dll	[PX5: FF0E1C9200DE6A63C46E04678272C300D169A839]
[U] (ACTIVE) c:\windows\system32\ntlsapi.dll	[PX5: 1E16247D006C52E520B8003B3C2E07009CDD41E6]
[U] c:\windows\system32\timer.drv	[PX5: 02AC84D6D0483D2F0F9400A4426B8E001D5BAD12]
[U] c:\windows\system32\sound.drv	[PX5: E70CAE91D00DCE52067C00647C846400B79BCD14]
[U] c:\windows\system32\vga.drv	[PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14]
[U] c:\windows\system32\mouse.drv	[PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14]
[U] c:\windows\system32\keyboard.drv	[PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14]
[U] c:\windows\system32\system.drv	[PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14]
[U] c:\windows\system32\drivers\dpti2o.sys	[PX5: 1646100FE09545F24E5D003D74376C00785BB51E]
[U] c:\windows\system32\wfwnet.drv	[PX5: E9641F0220200734353000D28FC59A003BEC664C]
[U] c:\windows\system32\shell.dll	[PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E]
[U] c:\windows\system32\comm.drv	[PX5: 0D8B262B3068553F296F004B25B4F300F3172575]
[U] c:\programme\adobe\reader 9.0\reader\a3dutility.exe	[PX5: 5A0C56C2A0746CAED576037130215200F94D4371]
[U] c:\programme\microsoft silverlight\4.1.10111.0\mscorlib.dll	[PX5: A5F08D9600F31A80402318245F34E000595BC512]
[U] c:\programme\microsoft silverlight\4.1.10111.0\npctrl.dll	[PX5: 2745DC6F48DAD7DBA79D0F716B586B0050CFD432]
[U] c:\windows\system32\drivers\mraid35x.sys	[PX5: C698A15680F72A6A43410027AE857800E03AD3D3]
[U] c:\windows\system32\drivers\cmdide.sys	[PX5: 1090D35F00826C091A0300BA9B616000BE7EEBCD]
[U] c:\windows\system32\drivers\toside.sys	[PX5: 660069178081BD481391002BE0F15100881381FD]
[U] c:\windows\system32\drivers\aliide.sys	[PX5: BC6DDD5E808533E01498005CD48AF0000F761377]
[U] c:\windows\system32\drivers\amsint.sys	[PX5: 983BFBAD005D94832FCE00E56154ED006EF2904F]
[U] c:\windows\system32\drivers\perc2hib.sys	[PX5: 280C41CF809F7F2E153800F3159B7600EC8E5F7E]
[U] c:\windows\system32\drivers\cd20xrnt.sys	[PX5: 585C4579008238981E0B00FA57DBFC004069176C]
[U] c:\windows\system32\drivers\perc2.sys	[PX5: A43AD585A01480D56AE700F494050400D8326688]
[U] c:\programme\internet explorer\connection wizard\trialoc.dll	[PX5: A82D277A0028173CA0B500999E2EBB00CB176165]
[U] c:\windows\system32\drivers\asc.sys	[PX5: 57B586F580FE82A86794006034353E00FFEDC97A]
[U] c:\windows\system32\drivers\dmload.sys	[PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4]
[U] c:\windows\system32\drivers\hpn.sys	[PX5: E3E88DDE608451A865E100EA998B2E0037855B2B]
[U] c:\windows\system32\drivers\asc3350p.sys	[PX5: AD3D9E1A803A53B9579300764BBA6D0023C757B9]
[U] c:\windows\system32\drivers\symc8xx.sys	[PX5: A176C643801C41297FB00031AC7E6200A76AF5F8]
[U] c:\windows\system32\winsock.dll	[PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14]
[U] c:\windows\system32\drivers\sym_hi.sys	[PX5: 71BB2597E0A078A96ED200558FFED400800CEC2F]
[U] c:\windows\system32\drivers\cpqarray.sys	[PX5: 83BD9FEC80CF65303A83008B3639D70054F0FDB8]
[U] c:\windows\system32\drivers\symc810.sys	[PX5: 726B03B580033B4F3FF70050993647004EA53D5F]
[U] c:\windows\system32\drivers\aha154x.sys	[PX5: B5CCD41400024B8C3232007262F16400589648E4]
[U] c:\windows\system32\drivers\asc3550.sys	[PX5: F329E1C6001CB2953AAF005BD8D557009377D482]
[U] c:\windows\system32\drivers\dac960nt.sys	[PX5: 4A76D57C80C85C4939AF009F3428130045C96C9B]
[U] c:\windows\system32\drivers\cbidf2k.sys	[PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7]
[U] c:\windows\system32\drivers\ini910u.sys	[PX5: C7702821802D11853E090094CBC4E400E259EFF7]
[U] c:\windows\system32\drivers\nwlnkflt.sys	[PX5: A826BA3A803B83AE30C000488911C200DC3CA878]
[U] c:\windows\system32\drivers\abp480n5.sys	[PX5: C1BD84230067F4EA5CEF003B6C801800F0A16602]
[U] c:\windows\system32\drivers\sparrow.sys	[PX5: 34EF085980E9566F4AC800ACA767DA00AD03B518]
[U] c:\windows\system32\drivers\sym_u3.sys	[PX5: F7063075E0AC6E5A777A00060D477100337B9826]
[U] c:\windows\system32\drivers\nwlnkfwd.sys	[PX5: B9B73139006979BB7FBC0031EA7E320032D237D0]
[U] c:\windows\system32\drivers\atmuni.sys	[PX5: 92E7BF650082565E607E05AD216E0900953642D5]
[U] c:\windows\system32\drivers\ultra.sys	[PX5: 41CE68A780B045778F98006DDDA3600052A1B522]
[U] c:\windows\system32\drivers\ql1080.sys	[PX5: A82C642380AE2BE59DA700943B27FD00DC447A6B]
[U] c:\windows\system32\drivers\ql10wnt.sys	[PX5: 7595631F80DF50C381F200FF279FAF00F5EF7B24]
[U] c:\windows\system32\drivers\ql1240.sys	[PX5: F2BAC8600017931F9E4B00F553CCA000C43C7732]
[U] c:\windows\system32\hticons.dll	[PX5: 972AB3460053F819AE270059C500DC000BC6A5DC]
[U] c:\programme\microsoft silverlight\4.1.10111.0\agcore.dll	[PX5: F6A6275348C857AC13B85B98645A3E005CF59AA3]
[U] c:\programme\adobe\reader 9.0\reader\pdfprevhndlr.dll	[PX5: FAFF30A5B04F5B94356F017DF1CDBD00B9560F61]
[U] c:\windows\system32\g711codc.ax	[PX5: 865254DE00B6225BA232008DFCBD600012B22CEF]
[U] c:\windows\system32\drivers\aic78xx.sys	[PX5: 645E88DA8053B973DE9500E552F9DF00FDCB4867]
[U] c:\windows\system32\drivers\ql12160.sys	[PX5: 36C6F79E008C7970B15D0042B56E550063C1516E]
[U] c:\windows\system32\drivers\ql1280.sys	[PX5: 0A6F8C92806C6174BFD3001253C5130062859538]
[U] c:\windows\system32\fxssend.exe	[PX5: CC192E2000DDFC9F2CA600A8A5268D000A0AA611]
[U] c:\programme\adobe\reader 9.0\reader\viewerps.dll	[PX5: FFA172F2C08D7D984175004DDB354A0064180613]
[U] c:\programme\microsoft office\office11\mspub.exe	[PX5: 7ACEB0BB5075F5966113656A2E6DCB00046E4779]
[U] c:\windows\system32\deskadp.dll	[PX5: 7A38AB6600182B994245005EACC722004D7AB589]
[U] c:\windows\system32\deskmon.dll	[PX5: 5CC3956000B491F042CF002CF37E350020F75D1D]
[U] c:\windows\system32\drivers\ipfltdrv.sys	[PX5: E130718C809C039180F700DA0AC8EE00F2B31814]
[U] c:\windows\system32\ialmcoin_v4410.dll	[PX5: 7EBDEEC9007165A7F04200457ACC4400A6F90235]
[U] c:\windows\system32\drivers\aic78u2.sys	[PX5: 841F37AC80EF3F36D7BD000A10720200E4552005]
[U] c:\windows\system32\wupdmgr.exe	[PX5: 2DBB84FC007ACE3C7EB800E67887040034897091]
[U] c:\windows\system32\drivers\fsvga.sys	[PX5: 78ACD409008333CF30C90046F776F800DD6B1647]
[U] c:\windows\setpwrcg.exe	[PX5: F1B2109F004D5D5FC07900FAB4836500FE5754E9]
[U] c:\programme\microsoft silverlight\4.1.10111.0\coreclr.dll	[PX5: A03152C900CC4744B4553504255D840080CBA182]
[U] c:\windows\system32\rsvp.exe	[PX5: 708EE76900E163D906880231F30F2D00092EA184]
[U] c:\windows\system32\winoldap.mod	[PX5: E19A53B2202676D208C7002132DA8800B79BCD14]
[U] c:\windows\system32\ole2disp.dll	[PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7]
[U] c:\windows\system32\ddeml.dll	[PX5: 87F926CB00F2CB349A1200182C741300BAE396F9]
[U] c:\windows\system32\win87em.dll	[PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F]
[U] c:\windows\system32\msacm.dll	[PX5: 9509859960B48961EF3C0048E192C7001E1E2D02]
[U] c:\windows\system32\toolhelp.dll	[PX5: 87219368400265353643009B30E21C003936EBD7]
[U] c:\windows\system32\commdlg.dll	[PX5: B3E50C8AD0643BD6833B00504A812E004DACF602]
[U] c:\windows\system32\wbem\wmitimep.dll	[PX5: B26F4213007C0CFACC5C0032B8CB26000F4AA902]
[U] c:\programme\gemeinsame dateien\microsoft shared\msinfo\msinfo32.exe	[PX5: DCC20BBB0036A3BB9EFA00953DF8F2002A7A563C]
[U] c:\windows\system32\ole2.dll	[PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31]
[U] c:\windows\system32\mmsystem.dll	[PX5: B5997EF700CA605710E601C8EB6DD70066F2F55A]
[U] c:\windows\fonts\vgaoem.fon	[PX5: 6CA95C4D3080777B140100C1C8350800A078F465]
[U] c:\windows\system32\drivers\parvdm.sys	[PX5: D78233F280E873FD1B40001BF0D2FD00BACAF8B2]
[U] c:\windows\system32\wbem\wmimsg.dll	[PX5: 17DE9138001AC6F9F02A008F3DD1CA00E639D17F]
[U] c:\windows\system32\drivers\atmepvc.sys	[PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B]
[U] c:\windows\system32\drivers\cpqdap01.sys	[PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3]
[U] c:\windows\system32\ctl3dv2.dll	[PX5: C84734B440655DC66A4D00304EF8AC0014627D07]
[U] c:\windows\system32\d3dxof.dll	[PX5: 00C7E90800D9429BBA1500D688EACF00C87DB2F0]
[U] c:\windows\system32\deskperf.dll	[PX5: B2508B8100733CAC4876006C35B4E700DCAEC44A]
[U] c:\windows\system32\diskcomp.com	[PX5: FD83E24A00E33AB824A100536EC85C00ACA1D94F]
[U] c:\windows\system32\diskcopy.com	[PX5: 9F11BE870016CEF71C05003B3C2E0700C99A33B9]
[U] c:\windows\system32\wbem\trnsprov.dll	[PX5: 205096BD00E4DAC5EA3B00F3D53775004A2DEFF4]
[U] c:\windows\system32\dmintf.dll	[PX5: E4745039007203144863003B3C2E07008C657EC2]
[U] c:\windows\system32\wbem\tmplprov.dll	[PX5: E5D3A89900B1AD33F2F60025BBC01E00A5392763]
[U] c:\windows\system32\wbem\smtpcons.dll	[PX5: AC40A7EB00E23DA9A09200E597F3D600FDB2B9EA]
[U] c:\windows\system32\iaspolcy.dll	[PX5: 0B05E4990005B2C7469B0072B5D06600F1AB1FEE]
[U] c:\programme\gemeinsame dateien\microsoft shared\vfp\vfp8r.dll	[PX5: 26837DC0005D2C9BA0E2415B3491FA000E8D2BD8]
[U] c:\windows\system32\ipxrip.dll	[PX5: CD9AADBA00C352F754B30034163CEA000C139306]
[U] c:\windows\system32\ipxrtmgr.dll	[PX5: 5953F71D007462269CAE00DA44218A00935EB80C]
[U] c:\windows\system32\drivers\mcd.sys	[PX5: 874B185900D5916B1EF900C2FE181D00136FAB22]
[U] c:\windows\system32\mdhcp.dll	[PX5: 9CBD2A800009417DC42000396B7FB600D8B1F390]
[U] c:\windows\system32\wbem\wmipicmp.dll	[PX5: BF362AF600101AF32CF901776BE194000C904927]
[U] c:\windows\system32\mode.com	[PX5: 2E93A30400625BBF4CE400E712EA2900571D8A05]
[U] c:\windows\system32\olecli.dll	[PX5: F5FB40F500858B0244DF0121D0BC3200B432085A]
[U] c:\windows\system32\drivers\nikedrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9]
[U] c:\windows\system32\ntlanui2.dll	[PX5: 31B28537003D84B73AA5000A7557EF00D6C5C63D]
[U] c:\windows\system32\olesvr.dll	[PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F]
[U] c:\windows\system32\panmap.dll	[PX5: D5F5A85F0001FBEC28F100714DA259002265767B]
[U] c:\windows\system32\rasrad.dll	[PX5: 9C52DCEB003455235C82002AF9A1AB0080B59E34]
[U] c:\windows\system32\drivers\rawwan.sys	[PX5: 3623B25780ED679386B1006F511AA700A8DBED63]
[U] c:\windows\system32\drivers\rio8drv.sys	[PX5: 689BF8B80051228F2F8000540597A5009049C8B5]
[U] c:\windows\system32\drivers\riodrv.sys	[PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7]
[U] c:\windows\system32\drivers\rootmdm.sys	[PX5: F3E7979300A8EEA3177100743639FF0080591A18]
[U] c:\windows\system32\rsmui.exe	[PX5: 16BEDBA400BD61ABC2D300A5320A7F00E4BD8A8D]
[U] c:\windows\system32\drivers\smclib.sys	[PX5: 8A9722BD003AC63939580092009AC20088FC78D8]
[U] c:\windows\system32\storage.dll	[PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292]
[U] c:\windows\system32\drivers\tsbvcap.sys	[PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD]
[U] c:\windows\twunk_16.exe	[PX5: F36A27171006EDD2C23C0094956AFB0056981184]
[U] c:\windows\twunk_32.exe	[PX5: 5D53387700CBFAF764B000A2172748002D7A396C]
[U] c:\windows\system32\drivers\vdmindvd.sys	[PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF]
[U] c:\windows\system32\win.com	[PX5: 4E1E179E00A1B00F481B003D92602E007B8F5F12]
[U] c:\windows\system32\winspool.exe	[PX5: F5BB157440E5748C08D600021F9AD300B79BCD14]
[U] c:\windows\system32\wowdeb.exe	[PX5: C1613D5DB0A80A260ABB006471357400B79BCD14]
[U] c:\windows\system32\wbem\updprov.dll	[PX5: BAE85062007E0BB2C685016BA732CF008F5B2F01]
[U] c:\windows\vmmreg32.dll	[PX5: 432FC082006D54B54A9800E9BF6ADE0089453257]
[U] c:\windows\system32\drivers\acpiec.sys	[PX5: F21BE3DC800E8A0A2F3C009238A73C00223D7063]
[U] c:\windows\system32\drivers\oprghdlr.sys	[PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14]
[U] c:\windows\system32\wbem\fwdprov.dll	[PX5: 97A5100600611BC0D04C0030FF254700DD82D655]
[U] c:\windows\system32\iasads.dll	[PX5: A0854B2800C7DFABA2B200A6634EF8004682F95D]
[U] c:\windows\system32\iasacct.dll	[PX5: 0E6DBB53009CA7055C8B0087E28CD1002E8DF0E5]
[U] c:\windows\system32\wiasf.ax	[PX5: A458AA4100A5B1809E8100A98C255200ADBA2A08]
[U] c:\windows\system32\sdpblb.dll	[PX5: B61081F80002DC69FCF10175B2E85600D4F8161A]
[U] c:\windows\system32\rdpcfgex.dll	[PX5: BC51E2AB00FD6DEA12E800C1F661D90061E914A0]
[U] c:\windows\system32\swprv.dll	[PX5: A806F3920077156D1EC60219CCF44C001AD1E757]
[U] c:\windows\taskman.exe	[PX5: 3F2A394F00E022653EEA00BD2EAB56008E111289]
[U] c:\windows\system32\wbem\unsecapp.exe	[PX5: 037DFB15008CDA1D427F007D3466080093CC78A3]
[U] c:\windows\system32\wbem\wbemads.dll	[PX5: B76EA58700D09400309300120A757300AB6F5350]
[U] c:\windows\system32\dmocx.dll	[PX5: D71C9861008B65584C9B00C043DDC800B935F58D]
[U] c:\windows\system32\mciwave.drv	[PX5: 4D15592B0006473D6E3900034B93AF002C41B6EA]
[U] c:\windows\system32\compobj.dll	[PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F]
[U] c:\windows\system32\drivers\nwlnknb.sys	[PX5: 04BB889700AAB944F73D0096D8122400A0912260]
[U] c:\windows\system32\drivers\nwlnkspx.sys	[PX5: 38D410228045AB3DDA820098A4E752008EA9780C]
[U] c:\programme\msn gaming zone\windows\zclientm.exe	[PX5: 58CE6D5C4901D7FD901900C56DBD8D00307557B5]
[U] c:\windows\pchealth\helpctr\binaries\brpinfo.dll	[PX5: 6B50DA7B0044576A5412005ECAA95900A3CA27F3]
[U] c:\programme\gemeinsame dateien\microsoft shared\grphflt\wpgexp32.flt	[PX5: AD28D8EA00A2E2DE50320171DF11DA00E802450B]
[U] c:\windows\system32\wshnetbs.dll	[PX5: 0B83A119000A99EB1CE9006990E88A003BE97930]
[U] c:\programme\windows nt\hypertrm.exe	[PX5: 9157360300680C046EEE004E48378400C29252C2]
[U] c:\windows\system32\drivers\adpu160m.sys	[PX5: A646098B00C8A7478EF4012AC693E40053E6B855]
[U] c:\windows\system32\drivers\e100b325.sys	[PX5: F259B54600607D05CCFA011F853F80006BB010DA]
[U] c:\windows\system32\drivers\dac2w2k.sys	[PX5: 2988280A8061B19BBDB80278B0C05C0011F9526A]
[U] c:\windows\system32\mprddm.dll	[PX5: 1E87929000E2C2940E20019F10EC7C002A004CC0]
[U] c:\windows\system32\drivers\tosdvd.sys	[PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE]
[U] c:\windows\system32\ole2nls.dll	[PX5: 09B13294B021FA9E558F026E08072F00900228B5]
[U] c:\windows\system32\iassvcs.dll	[PX5: AD36E36D008E4824F2040090154A0F00E1A7B239]
[U] c:\windows\system32\iasnap.dll	[PX5: D1453BB000CBD1BFF4AF009D662E66007CCC3964]
[U] c:\windows\system32\iashlpr.dll	[PX5: 6A243E5100EDC38D7E9500311E0614001FF1C6DF]
[U] c:\windows\system32\msaatext.dll	[PX5: 7FFB71AF003856EE92B60105381D71008A7FC26D]
[U] c:\windows\system32\ipxsap.dll	[PX5: FAD746B9007BD227043401F58EDD66009BF1A3C3]
[U] c:\windows\system32\lanman.drv	[PX5: 979919E9109F8F89739803C59F91BE005572B13A]
[U] c:\windows\system32\fsusd.dll	[PX5: 970D3E7900099AA2409D01D326861F002D46CA2A]
[U] c:\windows\system32\docprop.dll	[PX5: 5AEBC5B500133D42BA050002FAF14D00FA76FAEE]
[U] c:\windows\system32\dmview.ocx	[PX5: 9B0017BD009C3000F057005D653B2600C11EEFEA]
[U] c:\windows\system32\ntsd.exe	[PX5: 3A2AF65D002D211C7C10004432E9BD00A739BA2A]
[U] c:\windows\system32\acelpdec.ax	[PX5: 838055F100D46D00F28D003FD1167600A973152E]
[U] c:\windows\system32\mciseq.drv	[PX5: 29BE5A79D02501D962B1006D9F644A004DC598FB]
[U] c:\windows\system32\graftabl.com	[PX5: 0FE61FD6007A5D06668800223CE439009567DF04]
[U] c:\windows\system32\msr2c.dll	[PX5: 2ECB083700BDD5DD1027017D93CB5100CF931A54]
[U] c:\programme\msn\msncorefiles\install\msnsusii.exe	[PX5: C7387880D830739EDC810D68D20F5D004263165A]
[U] c:\windows\system32\edit.com	[PX5: B542A12F6E6E0DA415520148D1845800ED9F60B4]
[U] c:\windows\system32\mciavi.drv	[PX5: FD5C7DEA20EEA2C72056011DA830F200A7FFE5D6]
[U] c:\windows\twain.dll	[PX5: F27DC35B50CCD66A72E8010595862C0004CBD1F8]
[U] c:\windows\system32\typelib.dll	[PX5: C0620321C004C14EB60D020DCCE16200701F9AEA]
[U] c:\windows\system32\scardssp.dll	[PX5: 93BA559F00DEC9DCD05F01FDA4A360001BEE7D23]
[U] c:\windows\microsoft.net\framework\v1.1.4322\configwizards.exe	[PX5: 3559A8C600A0D6E7C0DF00B3E52649008AC2F3B9]
[U] c:\windows\system32\rend.dll	[PX5: F2BB8D60009CAACAA4210161D1BEF10066161912]
[U] c:\windows\system32\diactfrm.dll	[PX5: A23D0D7700ED843508550688EE82B000F87F9ADA]
[U] c:\windows\system32\csseqchk.dll	[PX5: EAB49AF700F317E720A5018D38A67400BF01A018]
[U] c:\windows\system32\msvideo.dll	[PX5: 0BB88544806833B9F080012F00509C00B96AD7CE]
[U] c:\windows\system32\wbem\dsprov.dll	[PX5: E528A06400EF828AD64501BEA01D4600627E1E1F]
[U] c:\windows\system32\iassam.dll	[PX5: FB09B63C00B05CA0521D018D07FB20008049487A]
[U] c:\windows\system32\d3drm.dll	[PX5: 6145356E00FF5E9E586805F3BD5BD40054DB6BFF]
[U] c:\programme\gemeinsame dateien\microsoft shared\works shared\aw.dll	[PX5: 4A0DBBED3240B13330B502E5E7AACA008DE84B75]
[U] c:\programme\gemeinsame dateien\speechengines\microsoft\spcommon.dll	[PX5: F0C3BDE90098B4263080017505BEE700A6A0FB15]
[U] c:\windows\system32\langwrbk.dll	[PX5: 122401F7002A749B5E61016B6B783100FC8083F6]
[U] c:\windows\system32\netapi.dll	[PX5: 3B2621E2C04DF3B2A77E0156CAF52A00A1424563]
[U] c:\windows\system32\calc.exe	[PX5: 5BDBC96E001A8363C02501E8D53F0300B3AF85ED]
[U] c:\windows\system32\krnl386.exe	[PX5: 0363E948E0B228E169DC012D6A7C590010AD67B4]
[U] c:\programme\gemeinsame dateien\microsoft shared\msinfo\ieinfo5.ocx	[PX5: 259544D700F216C270E101492127480068E5F589]
[U] c:\windows\system32\avifile.dll	[PX5: 4ED3A0D9C077CED2ABD5016052733100D7A4582F]
[U] c:\windows\system32\wiavusd.dll	[PX5: 9E9208DD007160AC382D02309C295C0094E700F6]
[U] c:\windows\system32\avicap.dll	[PX5: 6D67EC12E084E54E124201FFF5F62900B422894F]
[U] c:\windows\system32\charmap.exe	[PX5: 8A8C595C00117FE93CB201F2CEF5910022E4E9E5]
[U] c:\windows\system32\ciadmin.dll	[PX5: 94E01BF000208BB9881D0244A9D6160077A18E44]
[U] c:\windows\system32\autodisc.dll	[PX5: 2277A428004F7FBF3CEB01CF5AF597002B47B08F]
[U] c:\windows\microsoft.net\framework\v1.1.4322\mscormmc.dll	[PX5: B6FE43C400F17A34002A02E62768D200EC50F2B2]
[U] c:\windows\system32\gcdef.dll	[PX5: B732D89C0058F63532F9015A301A3300C778F8D1]
[U] c:\windows\system32\iasrecst.dll	[PX5: 9B4E04DB0040F75728E9026A12A6540036261797]
[U] c:\windows\system32\xenroll.dll	[PX5: 2CBADB2D78AD36EBB05C02778CBE9B0061E68869]
[U] c:\windows\winhelp.exe	[PX5: CE4758B520A013DAEE33037C5678DA00292EBF99]
[U] c:\programme\gemeinsame dateien\speechengines\microsoft\tts\1033\spttseng.dll	[PX5: 04DD493100ED6548D0500BBAA8D87600F453E6DF]
[U] c:\windows\system32\wbem\msiprov.dll	[PX5: A1FD7CF200819ABB2E3904384A503300E353A81A]
[U] c:\windows\system32\iassdo.dll	[PX5: 4ABC77DD007721DADA3B03A96DA1B00028980870]
[U] c:\windows\system32\avtapi.dll	[PX5: E38D5FF00004FC058E50033723381E008C5DA44C]
[U] c:\programme\sweetim\toolbars\internet explorer\mgtoolbarie.dll	[PX5: 20DECCCA30EBD4BE4D921401DF89EB0032BF86F8]
[U] c:\programme\gemeinsame dateien\mssoap\binaries\mssoap1.dll	[PX5: F109385B00300BC6985C03C37277B800EB0BEC50]
[U] c:\windows\system32\infosoft.dll	[PX5: DD7F838D0071179DE01F06FDC955820033CEFA83]
[U] c:\windows\system32\drivers\cinemst2.sys	[PX5: 7C4B5F6480542F0A010D0467679A3400E2B14447]
[U] c:\programme\gemeinsame dateien\microsoft shared\web server extensions\40\bin\fp4awec.dll	[PX5: A6A73D246D8D1A0AE02106D895FF8C00F6CACDF0]
[U] c:\programme\adobe\reader 9.0\reader\pdfprevhndlrshim.exe	[PX5: 17DAEAC5C88BC887C508013A4F8E7E0071EBAD36]
[U] c:\programme\adobe\reader 9.0\reader\acrordif.dll	[PX5: 97A5C241B080B563D53901938843090003F59A82]
[U] c:\windows\system32\drivers\nv4_mini.sys	[PX5: 917F7FE8C02DB936F3411C8AC739AB0032E68CB2]
[U] c:\programme\adobe\reader 9.0\reader\acrobroker.exe	[PX5: 2876A3C3D88E642F45D104D7C87AF300532D6AB8]
[U] c:\dokumente und einstellungen\admin\lokale einstellungen\anwendungsdaten\zonealarm\tbzon0.dll	[PX5: 53EAE9A328C756371F0343489F58FE00B997C8BA]
[U] c:\programme\wizard101(de)\unins000.exe	[PX5: 5C69A5479B8906F3FBFC117C7CBCAC00EA6F0BFB]
[U] c:\windows\system32\ieframe.dll	[PX5: 1B0B60F90073F12A1A19A98D5EC70600AB3C663E]
[U] c:\windows\system32\mshtml.dll	[PX5: CCD06B7D00208B9C3C285B0187709000B166F9C6]
[U] c:\windows\system32\drivers\wmilib.sys	[PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3]
[U] c:\windows\system32\drivers\pciide.sys	[PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14]
[U] c:\windows\system32\drivers\ftdisk.sys	[PX5: D543638280F1FAF5EDA30154BD3E77000D1BD1CA]
[U] c:\windows\system32\drivers\audstub.sys	[PX5: C910D030000E35B30CDC00441BDEF300B79BCD14]
[U] c:\windows\system32\drivers\null.sys	[PX5: 7047032880E19D2B0B4300F23A496700B79BCD14]
[U] c:\windows\system32\lz32.dll	[PX5: 93670382006E627E0AA70031FB056300B79BCD14]
[U] c:\windows\system32\drivers\dxgthk.sys	[PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14]
[U] c:\windows\system32\drivers\fs_rec.sys	[PX5: 2E3179C900CB71741FBA004F645EEB00865149D3]
[U] c:\windows\system32\drivers\beep.sys	[PX5: F62FA4F780D77A5110B2005CD7507900637E04C1]
[U] c:\windows\system32\drivers\mnmdd.sys	[PX5: 33A41DEC8064684210700001C4EA1400320E2D4F]
[U] c:\windows\system32\drivers\rdpcdd.sys	[PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74]
[U] c:\windows\system32\drivers\ptilink.sys	[PX5: F96F182D805891FA452B007EBD870E004C25BA07]
[U] c:\windows\fonts\vgasys.fon	[PX5: 374F9840707DD0451C8100F3EB938400C3FB24D8]
[U] c:\windows\fonts\vgafix.fon	[PX5: 91E18BC7F0A0037314FB006B55157F001FC9364C]
[U] c:\windows\system32\drivers\raspti.sys	[PX5: 506F10F380FEE57C406900BE351741009F00F0DE]
[U] c:\windows\system32\drivers\rasacd.sys	[PX5: EF519CA180B540A42200002C4F06E3005372DD33]
[U] c:\windows\system32\drivers\cdaudio.sys	[PX5: 7D0D30B9001A5352491B006D9C79D000079079B1]
[U] c:\windows\system32\kbdgr.dll	[PX5: 4DF569E700DDEF701857000515A4BD009E9A507D]
[U] c:\windows\system32\kbdus.dll	[PX5: 1C8DFBD6007B7263161C00B564992B00403FEB69]
[U] c:\windows\system32\drivers\ws2ifsl.sys	[PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545]
[U] c:\windows\system32\drivers\dxapi.sys	[PX5: D0E069F50027643C29470029619BD400B7B7054A]
[U] c:\windows\system32\vga.dll	[PX5: 9E0179DF80EA0466248000DDC9EF1800597A3AC6]
[U] c:\windows\system32\olesvr32.dll	[PX5: EA7512BF00DA3B5E563800BFD1156A00CA867A4D]
[U] c:\windows\system32\clb.dll	[PX5: 1D451103005872552CF700E4712A4100AC9BD44F]
[U] c:\windows\system32\drivers\bcm4sbxp.sys	[PX5: 83F8B74F0083E78FB10B00DD2ABB38000D9705C7]
[U] c:\windows\system32\olethk32.dll	[PX5: 76AD5B550048466B0EB8015E630C6500D4F248DC]
[U] c:\windows\pchealth\helpctr\binaries\hcappres.dll	[PX5: FD9CC7C2006D19051EFC0012D2480F00A20B7F8D]
[U] c:\windows\system32\control.exe	[PX5: F0C9BB9B00D7FEE920C900E6B3BA7000AAC311FC]
[U] c:\windows\system32\tssoft32.acm	[PX5: 321787E40078F5BA20E000C38B02C600C7705B34]
[U] c:\windows\system32\mpnotify.exe	[PX5: A53FF43500FBCDFB56B7003B7441B3007A16883E]
[U] c:\windows\system32\fxsroute.dll	[PX5: 2664584E007DEC067C6B00C75A8B6C00EF32819A]
[U] c:\windows\system32\msg711.acm	[PX5: 290EEC75004AAB9324510012D62AF30037DC8D77]
[U] c:\windows\system32\wups.dll	[PX5: 04CF6114E0569C2C8A6A0094E0349F00C93E5435]
[U] c:\windows\system32\msgsm32.acm	[PX5: 3B6B5DA400BD651B4E78005CEA8BB800E1579172]
[U] c:\windows\microsoft.net\framework\v1.1.4322\de\aspnet_rc.dll	[PX5: 570D1FB4009618B7B06000CDE68D22008E423309]
[U] c:\windows\system32\pschdprf.dll	[PX5: BDA233CF00383C012A6B003B039D1D00917FAFF1]
[U] c:\windows\system32\rasctrs.dll	[PX5: 7B40074900CC7ADA3009003B3C2E070046B8FF7A]
[U] c:\windows\system32\rsvpperf.dll	[PX5: 751D458900EFCBBC26D2003B3C2E070032CD163F]
[U] c:\windows\system32\netevent.dll	[PX5: 94C699D4006637CDCA1303FC7804750009951F52]
[U] c:\windows\system32\dfrgres.dll	[PX5: 072EC2A00033936AD6EF008633593C006550C317]
[U] c:\windows\system32\tapiperf.dll	[PX5: 0EC337E800BC7520160C0089D5B62C00FD76F1A6]
[U] c:\windows\system32\perfts.dll	[PX5: AE9073F600B211AB30C8004AEAD2430041B25501]
[U] c:\windows\system32\wbem\xml\wmi2xml.dll	[PX5: 105D5884005BBA35B2DE00FA81117100EC1DD379]
[U] c:\windows\system32\mui\0007\hhctrlui.dll	[PX5: 0FCBA7E700D2946E642C01280ED19000EDB9311F]
[U] c:\windows\system32\drwtsn32.exe	[PX5: A6E299D4002B6CDFB8AF005912C34700F1861737]
[U] c:\windows\system32\msg723.acm	[PX5: BF75D8B1003007BCD04701D9AD2CB90025EA44BE]
[U] c:\windows\system32\mapi32.dll	[PX5: 77CE006E002FA354B66F013FF868D7000AA80681]
[U] c:\windows\system32\sndvol32.exe	[PX5: B753B5C9006E7A81222602D8A87144001171B1C7]
[U] c:\windows\system32\ir32_32.dll	[PX5: 48C6FD2800CF7D770AB40340E9EE0B004F741A40]
[U] c:\windows\system32\vss_ps.dll	[PX5: F64501C100BEED26425A0090143FA6004C3A332A]
[U] c:\windows\system32\mycomput.dll	[PX5: DDB834B800263B836280016265067E00D4939874]
[U] c:\windows\system32\icmui.dll	[PX5: C81096D600DADF76D847006AF0AEED0042A28F75]
[U] c:\windows\system32\rsmsink.exe	[PX5: EF51A26E00AFAF5B600200C8B3DD63004F443B56]
[U] c:\windows\system32\chcp.com	[PX5: 62142BAC004172551EE000230CC13000F18FD81F]
[U] c:\windows\system32\pmspl.dll	[PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93]
[U] c:\windows\system32\drivers\ccdcmb.sys	[PX5: 1CF343CA006D149F47360030765C4700B30363B1]
[U] c:\windows\system32\ddmi2.sys	[PX5: 974F6FD141A700C81BE200244F33EF0087628BB4]
[U] c:\windows\system32\drivers\s116nd5.sys	[PX5: 59A1F11488BBFE3D5A8400D571830800411E336F]
[U] c:\windows\system32\cisvc.exe	[PX5: 5B1FCEE900C604831646004596EDB600A74ED4C6]
[U] c:\windows\system32\mshta.exe.mui	[PX5: 3691C2C600A651B60AD800778E9E2500B79BCD14]
[U] c:\windows\system32\dmserver.dll	[PX5: 041131C900AC1BCB5E89005708E5AC00E51DD398]
[U] c:\windows\system32\drivers\agp440.sys	[PX5: 92796BB0806349F8A56F00F55D76CD005A64789A]
[U] c:\windows\system32\drivers\s116mdfl.sys	[PX5: 25E7EA91080359613BBC008BF973C80099D703A8]
[U] c:\windows\system32\w3ssl.dll	[PX5: 6C3C5B0A003E1F303E1E00FA8E0DA50013697EFD]
[U] c:\windows\system32\ups.exe	[PX5: EB0902AB000750CB4840003FB8388C00F3DC32AA]
[U] c:\windows\system32\sclgntfy.dll	[PX5: B7AE331900B0655F5AC000FE3D9C0B004B0D353F]
[U] c:\windows\system32\drivers\usbser_lowerflt.sys	[PX5: 72905DD900B0840120C1006B47D55A009589B6D8]
[U] c:\windows\system32\drivers\usbser_lowerfltj.sys	[PX5: 53D4BC7E007EDDA2206A0074A154A400AA793159]
[U] c:\windows\system32\mnmsrvc.exe	[PX5: 09A774C800D71BFC80AE005F190EAC002F974098]
[U] c:\windows\system32\drivers\s116wh.sys	[PX5: 57E4D21F88F2A72730140021A2303C00830A46BA]
[U] c:\windows\system32\drivers\s116whnt.sys	[PX5: 57E4D21F88F2A72730140021A2303C00830A46BA]
[U] c:\windows\system32\drivers\s116cm.sys	[PX5: 778183D28813831830E1000EC9D22200CCB83F0E]
[U] c:\windows\system32\drivers\hidbth.sys	[PX5: C468F04A00AB923165CD0019D9EDE70098F4ADD1]
[U] c:\windows\system32\drivers\agpcpq.sys	[PX5: 3C2A452B80CBBE67AF240060110ED70068FEC41D]
[U] c:\windows\system32\drivers\bthprint.sys	[PX5: 15F50C358083D21A8E0C007F137244008C573A12]
[U] c:\windows\system32\slayerxp.dll	[PX5: FAC2ED310070C9AE64380036AB5FCC0089903415]
[U] c:\windows\system32\drivers\crusoe.sys	[PX5: DD5C92A780A171379F24001BB46BB9007EDAD51E]
[U] c:\windows\system32\drivers\stream.sys	[PX5: FDEA7CEA00E734D3C1DE0004BF4241007DE59088]
[U] c:\windows\system32\drivers\tdtcp.sys	[PX5: 8942980688A6EF76558200032BC6D800DD26DD28]
[U] c:\windows\system32\drivers\gagp30kx.sys	[PX5: 642F878C801E7D44B50600016FDC9C0046817CE7]
[U] c:\windows\system32\dssec.dll	[PX5: 082A2FB500F7D81FCC3800C338A20A00EADBD389]
[U] c:\windows\system32\drivers\pccsmcfd.sys	[PX5: E358987780D5A833491F0003530A1700421C3BC7]
[U] c:\windows\system32\drivers\siint5.dll	[PX5: F141B3BE3D6D02440F8A00D5CEF19500B79BCD14]
[U] c:\windows\system32\drivers\uagp35.sys	[PX5: 9D095C07801C22E3AE6600D63D61E600782D745D]
[U] c:\windows\system32\drivers\adv11nt5.dll	[PX5: 7673ED26BF9B09EC0EC100AA8F307F00B79BCD14]
[U] c:\windows\system32\drivers\amdagp.sys	[PX5: E6EB08360057179FA86C00430CC301004CB71E2C]
[U] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe	[PX5: 29E1613918B5437BB4A000056BA30D0085A65364]
[U] c:\windows\system32\drivers\alim1541.sys	[PX5: 9F57E1E200726D99A7A3005976AF0500D3B95DEC]
[U] c:\windows\system32\drivers\usbscan.sys	[PX5: A345B33E004758873B29000DE02C9B00FEA79BC2]
[U] c:\windows\system32\drivers\adv09nt5.dll	[PX5: E173D95F7FF335B60E3300DD69199800B79BCD14]
[U] c:\windows\system32\drivers\pxkbf.sys	[PX5: 2EA3F3ABF0130F2A653300A5265A1E00C6F8D0F4]
[U] c:\windows\system32\drivers\fdc.sys	[PX5: 030113CC009ED3836B77000B64308F00665FD179]
[U] c:\windows\system32\drivers\usbaudio.sys	[PX5: 61FF99838018C997EA650050BC760E009F3DAFF2]
[U] c:\windows\system32\drivers\irenum.sys	[PX5: EFF123FF009559F82C9800EF91504100B6FCDE09]
[U] c:\windows\system32\drivers\adv08nt5.dll	[PX5: FE00241D3F1E00A10CCF000606C17100B79BCD14]
[U] c:\windows\system32\drivers\ati1mdxx.sys	[PX5: 9A0348305FAB82F42D270060B8503E0045CF641B]
[U] c:\windows\system32\drivers\wadv11nt.sys	[PX5: 3270838B9F1CA4BC2ECD00F52065DC007F926E55]
[U] c:\windows\system32\drivers\tdpipe.sys	[PX5: 3FCBC6C1086354332FFD003DE3512D00E0553E49]
[U] c:\windows\system32\drivers\viaide.sys	[PX5: 763F36E3001A65E115B100F2DCFD2A00B7136772]
[U] c:\windows\system32\drivers\mspqm.sys	[PX5: E79874108063B1F513260078C414AC00D0AB678F]
[U] c:\windows\system32\drivers\atv02nt5.dll	[PX5: 2CF903F35FE772BB2CB900906A3B9C00B64531A8]
[U] c:\windows\system32\drivers\mspclock.sys	[PX5: E3D3244C00A7CE72157A001337247B008F8E8497]
[U] c:\windows\system32\drivers\mskssrv.sys	[PX5: 1206502B8070367E1DC0005B0E279D003A9EE63B]
[U] c:\windows\system32\drivers\smbali.sys	[PX5: 12482C94000568C617170054DB39780005417B03]
[U] c:\windows\system32\drivers\tunmp.sys	[PX5: CBD0AEE30035D6A5300B00CF5C41910059532CD5]
[U] c:\windows\system32\drivers\sffdisk.sys	[PX5: BCD0F07C80BDA6002E68000865B1AD002DF173D8]
[U] c:\windows\system32\drivers\atinmdxx.sys	[PX5: F01147EA00BE7AB736CC00E44C302A00BEEA352D]
[U] c:\windows\system32\drivers\vchnt5.dll	[PX5: 0ED594033D76220A2CCA00C298481800F7EE2D11]
[U] c:\windows\system32\drivers\adv01nt5.dll	[PX5: F3CEDD4B9F8B578F10D400C06F170800891B8370]
[U] c:\windows\system32\drivers\diskdump.sys	[PX5: 6D7A5F848072A37B37EB00C342763700A71B4DD2]
[U] c:\windows\system32\drivers\sffp_mmc.sys	[PX5: 0D9613CE000C9FDF284300164391810062DCB727]
[U] c:\windows\system32\dfsshlex.dll	[PX5: 6935BB0F004A750A70830023BC27D6007F3E5BBF]
[U] c:\windows\system32\drivers\adv02nt5.dll	[PX5: 861945D37F6CE6440F3500984FB4FE00B79BCD14]
[U] c:\windows\system32\drivers\recagent.sys	[PX5: 8230DA32D0FF3CCB359200458A49D1005077BCC7]
[U] c:\windows\system32\drivers\s116cmnt.sys	[PX5: 778183D28813831830E1000EC9D22200CCB83F0E]
[U] c:\windows\system32\drivers\slwdmsup.sys	[PX5: 16863D5CB8EACC283314005DED01E500658864AF]
[U] c:\windows\system32\drivers\watv10nt.sys	[PX5: BC7A9CF57F55E4C36384008A4A3A0700A414BF9F]
[U] c:\windows\system32\drivers\s116cr.sys	[PX5: 7343E48E0805FDDD2B8200298604180062BC0B9B]
[U] c:\windows\system32\drivers\sffp_sd.sys	[PX5: 2962F907000470602BFC005958959E005F3F9EDD]
[U] c:\windows\system32\hidserv.dll	[PX5: 041E3559001A199854B000E2F21EE100E401225C]
[U] c:\windows\system32\drivers\usb8023x.sys	[PX5: 3E77E626002C4E4732F6001737A36500BD2ED064]
[U] c:\windows\system32\drivers\adv05nt5.dll	[PX5: 5D753EE01F6F42CF0E95003194A3FE00B79BCD14]
[U] c:\windows\system32\drivers\atinpdxx.sys	[PX5: 56DABC9E00199F9D38D000631CEE050045090A25]
[U] c:\windows\system32\drivers\k750mdfl.sys	[PX5: BBF2C4C3B0B982E01916007DB05AF200A48E60D7]
[U] c:\windows\system32\drivers\wadv09nt.sys	[PX5: 5DB73A5C5FAB7A1D2EB000A4DD02C800BA660E95]
[U] c:\windows\system32\drivers\wadv08nt.sys	[PX5: 4CF103A01F6123B62CFA0037B0C1FD00836A25AA]
[U] c:\windows\system32\drivers\wadv07nt.sys	[PX5: 1E0FE3D21FE339D22E2B008596227200617F8D26]
[U] c:\windows\system32\drivers\mutohpen.sys	[PX5: F0516BDE807DC7ED312D00118D1A3F00F3D76BCF]
[U] c:\windows\system32\drivers\adv07nt5.dll	[PX5: A921A5C03FFE4E930E2D00DEA00D0C00B79BCD14]
[U] c:\windows\system32\drivers\k750cmnt.sys	[PX5: 9139F45700380BB5189900EC482D1100B0CCF94B]
[U] c:\windows\system32\drivers\ati1pdxx.sys	[PX5: E991404B0FFD6FF82F7000461A312B002816CEC0]
[U] c:\windows\system32\drivers\wacompen.sys	[PX5: BD7D24B780B23628379400D942852C00086B47B3]
[U] c:\windows\system32\drivers\tape.sys	[PX5: 1278B1EF80B32A683A3F0096934CD200CD93C3A7]
[U] c:\windows\system32\drivers\k750cm.sys	[PX5: 9139F45700380BB5189900EC482D1100B0CCF94B]
[U] c:\windows\system32\drivers\k750whnt.sys	[PX5: 9B7927F87064610A168100A17F82920047BCBD7B]
[U] c:\windows\system32\drivers\usbintel.sys	[PX5: 46A2709400A8B9863E99007B5ED70B00A3584D07]
[U] c:\windows\system32\drivers\k750wh.sys	[PX5: 9B7927F87064610A168100A17F82920047BCBD7B]
[U] c:\windows\system32\drivers\usb8023.sys	[PX5: 3E77E626002C4E4732F6001737A36500DF1D4C45]
[U] c:\windows\system32\drivers\atinttxx.sys	[PX5: 4D021E9A00CC1BA9364D00987AB05B00A6802140]
[U] c:\windows\system32\drivers\vnusb.sys	[PX5: 8886EE916030A070960100C80C86160041B12F28]
[U] c:\windows\system32\drivers\atv06nt5.dll	[PX5: 366698F63FC80BE037260071F2D88D007996ED68]
[U] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe	[PX5: A1641FCD08C637E48661006025BFA10083500E28]
[U] c:\windows\system32\drivers\usbcamd.sys	[PX5: 2C68E76000C0840A6439007754862A00090E71FE]
[U] c:\windows\system32\sendmail.dll	[PX5: 8088824600394EBAD8B8000ECF53A80050A09EDB]
[U] c:\windows\system32\drivers\i2omp.sys	[PX5: 53DD5A928056D71F48AC00DEF5424100542EC81C]
[U] c:\windows\system32\drivers\ch7xxnt5.dll	[PX5: 9CA6D35A3FDA46E93C6100BF4DDD2A00DCD51233]
[U] c:\windows\system32\drivers\flpydisk.sys	[PX5: 60E1171000EEA79E50BF00391F7EE0003B4C37EA]
[U] c:\windows\system32\drivers\atv10nt5.dll	[PX5: 8814C54C7F821B6843840006D80676002F5F56FB]
[U] c:\windows\system32\drivers\bthenum.sys	[PX5: 67DA124780F37F2D4207001BE7C4FB00803D6E14]
[U] c:\windows\system32\drivers\bthusb.sys	[PX5: 44B073E300227E634AF300C25065D300C03386E0]
[U] c:\windows\system32\drivers\ccdcmbo.sys	[PX5: D4BA82BC00A0F298583800B84ECFBD00E0E8D2A4]
[U] c:\windows\system32\drivers\atv01nt5.dll	[PX5: A94A4696BFCAC54652B100A888619100994DDD6E]
[U] c:\windows\system32\drivers\hidir.sys	[PX5: 385910E500491C2A4B2500B2238855006E25FC7E]
[U] c:\windows\system32\drivers\atv04nt5.dll	[PX5: 3A7C21F37F7A525863F4009E8193B800B057BF4C]
[U] c:\windows\system32\msgsvc.dll	[PX5: 5E02C29800B6B931848C0041CB447100259D104B]
[U] c:\windows\msagent\agentpsh.dll	[PX5: 8176B90900FAAFC85EF900E8D2175300A3725A5E]
[U] c:\windows\system32\drivers\ipinip.sys	[PX5: 9655BFAF8030F62E513A00C352D24800CFB42084]
[U] c:\windows\system32\drivers\secdrv.sys	[PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C]
[U] c:\windows\system32\drivers\atinbtxx.sys	[PX5: 734A4454007FFA55E29F00FF52B7680047F5F3B1]
[U] c:\windows\system32\drivers\sonydcam.sys	[PX5: 7C98490200F27A6F636900C11EF4E300DD4774BE]
[U] c:\windows\system32\drivers\watv06nt.sys	[PX5: D04CA646FF640CF256F2007383ABD9003A191E15]
[U] c:\windows\system32\drivers\atinsnxx.sys	[PX5: B12DD4A0005F1C4B7090009378B5920090FEE997]
[U] c:\windows\system32\drivers\ati1ttxx.sys	[PX5: 9031E7695FDBA0F15365004FF9F694004110881D]
[U] c:\programme\outlook express\wabfind.dll	[PX5: 0442061800C19A9380580042741F6000B701FBE7]
[U] c:\windows\system32\drivers\rndismpx.sys	[PX5: 120F9F0E8086D832779500950845710052090A7D]
[U] c:\windows\system32\drivers\usbser.sys	[PX5: D16270FE00394187664D00DB9E478000E807D02B]
[U] c:\windows\system32\drivers\rndismp.sys	[PX5: 120F9F0E8086D8327795009508457100EA4A9887]
[U] c:\windows\system32\drivers\usbccgp.sys	[PX5: D222D7908042C86E7D3300BF92539B00369250E9]
[U] c:\windows\system32\mspmsnsv.dll	[PX5: F82E387E009585B66A440052C05A4E0090AF0C84]
[U] c:\windows\system32\drivers\ati1raxx.sys	[PX5: D7E83838CFFBCC21778E006C6ECA69008610B277]
[U] c:\windows\system32\drivers\usbcamd2.sys	[PX5: 2C68E76080C0840A6439007754862A00AB77FF15]
[U] c:\windows\system32\drivers\ati1snxx.sys	[PX5: B555A9DCFFB1FA6F666D00BC1653D600EE3B9E3F]
[U] c:\windows\system32\drivers\atinxbxx.sys	[PX5: D3D6841600E9C8A17C9D00EE54392C008BFD8C61]
[U] c:\windows\system32\drivers\ati1xbxx.sys	[PX5: 50BEFAA40FC66AE3731C0014DEE71F00327B8872]
[U] c:\windows\system32\docprop2.dll	[PX5: 8E82DE1F00AADC85BEE4005581292C00CECF402D]
[U] c:\windows\system32\wuaueng.dll.mui	[PX5: A939C756E0188A71460400808DAB9400F5F0CD2B]
[U] c:\program files\real\realplayer\ierjplug.dll	[PX5: CDFA890900A7B8DEB05A00892233CD007834141E]
[U] c:\windows\system32\drivers\mbam.sys	[PX5: F8A3B686F06C84414FE90001E9285400D57A4C2C]
[U] c:\windows\system32\drivers\ati1btxx.sys	[PX5: 9CA86B132F837EAADD9A003E210F24004C5E2C40]
[U] c:\windows\system32\clipsrv.exe	[PX5: AA6A22C300FC51CC827400A5E8550500B195D2BB]
[U] c:\windows\system32\drivers\ip6fw.sys	[PX5: 93047826004370A18F5A0004B987DC008A8F55C7]
[U] c:\windows\system32\drivers\bthmodem.sys	[PX5: C7B309490098C8E694F000B44D666B00097E910F]
[U] c:\windows\system32\drivers\sisagp.sys	[PX5: 67D98FA600CA352AA02400A357FF240007CD1A59]
[U] c:\windows\system32\drivers\k750mdm.sys	[PX5: 6B0CE06B10DE63295FD70178895A3000E9483DA3]
[U] c:\windows\system32\eapsvc.dll	[PX5: 55C4B6D70041A858842400698E9354000D94173B]
[U] c:\windows\system32\rshx32.dll	[PX5: 8B7909D5006C06E99ECF006D2B1208006987F845]
[U] c:\programme\microsoft office\office11\mlshext.dll	[PX5: C5F0198D80B4208C8130009CCA6500004C5E174F]
[U] c:\windows\system32\drivers\amdk6.sys	[PX5: D629DD7000980835A20200E8789C9F00FF9CB74E]
[U] c:\windows\system32\drivers\amdk7.sys	[PX5: 0601E31D804CB085A3E4003936D92B0047400BB9]
[U] c:\windows\system32\drivers\atmlane.sys	[PX5: 0680DC6000035655DA6F006BFFA72D00CBE1BD17]
[U] c:\windows\system32\drivers\nmnt.sys	[PX5: 4F6E51DE803D5E299DD30090E390240049FFAF2D]
[U] c:\windows\system32\drivers\arp1394.sys	[PX5: 7E81EB6A803135EBEDB20074BBAF54000B42EB7B]
[U] c:\windows\system32\drivers\rfcomm.sys	[PX5: 0E12D86100621870E7AC00D7154E22001793DABF]
[U] c:\windows\system32\drivers\k750bus.sys	[PX5: 6BFCEED2B0028BB6D7CF006A5C59DB000C722216]
[U] c:\windows\system32\drivers\p3.sys	[PX5: BBAD548C00B89633B7F100DD557C7000FCC8487D]
[U] c:\windows\system32\drivers\atinraxx.sys	[PX5: FEA5AA1600EC2AE1CC0900185C854A00422223CC]
[U] c:\programme\internet explorer\connection wizard\icwconn1.exe	[PX5: 095F1FE6001F453456AC035051E85C000746D66F]
[U] c:\windows\system32\icardie.dll	[PX5: 0BDFD59900EDAA7EEA9800829356CF001CD3BCF1]
[U] c:\windows\system32\drivers\k750obex.sys	[PX5: DCE30E8E8072B24736EE01D8D8566A00813BE051]
[U] c:\windows\system32\kmsvc.dll	[PX5: CFEAD4E800AE0D31F0AF0051E9ED7D00E7DF66B8]
[U] c:\windows\system32\mmcshext.dll	[PX5: 5948CFBE0081997CF09A00154A627D0075954BB2]
[U] c:\windows\system32\drivers\ati1xsxx.sys	[PX5: 725DA013AF89D09387CF00DFF7253B006BDDF179]
[U] c:\windows\system32\rasauto.dll	[PX5: 11EB74EB00C81E315A980140CAE22100E577557B]
[U] c:\windows\system32\mprdim.dll	[PX5: 9A6C9B7E00FD4834D0D2009663D73D00F21E858F]
[U] c:\windows\system32\drivers\viaagp.sys	[PX5: D6E79603001AC593A55800BA66876F00A4E86821]
[U] c:\windows\system32\drivers\atmarpc.sys	[PX5: C41A09F600246E0AEA81009B2DE4BF0010DB722C]
[U] c:\windows\system32\drivers\k750mgmt.sys	[PX5: 1AD5738240C556CE3F6601EA12298D002BFC5891]
[UP] c:\frndial\sxuninst.exe	[PX5: E972F3FCAF0690C3AE7900CBC9892B00DA00675B]
[U] c:\programme\alicehilfe\uninst_d.exe	[PX5: 7D164AD140419C2BD53800A2804843002F4AB9A5]
[U] c:\windows\system32\shscrap.dll	[PX5: 03DBCB6C003C209D6E710057E4BF38005981B31E]
[U] c:\windows\system32\drivers\processr.sys	[PX5: BB2A3C640003321C9C3A006C7B5F3B00A7B85A69]
[U] c:\programme\gemeinsame dateien\microsoft shared\office11\msoxev.dll	[PX5: AECA73E4603F0877B1F800B7D3275E006B704F35]
[U] c:\windows\system32\drivers\s3gnbm.sys	[PX5: 61E69E1D00FCADE18C3D02DB5DBD000075CEE0EF]
[U] c:\windows\system32\drivers\ati1tuxx.sys	[PX5: 6F56F7AF6FA57A868E0B00B0DBF03B006604A40C]
[U] c:\windows\system32\drivers\wdfldr.sys	[PX5: 609814E1E8C0784592C4006E5C43C0000C925145]
[U] c:\windows\system32\drivers\wpdusb.sys	[PX5: E04E67C68020394F960F004FBC02B000DC6FED3C]
[U] c:\windows\system32\sessmgr.exe	[PX5: 477E55D70018B69A304A02603F6C7D00EA5BF613]
[U] c:\windows\system32\msrating.dll.mui	[PX5: F4B625BC0016FDB2E03F00D35198AE0031FA8C73]
[U] c:\programme\java\jre6\bin\jp2ssv.dll	[PX5: 6A8571862001183AA504008DF8156600E8091E2C]
[U] c:\programme\openvpn\bin\openvpnserv.exe	[PX5: 5F9F7482003CCE058EBC000AE05C1500FEAD4454]
[U] c:\windows\system32\wmdmps.dll	[PX5: 6F96AB06004CDB19923B00F08B25BA002D92BA73]
[U] c:\windows\system32\smlogsvc.exe	[PX5: 0063828A000D248270C601BE77827C00A2194108]
[U] c:\windows\system32\locator.exe	[PX5: C098618900F74D3F26E60100761A4300F93DBBB2]
[U] c:\windows\system32\drivers\hsfbs2s2.sys	[PX5: AF892C8C80AD05195B84032B43A9B8008B0F4B6A]
[U] c:\programme\java\jre6\bin\wsdetect.dll	[PX5: 3636A2A420DD683AB7F501961ACAAB0089833EE8]
[U] c:\programme\quicktime\qtsystem\quicktimecheck.ocx	[PX5: 861E8A00301FEA61150902653012D6001CDCCBC3]
[U] c:\programme\java\jre6\bin\jp2iexp.dll	[PX5: C450FB0B205EFE69A705013DE13860000132AFCE]
[U] c:\programme\internet explorer\jsdebuggeride.dll	[PX5: 23C8A94B00CAB1CBDA3601D1A21F180044688094]
[U] c:\windows\system32\drivers\pxrts.sys	[PX5: 3292A303987DA0BD2BDF019B79D5390051CB999B]
[U] c:\programme\sweetim\messenger\mgmediaplayer.dll	[PX5: 4E40BBA230C0790741860144762E2700E089C154]
[U] c:\windows\system32\msxml3a.dll	[PX5: 3EE57A0E0011B273603E00398E1D6B008B4E272C]
[U] c:\programme\internet explorer\jsprofilercore.dll	[PX5: 2DADF8B600CB7446CE8C01A2A832480034E2E958]
[U] c:\windows\system32\pxsecure.dll	[PX5: D0708F7CC8F0DCDF18D9017F950711002B8F0CAE]
[U] c:\windows\system32\cryptext.dll	[PX5: 2D486C1500171D51D61500F532FE7C00678D22EB]
[U] c:\programme\java\jre6\bin\npjpi160_29.dll	[PX5: 9F991D9620127851277D021753348A005504FED0]
[U] c:\programme\microsoft office\office11\addrpars.dll	[PX5: 22602E5260FEB0E365FE018A28FE2C00923A2B3C]
[U] c:\windows\system32\msdtcuiu.dll	[PX5: A3F340F8006D7EAC78EE028F92F1AB001C5E2DCF]
[U] c:\windows\system32\drivers\atinrvxx.sys	[PX5: B2CFA5AF0036DB7A9A1C01285BA8AA00C6DEC091]
[U] c:\windows\system32\scardsvr.exe	[PX5: FC928F5F002A2A51864701B248357200E5086AFB]
[U] c:\windows\system32\setup\fxsocm.dll	[PX5: E54BD76600684BD5062702C24F2051006B249D71]
[U] c:\program files\real\realplayer\rcaplugins\rpshellextension.dll	[PX5: 318F9DD9009514F6E4A001C32BC3D5000D812B4D]
[U] c:\programme\pc connectivity solution\servicelayer.exe	[PX5: 0F2E7E6500C4858E6630093B8472B1004C033D3C]
[U] c:\windows\system32\msctf.dll	[PX5: 9D20B65B00A516738C610420E8ED5800461CFF33]
[U] c:\programme\avira\antivir desktop\ccupdw.dll	[PX5: 4F633040D0AA655F4A5203AAF83F0600917D4137]
[U] c:\programme\avira\antivir desktop\rctext.dll	[PX5: 7D4ECF91D087D3A480E3011E9EBFD10061876868]
[U] c:\programme\java\jre6\bin\awt.dll	[PX5: B1FB86530069CA1490F612ACB7ADFA007B216110]
[U] c:\programme\java\jre6\bin\client\jvm.dll	[PX5: F03ECAC00030A4BDB0C7299C5696020028F65FAD]
[U] c:\programme\java\jre6\bin\dcpr.dll	[PX5: A24874200077B1DC30D80284F61DE0007F8CA524]
[U] c:\programme\java\jre6\bin\deploy.dll	[PX5: E77137B2006B41443030012E8AD1E900132E945D]
[U] c:\programme\java\jre6\bin\fontmanager.dll	[PX5: 64C381D20039204BF015040CFAEF3E0032F243BD]
[U] c:\programme\java\jre6\bin\hpi.dll	[PX5: E7FAC31B00D3D1A842290071E8F0D1003CE4EAF5]
[U] c:\programme\java\jre6\bin\java.dll	[PX5: 01DD5733004F4257F0C4017DA0D9DA00A259D6EE]
[U] c:\programme\java\jre6\bin\javaw.exe	[PX5: B10A3179201AF98A379902B0B9B6EA006B7FC19A]
[U] c:\programme\java\jre6\bin\jp2native.dll	[PX5: CD86541C00D2BE6820DD00A71A56C700AD82CD2F]
[U] c:\programme\java\jre6\bin\jpeg.dll	[PX5: AF11DC8C005E013D503F02965066BD00C383ACF7]
[U] c:\programme\java\jre6\bin\net.dll	[PX5: B6EE0FC70079532E30FB010631A48E009A6BF979]
[U] c:\programme\java\jre6\bin\nio.dll	[PX5: DDBA1CEE00AD93854EE70089F1394500F4E6AE8F]
[U] c:\programme\java\jre6\bin\regutils.dll	[PX5: BFA64F2B002BC8B4409F042E96BAB800719A9CB5]
[U] c:\programme\java\jre6\bin\verify.dll	[PX5: AEBB505000A1E06E7CD6009BF72EBC00D9AD7FA7]
[U] c:\programme\java\jre6\bin\zip.dll	[PX5: 25E2A7ED00905AA1B64800CE76510A008008D534]
[U] c:\windows\system32\msimtf.dll	[PX5: 89BC7CA5006574716E050203B3100E00485C8BA5]
[U] c:\windows\system32\clbcatq.dll	[PX5: CF1F95BE004402F39C04073EB1C251003EA1BE05]
[U] c:\windows\system32\comres.dll	[PX5: 98DADC0600EB0B1EECB90C7CE8FD78003B24F2AC]
[U] c:\windows\system32\cscui.dll	[PX5: C45B2A420054D6DF1CE505FB897263007DF47C7A]
[U] c:\windows\system32\cscdll.dll	[PX5: B055F3B8004D4CE292C901E605CCB70009C8A5DF]
[U] c:\windows\system32\browseui.dll	[PX5: C773CBCA0000412DA44A0F9F1F568600A46B1A60]
[U] c:\windows\system32\ntshrui.dll	[PX5: F625A02F00C2B99B3A80022B6D036C00DA389D52]
[U] c:\windows\system32\atl.dll	[PX5: 794900AB00E373B2E67200EAE027E0002DD7EA09]
[U] c:\windows\system32\linkinfo.dll	[PX5: 539681F400FCDCEB4E6600F551963000F272EF09]
[U] c:\windows\system32\shdocvw.dll	[PX5: 6685A3F4008C4BAFE0D616AF3E9B7500E8BF51F3]
[U] c:\windows\system32\cryptui.dll	[PX5: 5CBB9AE4002726441AB6089E6BE11100E8A81786]
[U] c:\windows\system32\riched20.dll	[PX5: 4D7BE6290079D2DA9EAF06B0AF8C64007AF881A9]
[U] c:\windows\system32\xpsp2res.dll	[PX5: 8567541700904EB980392D6118710400AB65737C]
[U] c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll	[PX5: 2C7B457098732A52C59C05784358AC005D154724]
[U] c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.deu	[PX5: 1537A9940051193AC0740435448334000A7DF498]
[U] c:\programme\dell\quickset\dadkeyb.dll	[PX5: 64FED1770087D94E805301ACA3153E0059CD0189]
[U] c:\windows\system32\uigxnp.dll	[PX5: C5A5AD920061851C1EB100BBE3AAE400E5F502BA]
[U] c:\windows\system32\drprov.dll	[PX5: ECFB8E7F00FF7DB3380D00F1008EDD00B7BA4629]
[U] c:\windows\system32\ntlanman.dll	[PX5: 31A75778008AA2B7ACCF00C188BD500081D4B620]
[U] c:\windows\system32\netui0.dll	[PX5: AC7B8BD900170E0D405501B8EB643B00994E9ED1]
[U] c:\windows\system32\netui1.dll	[PX5: 51414B620008B511C00603D770750A0085F5E4AA]
[U] c:\windows\system32\netrap.dll	[PX5: 7BD47931004396CE2EEE00654B7F8500B8D88AD5]
[U] c:\windows\system32\davclnt.dll	[PX5: E78990D400F98A4F64DC00655BF9DD00D6D84DD5]
[U] c:\windows\system32\wpdshext.dll	[PX5: 260936F700D6CD55B83A276215529800C0FDB145]
[U] c:\windows\system32\winmm.dll	[PX5: 8B53F271005B9A1AB83E02C6E6BEAC0004F7F8DD]
[U] c:\windows\system32\portabledeviceapi.dll	[PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6]
[U] c:\windows\system32\shgina.dll	[PX5: AC4A7B6200677A350AE801640B36DA001516A570]
[U] c:\windows\system32\msgina.dll	[PX5: 5B6B1E6B0014E05B58060FEF3CD38900E70C5DDE]
[U] c:\windows\system32\odbc32.dll	[PX5: 28E52433007652DFD04403597D9C0B00DC59825C]
[U] c:\windows\system32\odbcint.dll	[PX5: 59E430A700DD1ACE905301F2FE4B8E00ADAFCBAA]
[U] c:\windows\system32\audiodev.dll	[PX5: 4BE217500087C5F13A360430E7958900806DA483]
[U] c:\windows\system32\wmvcore.dll	[PX5: 7EC854F3009BBB4894EE25EFEC0F62006830F0CA]
[U] c:\windows\system32\wmasf.dll	[PX5: 3D36799C0034542F6690031EC75D2100FDEBB35E]
[U] c:\windows\system32\wiashext.dll	[PX5: E71ECCFF0016D3870CE6094A5005CD00847A4A6D]
[U] c:\windows\system32\winlogon.exe	[PX5: AA387905009EAAB8D41307D21BFA85009C7E313C]
[U] c:\windows\system32\sti.dll	[PX5: 7C2516050056575F0CDD01BE167FE4000057E289]
[U] c:\windows\system32\cfgmgr32.dll	[PX5: 272F02CA00E3AFF442630050939AA3002C4BA733]


End of Prevx Scan Log - hxxp://www.prevx.com

Chris4You · 19.03.2012, 08:31

Hi,

DLADResN.SYS gehört zu sonic (da sind ja einige Treiber von drauf);
Prevx hat nichts gefunden, oder (Log kommt mir etwas kurz vor)?

Sehr viele Treiber werden nicht gefunden scheinen wohl generisch zu sein...

Solltest mal etwas aufräumen...

CCleaner:
Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html

Lass den MBR bei virustotal.com scannen:
C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat
und poste die Ergebnisse...

chris

TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg

Plagegeister aller Art und deren Bekämpfung: TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg