Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Befall mit MS Removal Tool

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.04.2011, 23:25   #1
Sowio
 
Befall mit MS Removal Tool - Icon24

Befall mit MS Removal Tool



Hallo miteinander,

ich hatte einen Befall mit dem MS Removal Tool.

Ich bin vorgegangen wie in Eurer Anleitung "MS Removal Tool entfernen" beschrieben.

Seitdem ist es anscheinend verschwunden, jedenfalls merke ich nichts mehr.

Möglicherweise ist mein PC aber wohl noch nicht sicher (Rootkits etc....).

Vielleicht könnte von den Profis noch mal jemand schauen?

Logs wie in Anleitung beschrieben anbei.

Ich bedanke mich recht herzlich im Voraus.
Angehängte Dateien
Dateityp: zip Logs.zip (20,1 KB, 81x aufgerufen)

Alt 15.04.2011, 11:58   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________

__________________

Alt 15.04.2011, 21:45   #3
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo cosinus,

vielen Dank für die Rückmeldung.

Ja, es gibt noch ein weiteres nach der Beseitigung.

Das habe ich noch angehängt.
__________________
Angehängte Dateien
Dateityp: txt mbam-log-2011-04-13 (00-02-04).txt (1,5 KB, 182x aufgerufen)

Alt 15.04.2011, 22:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.http: "	89.106.13.93"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.type: 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.11.02 20:05:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.05.31 15:17:24 | 000,000,118 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007.05.31 15:17:24 | 000,000,118 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.10.21 15:13:12 | 000,000,118 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2001.07.27 15:07:38 | 000,000,000 | -HS- | M] () - H:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 07:01:14 | 000,000,053 | -HS- | M] () - H:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{10f9d76c-2707-11db-aabe-0016ec967427}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{2a5711f6-1159-11dd-ac09-0016ec967427}\Shell\AutoRun\command - "" = .\TrueCrypt\TC_Loader.exe
O33 - MountPoints2\{4320ea5c-dc18-11de-ad41-0016ec967427}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{666282c4-d8a3-11db-ab32-0016ec967427}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{707f6805-73af-11de-ab24-806d6172696f}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{95cb9b05-6906-11de-b519-806d6172696f}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{ccf62c6b-223e-11df-a458-0016ec967427}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{ff3388fb-24b3-11db-bd62-0016ec967427}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\C\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Splash.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\L\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\O\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\P\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\S\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\W\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\X\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
[2011.04.12 23:20:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lDk20402pGfMe20402
[2011.04.14 23:00:00 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\B133E1F091F493A4.job
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2011, 22:31   #5
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo cosinus,

habe alles erledigt.



All processes killed
========== OTL ==========
Prefs.js: " 89.106.13.93" removed from network.proxy.http
Prefs.js: 80 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\autorun.inf moved successfully.
D:\autorun.inf moved successfully.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
H:\AUTOEXEC.BAT moved successfully.
H:\Autorun.inf moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10f9d76c-2707-11db-aabe-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10f9d76c-2707-11db-aabe-0016ec967427}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a5711f6-1159-11dd-ac09-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a5711f6-1159-11dd-ac09-0016ec967427}\ not found.
File .\TrueCrypt\TC_Loader.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4320ea5c-dc18-11de-ad41-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4320ea5c-dc18-11de-ad41-0016ec967427}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{666282c4-d8a3-11db-ab32-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{666282c4-d8a3-11db-ab32-0016ec967427}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{707f6805-73af-11de-ab24-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707f6805-73af-11de-ab24-806d6172696f}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95cb9b05-6906-11de-b519-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95cb9b05-6906-11de-b519-806d6172696f}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccf62c6b-223e-11df-a458-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccf62c6b-223e-11df-a458-0016ec967427}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ff3388fb-24b3-11db-bd62-0016ec967427}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ff3388fb-24b3-11db-bd62-0016ec967427}\ not found.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Splash.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\W\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\ deleted successfully.
File .\Encryption Tool\MaxtorEncryption.exe not found.
Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lDk20402pGfMe20402\ not found.
C:\WINDOWS\tasks\B133E1F091F493A4.job moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 30130 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HP_Besitzer
->Temp folder emptied: 7458901 bytes
->Temporary Internet Files folder emptied: 1169100 bytes
->Java cache emptied: 13794 bytes
->FireFox cache emptied: 162573434 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 82513 bytes
->Temporary Internet Files folder emptied: 682123 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1867776 bytes
%systemroot%\System32 .tmp files removed: 22637056 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 2250824 bytes

Total Files Cleaned = 190,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04152011_222120

Files\Folders moved on Reboot...
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Alt 15.04.2011, 22:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Befall mit MS Removal Tool

Alt 15.04.2011, 22:46   #7
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo, hab ich erledigt.

2011/04/15 22:42:52.0078 2300 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/15 22:42:52.0343 2300 ================================================================================
2011/04/15 22:42:52.0343 2300 SystemInfo:
2011/04/15 22:42:52.0343 2300
2011/04/15 22:42:52.0343 2300 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/15 22:42:52.0343 2300 Product type: Workstation
2011/04/15 22:42:52.0343 2300 ComputerName: NAME-CD5FDA878D
2011/04/15 22:42:52.0343 2300 UserName: HP_Besitzer
2011/04/15 22:42:52.0343 2300 Windows directory: C:\WINDOWS
2011/04/15 22:42:52.0343 2300 System windows directory: C:\WINDOWS
2011/04/15 22:42:52.0343 2300 Processor architecture: Intel x86
2011/04/15 22:42:52.0343 2300 Number of processors: 2
2011/04/15 22:42:52.0343 2300 Page size: 0x1000
2011/04/15 22:42:52.0343 2300 Boot type: Normal boot
2011/04/15 22:42:52.0343 2300 ================================================================================
2011/04/15 22:42:53.0140 2300 Initialize success
2011/04/15 22:42:56.0562 2084 ================================================================================
2011/04/15 22:42:56.0562 2084 Scan started
2011/04/15 22:42:56.0562 2084 Mode: Manual;
2011/04/15 22:42:56.0562 2084 ================================================================================
2011/04/15 22:43:00.0250 2084 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 22:43:00.0296 2084 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 22:43:00.0359 2084 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 22:43:00.0406 2084 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 22:43:00.0578 2084 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 22:43:00.0703 2084 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 22:43:00.0718 2084 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 22:43:00.0765 2084 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 22:43:00.0796 2084 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 22:43:00.0859 2084 AVerPola (5b7297abcea83c058ce1713849642804) C:\WINDOWS\system32\DRIVERS\AVerPola.sys
2011/04/15 22:43:00.0968 2084 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/15 22:43:01.0000 2084 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/15 22:43:01.0031 2084 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/15 22:43:01.0046 2084 AVPolCIR (ae130449d9562183ad1bcc070de93fbc) C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys
2011/04/15 22:43:01.0078 2084 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 22:43:01.0125 2084 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 22:43:01.0156 2084 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 22:43:01.0203 2084 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 22:43:01.0218 2084 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 22:43:01.0250 2084 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 22:43:01.0453 2084 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 22:43:01.0515 2084 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 22:43:01.0546 2084 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 22:43:01.0578 2084 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 22:43:01.0625 2084 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 22:43:01.0765 2084 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 22:43:01.0843 2084 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 22:43:01.0890 2084 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 22:43:01.0906 2084 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 22:43:01.0937 2084 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 22:43:01.0968 2084 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/15 22:43:02.0000 2084 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 22:43:02.0031 2084 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 22:43:02.0078 2084 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 22:43:02.0125 2084 HCWBT8XX (0ecfcbebbf5acbade184bde2dc16d9f9) C:\WINDOWS\system32\drivers\HCWBT8XX.sys
2011/04/15 22:43:02.0171 2084 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 22:43:02.0203 2084 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 22:43:02.0281 2084 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 22:43:02.0359 2084 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 22:43:02.0406 2084 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 22:43:02.0578 2084 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/15 22:43:02.0703 2084 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/15 22:43:02.0734 2084 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 22:43:02.0750 2084 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 22:43:02.0781 2084 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 22:43:02.0796 2084 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 22:43:02.0843 2084 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 22:43:02.0859 2084 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 22:43:02.0890 2084 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 22:43:02.0937 2084 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 22:43:03.0000 2084 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 22:43:03.0031 2084 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 22:43:03.0062 2084 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 22:43:03.0093 2084 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 22:43:03.0171 2084 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 22:43:03.0218 2084 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 22:43:03.0250 2084 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 22:43:03.0265 2084 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 22:43:03.0296 2084 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 22:43:03.0328 2084 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/15 22:43:03.0390 2084 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 22:43:03.0437 2084 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 22:43:03.0468 2084 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 22:43:03.0515 2084 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 22:43:03.0546 2084 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 22:43:03.0578 2084 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 22:43:03.0609 2084 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 22:43:03.0625 2084 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 22:43:03.0656 2084 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 22:43:03.0703 2084 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/04/15 22:43:03.0718 2084 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 22:43:03.0750 2084 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 22:43:03.0765 2084 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 22:43:03.0796 2084 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 22:43:03.0828 2084 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 22:43:03.0843 2084 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 22:43:03.0875 2084 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 22:43:03.0890 2084 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 22:43:03.0921 2084 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 22:43:03.0968 2084 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 22:43:04.0031 2084 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 22:43:04.0078 2084 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 22:43:04.0156 2084 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 22:43:04.0437 2084 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 22:43:04.0687 2084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 22:43:04.0703 2084 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 22:43:04.0750 2084 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 22:43:04.0796 2084 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 22:43:04.0828 2084 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 22:43:04.0859 2084 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 22:43:04.0953 2084 PCD5SRVC{8A863ACB-F5F6CC6A-05010003} (8e8a962565d46855f031ecbf23ace17a) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
2011/04/15 22:43:04.0984 2084 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 22:43:05.0031 2084 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 22:43:05.0078 2084 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 22:43:05.0265 2084 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2011/04/15 22:43:05.0328 2084 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 22:43:05.0359 2084 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/04/15 22:43:05.0375 2084 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 22:43:05.0406 2084 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 22:43:05.0437 2084 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/15 22:43:05.0578 2084 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 22:43:05.0609 2084 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 22:43:05.0640 2084 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 22:43:05.0656 2084 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 22:43:05.0703 2084 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 22:43:05.0718 2084 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 22:43:05.0765 2084 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 22:43:05.0843 2084 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 22:43:05.0906 2084 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/04/15 22:43:05.0953 2084 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/15 22:43:05.0968 2084 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/15 22:43:06.0031 2084 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/04/15 22:43:06.0093 2084 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 22:43:06.0125 2084 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 22:43:06.0171 2084 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 22:43:06.0187 2084 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 22:43:06.0265 2084 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 22:43:06.0296 2084 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/04/15 22:43:06.0359 2084 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 22:43:06.0421 2084 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/15 22:43:06.0421 2084 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/15 22:43:06.0437 2084 sptd - detected Locked file (1)
2011/04/15 22:43:06.0453 2084 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 22:43:06.0500 2084 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 22:43:06.0546 2084 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/15 22:43:06.0640 2084 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 22:43:06.0671 2084 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 22:43:06.0687 2084 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 22:43:06.0828 2084 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 22:43:06.0875 2084 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 22:43:06.0921 2084 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 22:43:06.0937 2084 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 22:43:06.0984 2084 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 22:43:07.0031 2084 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/04/15 22:43:07.0078 2084 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/04/15 22:43:07.0156 2084 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/04/15 22:43:07.0218 2084 TSMPacket (7c1367bff5587cf49c0ed2e664f6eac0) C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
2011/04/15 22:43:07.0265 2084 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 22:43:07.0328 2084 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 22:43:07.0390 2084 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 22:43:07.0421 2084 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 22:43:07.0453 2084 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 22:43:07.0484 2084 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/15 22:43:07.0515 2084 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 22:43:07.0546 2084 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 22:43:07.0562 2084 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 22:43:07.0625 2084 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/04/15 22:43:07.0656 2084 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 22:43:07.0718 2084 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/15 22:43:07.0734 2084 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 22:43:07.0796 2084 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 22:43:07.0859 2084 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 22:43:07.0968 2084 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/15 22:43:07.0984 2084 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 22:43:08.0031 2084 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/15 22:43:08.0062 2084 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/15 22:43:08.0234 2084 ================================================================================
2011/04/15 22:43:08.0234 2084 Scan finished
2011/04/15 22:43:08.0234 2084 ================================================================================
2011/04/15 22:43:08.0250 2076 Detected object count: 1
2011/04/15 22:43:42.0281 2076 Locked file(sptd) - User select action: Skip
2011/04/15 22:44:19.0406 2496 ================================================================================
2011/04/15 22:44:19.0406 2496 Scan started
2011/04/15 22:44:19.0406 2496 Mode: Manual;
2011/04/15 22:44:19.0406 2496 ================================================================================
2011/04/15 22:44:19.0906 2496 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/15 22:44:19.0937 2496 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/15 22:44:19.0984 2496 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/15 22:44:20.0031 2496 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/15 22:44:20.0187 2496 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/15 22:44:20.0312 2496 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/15 22:44:20.0343 2496 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/15 22:44:20.0390 2496 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/15 22:44:20.0421 2496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/15 22:44:20.0484 2496 AVerPola (5b7297abcea83c058ce1713849642804) C:\WINDOWS\system32\DRIVERS\AVerPola.sys
2011/04/15 22:44:20.0578 2496 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
2011/04/15 22:44:20.0625 2496 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/15 22:44:20.0656 2496 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/15 22:44:20.0687 2496 AVPolCIR (ae130449d9562183ad1bcc070de93fbc) C:\WINDOWS\system32\DRIVERS\AVPolCIR.sys
2011/04/15 22:44:20.0734 2496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/15 22:44:20.0781 2496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/15 22:44:20.0796 2496 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/15 22:44:20.0859 2496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/15 22:44:20.0875 2496 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/15 22:44:20.0921 2496 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/15 22:44:21.0109 2496 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/15 22:44:21.0156 2496 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/15 22:44:21.0187 2496 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/15 22:44:21.0218 2496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/15 22:44:21.0250 2496 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/15 22:44:21.0296 2496 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/15 22:44:21.0359 2496 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/15 22:44:21.0390 2496 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/15 22:44:21.0437 2496 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/15 22:44:21.0453 2496 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/15 22:44:21.0484 2496 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/15 22:44:21.0500 2496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/15 22:44:21.0531 2496 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/15 22:44:21.0562 2496 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/15 22:44:21.0671 2496 HCWBT8XX (0ecfcbebbf5acbade184bde2dc16d9f9) C:\WINDOWS\system32\drivers\HCWBT8XX.sys
2011/04/15 22:44:21.0703 2496 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/15 22:44:21.0734 2496 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/15 22:44:21.0812 2496 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/15 22:44:21.0890 2496 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/15 22:44:21.0921 2496 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/15 22:44:22.0093 2496 IntcAzAudAddService (64be56b8858ca0153c725c720ffd194f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/15 22:44:22.0140 2496 IntelIde (d63c33f65f6ebc732116403d88883b2d) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/15 22:44:22.0171 2496 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/15 22:44:22.0203 2496 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/15 22:44:22.0218 2496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/15 22:44:22.0250 2496 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/15 22:44:22.0281 2496 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/15 22:44:22.0296 2496 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/15 22:44:22.0328 2496 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/15 22:44:22.0343 2496 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/15 22:44:22.0375 2496 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/15 22:44:22.0406 2496 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/15 22:44:22.0437 2496 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/15 22:44:22.0500 2496 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/15 22:44:22.0593 2496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/15 22:44:22.0640 2496 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/15 22:44:22.0671 2496 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/15 22:44:22.0703 2496 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/15 22:44:22.0718 2496 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/15 22:44:22.0750 2496 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/04/15 22:44:22.0812 2496 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/15 22:44:22.0859 2496 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/15 22:44:22.0921 2496 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/15 22:44:22.0984 2496 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/15 22:44:23.0015 2496 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/15 22:44:23.0046 2496 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/15 22:44:23.0093 2496 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/15 22:44:23.0109 2496 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/15 22:44:23.0140 2496 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/15 22:44:23.0187 2496 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/04/15 22:44:23.0203 2496 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/15 22:44:23.0234 2496 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/15 22:44:23.0250 2496 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/15 22:44:23.0281 2496 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/15 22:44:23.0312 2496 Ndisuio (8d3ce6b579cde8d37acc690b67dc2106) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/15 22:44:23.0328 2496 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/15 22:44:23.0359 2496 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/15 22:44:23.0375 2496 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/15 22:44:23.0421 2496 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/15 22:44:23.0468 2496 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/15 22:44:23.0531 2496 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/15 22:44:23.0578 2496 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/15 22:44:23.0656 2496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/15 22:44:23.0953 2496 nv (b9b1bb146eb9a83dcf0f5635b09d3d43) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/15 22:44:24.0031 2496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/15 22:44:24.0062 2496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/15 22:44:24.0109 2496 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/15 22:44:24.0156 2496 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/15 22:44:24.0171 2496 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/15 22:44:24.0203 2496 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/15 22:44:24.0296 2496 PCD5SRVC{8A863ACB-F5F6CC6A-05010003} (8e8a962565d46855f031ecbf23ace17a) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
2011/04/15 22:44:24.0328 2496 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/15 22:44:24.0375 2496 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/15 22:44:24.0421 2496 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/15 22:44:24.0656 2496 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2011/04/15 22:44:24.0718 2496 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/15 22:44:24.0734 2496 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/04/15 22:44:24.0765 2496 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/15 22:44:24.0781 2496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/15 22:44:24.0812 2496 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/15 22:44:24.0968 2496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/15 22:44:25.0015 2496 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/15 22:44:25.0031 2496 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/15 22:44:25.0062 2496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/15 22:44:25.0093 2496 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/15 22:44:25.0125 2496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/15 22:44:25.0187 2496 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/15 22:44:25.0218 2496 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/15 22:44:25.0296 2496 Revoflt (8b5b8a11306190c6963d3473f052d3c8) C:\WINDOWS\system32\DRIVERS\revoflt.sys
2011/04/15 22:44:25.0343 2496 RTL8023xp (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/15 22:44:25.0375 2496 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/15 22:44:25.0421 2496 sbp2port (3e2c3b180872be4120f246d85560b734) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/04/15 22:44:25.0484 2496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/15 22:44:25.0515 2496 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/15 22:44:25.0546 2496 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/15 22:44:25.0593 2496 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/15 22:44:25.0656 2496 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/15 22:44:25.0687 2496 snapman (5052dbafc8f4e4507e6ad0d467dd3529) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/04/15 22:44:25.0750 2496 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/15 22:44:25.0812 2496 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2011/04/15 22:44:25.0812 2496 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/04/15 22:44:25.0828 2496 sptd - detected Locked file (1)
2011/04/15 22:44:25.0843 2496 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/15 22:44:25.0906 2496 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/15 22:44:26.0000 2496 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/15 22:44:26.0046 2496 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/15 22:44:26.0078 2496 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/15 22:44:26.0093 2496 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/15 22:44:26.0234 2496 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/15 22:44:26.0281 2496 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/15 22:44:26.0312 2496 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/15 22:44:26.0343 2496 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/15 22:44:26.0359 2496 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/15 22:44:26.0406 2496 tifsfilter (fd03a8ff9d4573246bd8e6d5371969e4) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/04/15 22:44:26.0453 2496 timounter (8061ee6fe61a27d6024da5e2d06a0418) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/04/15 22:44:26.0546 2496 truecrypt (1592a0c126cf28b6d22d16ffe15a8a0d) C:\WINDOWS\system32\drivers\truecrypt.sys
2011/04/15 22:44:26.0609 2496 TSMPacket (7c1367bff5587cf49c0ed2e664f6eac0) C:\WINDOWS\system32\DRIVERS\tsmpkt.sys
2011/04/15 22:44:26.0640 2496 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/15 22:44:26.0703 2496 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/15 22:44:26.0765 2496 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/15 22:44:26.0781 2496 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/15 22:44:26.0812 2496 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/15 22:44:26.0828 2496 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/04/15 22:44:26.0859 2496 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/15 22:44:26.0890 2496 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/15 22:44:26.0906 2496 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/15 22:44:26.0968 2496 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2011/04/15 22:44:27.0000 2496 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/15 22:44:27.0031 2496 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/15 22:44:27.0046 2496 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/15 22:44:27.0093 2496 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/15 22:44:27.0218 2496 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/15 22:44:27.0312 2496 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/15 22:44:28.0000 2496 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/15 22:44:28.0734 2496 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/15 22:44:28.0750 2496 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/15 22:44:29.0265 2496 ================================================================================
2011/04/15 22:44:29.0265 2496 Scan finished
2011/04/15 22:44:29.0265 2496 ================================================================================
2011/04/15 22:44:29.0296 2440 Detected object count: 1
2011/04/15 22:44:46.0859 2440 Locked file(sptd) - User select action: Skip

Alt 16.04.2011, 12:28   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.04.2011, 19:58   #9
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo cosinus,
habe ich auch erledigt.

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-15.06 - HP_Besitzer 16.04.2011  19:35:53.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.49.1031.18.1023.607 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85C20054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {860DDDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {86322DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {8652989C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {BADB0D00-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Outdated* {7C920732-0013-0000-180A-850000008500}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8054A945-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85BCADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85C9E86C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85CFFB7C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85DED44C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85F25414-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85F5CDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85F7B054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860EEDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860FD3F4-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86129054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8612A77C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8613D524-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86146784-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861494EC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86154A84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8615673C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8615A73C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8615D054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86162DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8616B8AC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8616C96C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8616D424-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8616F24C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86170054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86172054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86178B8C-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86178DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8617B52C-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86181DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86185B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8618E93C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8618EB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8619CBF4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8619FDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861A2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861A7DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861A885C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861AE2E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861B0A2C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861B68D4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861BEB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861BFDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861C880C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861CB054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861CC054-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861D2DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861D43B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861D4DB4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861DCDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861DF73C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861E1DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861E48AC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861E4A0C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861EE8AC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861EF4AC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861F0054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861F0914-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861F5054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861F6B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861FCB64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {861FF65C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86217DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8621B54C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8621E6EC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8621FDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8622B704-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8622C054-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86232DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8623360C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862392AC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8623E4A4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8623F684-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8623F6F4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862496EC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8624F53C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86253354-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86258484-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8625E9A4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86263A04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86265054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86269B5C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862715E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86272A8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8627DDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8627EAA4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86289054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8628A4C4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8628B31C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8629194C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8629F484-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862A093C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862A6B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862ABDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862ADB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862B2A9C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862B4BA4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862B580C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862BD80C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862C0634-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862C44DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862C5DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862D6614-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862D944C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862D9B8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862DBDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862DFB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862EDB84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862F280C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862F6DB4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862F9054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862FC9CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862FFB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863016B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86311154-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86315DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86317B64-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8631BB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86322304-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8632491C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86324BF4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86327DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86329704-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86329DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8632AB64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8632DB8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8632DB8C-FFA4-00E2-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8632F5BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8633253C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86335DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86339594-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8633B1A4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8633B52C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86343B8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863486E4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8634F714-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86354054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863568FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86358B8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8635F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86360A84-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8636CDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8636D614-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8636F054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86370B74-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86372DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8637B93C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8637EB64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86384DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86385BB4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86386344-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86388A24-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8638B054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8639152C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86394AA4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86394DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8639ADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8639E78C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863A0434-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863A34FC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863A7DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863AADDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863ACAEC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863AE9B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B4B44-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B8054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B8714-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863C069C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863C73DC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863CAA0C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863CB6BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D0864-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D393C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D478C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D5524-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D6DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D85B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863D96EC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863DBDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863DFCCC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863E03D4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863E1494-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863E88EC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863ECDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863ED054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86415B8C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8641AD04-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8642861C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86436554-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8644168C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8645B66C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86463DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8649130C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86496DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {864B7054-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8654D8B4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865576CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8655D944-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865623F4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86565994-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86573B64-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8657CA4C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8657E684-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8657FDA4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86580804-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86584914-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8658A93C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8658BA0C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86593DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659EDDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8659F5CC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865A2BA4-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865B37BC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865C9DDC-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {865D393C-FFA4-00CC-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {BADB0D00-FFA4-00CC-0D24-347CA8A3377C}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\EurekaLog
c:\windows\system32\config\systemprofile\WINDOWS
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-16 bis 2011-04-16  ))))))))))))))))))))))))))))))
.
.
2011-04-15 20:21 . 2011-04-15 20:21	--------	d-----w-	C:\_OTL
2011-04-12 21:20 . 2011-04-12 22:02	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\lDk20402pGfMe20402
2011-03-29 12:37 . 2011-03-29 12:37	--------	d-----w-	c:\windows\Sun
2011-03-28 21:44 . 2011-03-28 21:44	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Avira
2011-03-19 19:23 . 2011-04-07 17:33	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\AllDup
2011-03-19 19:23 . 2011-03-19 19:23	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\AllDup
2011-03-19 19:23 . 2009-12-29 16:00	1000992	----a-w-	c:\windows\system32\TList8.ocx
2011-03-19 19:23 . 2008-01-29 05:57	450560	----a-w-	c:\windows\system32\fldrvw90.ocx
2011-03-19 19:23 . 2010-08-20 19:53	86016	----a-w-	c:\windows\system32\mtSplitter.ocx
2011-03-19 19:23 . 2010-06-11 08:50	89888	----a-w-	c:\windows\system32\mtFrame.ocx
2011-03-19 19:23 . 2010-03-25 08:33	171752	----a-w-	c:\windows\system32\mtRTF2.ocx
2011-03-19 19:23 . 2009-10-29 09:34	2344880	----a-w-	c:\windows\system32\Codejock.CommandBars.v13.2.1.ocx
2011-03-19 19:23 . 2009-10-12 22:02	44736	----a-w-	c:\windows\system32\mtSubclass.dll
2011-03-19 19:23 . 2011-03-19 19:23	--------	d-----w-	c:\programme\AllDup
2011-03-18 23:48 . 2011-03-19 08:33	--------	d-----w-	c:\windows\SxsCaPendDel
2011-03-18 23:37 . 2011-03-18 23:37	--------	d-----w-	c:\dokumente und einstellungen\HP_Besitzer\Lokale Einstellungen\Anwendungsdaten\VS Revo Group
2011-03-18 23:37 . 2009-12-30 10:20	27064	----a-w-	c:\windows\system32\drivers\revoflt.sys
2011-03-18 23:37 . 2011-03-18 23:37	--------	d-----w-	c:\programme\VS Revo Group
2011-03-18 23:24 . 2011-04-16 17:33	--------	d-sh--w-	c:\dokumente und einstellungen\HP_Besitzer\UserData
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 17:43 . 2006-08-05 12:50	38400	----a-w-	c:\windows\system32\pcdhdm.cpl
2011-03-16 19:45 . 2011-03-13 19:39	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-03-20 08:53 . 2011-03-13 19:56	142296	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCDrSmartMonitor"="c:\programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2006-02-02 360448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\programme\NVIDIA Corporation\nView\nwiz.exe" [2010-08-25 1753192]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
c:\dokumente und einstellungen\Default User\Startmen\Programme\Autostart\
DSL-Manager.lnk - c:\programme\DSL-Manager\DslMgr.exe [N/A]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"FoFileAssociate"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\dokumente und einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2011-01-10 13:22	281768	----a-w-	c:\programme\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16	357696	----a-w-	c:\programme\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04	1164584	----a-w-	c:\programme\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2008-11-03 23:44	435096	----a-w-	c:\progra~1\GEMEIN~1\MICROS~1\DW\DWTRIG20.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreePDF Assistant]
2010-06-17 19:56	370176	----a-w-	c:\programme\FreePDF_XP\fpassist.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2005-08-18 17:49	307200	-c----w-	c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Eraser"=c:\programme\Eraser\eraser.exe -hide
"PhonostarAgent"=c:\programme\phonostar\ps_agent.exe
"PhonostarTimer"=c:\programme\phonostar\ps_timer.exe
"updateMgr"="c:\programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"NokiaOviSuite2"=c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RTHDCPL"=RTHDCPL.EXE
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RunDLL32.exe NvMCTray.dll,NvTaskbarInit
"Acronis Scheduler2 Service"="c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe"
"AcronisTimounterMonitor"=c:\programme\Acronis\TrueImageHome\TimounterMonitor.exe
"TrueImageMonitor.exe"=c:\programme\Acronis\TrueImageHome\TrueImageMonitor.exe
"GrooveMonitor"="c:\programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Recguard"=c:\windows\SMINST\RECGUARD.EXE
"OSSelectorReinstall"=c:\programme\Gemeinsame Dateien\Acronis\Acronis Disk Director\oss_reinstall.exe
"mxomssmenu"="c:\programme\Maxtor\OneTouch Status\maxmenumgr.exe"
"NokiaMServer"=c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Opera\\Opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.08.2006 00:05 691696]
R2 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 16:35 128296]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [13.03.2011 21:39 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [08.10.2010 20:14 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [08.10.2010 20:14 405504]
R2 WB11WatchDog;WISO Börse 2011 Watchdog;c:\programme\Buhl\WISO Börse 2011\bin\watchdog.exe [27.09.2010 09:38 629520]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\drivers\AVerPola.sys [11.06.2010 20:29 314752]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\drivers\AVPolCIR.sys [11.06.2010 20:29 32896]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8xx.sys [08.08.2006 19:49 465988]
R3 PCD5SRVC{8A863ACB-F5F6CC6A-05010003};PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [08.02.2006 10:38 21120]
R3 TSMPacket;DSL-Manager Service;c:\windows\system32\drivers\tsmpkt.sys [25.09.2010 13:13 13824]
S1 DatSecNT;DatSecNT; [x]
S1 SASKUTIL;SASKUTIL;\??\c:\programme\SUPERAntiSpyware\SASKUTIL.sys --> c:\programme\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 dsltestSp5;dsltestSp5 NDIS Protocol Driver;c:\windows\system32\Drivers\dsltestSp5.sys --> c:\windows\system32\Drivers\dsltestSp5.sys [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 06:00 14336]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [19.03.2011 01:37 27064]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [20.01.2007 11:24 223128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=DE_DE&c=63&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Block This Image (ABP) - c:\programme\Adblock Pro\blockimg.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\HP_Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\1fdqqkku.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.spiegel.de/|hxxp://forum.rollingstone.de/forumdisplay.php?f=50|hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-dimsntfy - (no file)
MSConfigStartUp-GetUsagev2 - c:\dokumente und einstellungen\HP_Besitzer\Desktop\getusage2xp.exe
MSConfigStartUp-GrooveMonitor - c:\programme\Microsoft Office\Office12\GrooveMonitor.exe
AddRemove-{23C3F5C0-566B-478B-AAB6-197ADAD0C945} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-04-16 19:43
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet009\Services\PCD5SRVC{8A863ACB-F5F6CC6A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-436612076-1081767568-4022919830-1008\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57473AFE-2DF8-4343-006E-1C3B1560CD34}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ€|ÿÿÿÿ•€|ù•6~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="8131FEED8ADE7770EA81CE007E7FAECCE424F058BA0BAC533658E52C7169C07760FDE1E9C20055A8017131834D18BD6E80FBEBD6FCD05392954FFE9CBEAADCD6139877EEEC9D55458A19B1571FB9EA8A3859C4F3C567695A4BE6CD2786A4DBF1702180FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DA9C6AECB7A5D1407375677568B63E0E7F24DF3B03D8110D6E4989672B4AF782D8193B197BAD230D2F873CBFB4BC53F7A69B2728990E864B7234A082D6A06F762F7B731AD10FEDB4AA159C2BD30CBF53B3010CFF0B6D1435610403D738C7A722E9A92E797FBAE15C4B913DDB3928EDBC696949ECBA107E529656D7993C62E21842BFAEC3303F937D2AAFDA4E8EEB90B6AD24377F467EA475BBF1A055664D8020ECF9DD8D34D0CE039C6CCA1DD638DE2A7FAF276B7BEF2A8CC21622FF3D84253A514FB4941A224F272BE03630835DD09370E4DB95507278E916E36459AB9CB1DDEE46A6035F415152CAC7C7B4DCC136081EAD1E404BF27BFF0F2599EED4265277B969144DF55C731C80AE6040B34AA1827D55422EB0D2249E559631282CD967FF55DEF9CE37B3574DAB64213111DB39D79F7F89929B95E7A21343FFD6260F8767954D318D6C06ED0AEF566C923D953A27EDBBD7ECE31356805F9AD418C1FBA20667B63E84726167DC06FFC4BF8644021F1F46F025F85936AA982424172D29F59533317C430CD62F443AE02BCBF5749D2C096B0DBD66AF99D5A0CE46779EBFBBB86433C64877E21F31BA2484A96724C361077F8C89F3900E11737D19FFC7ABA297D557386B2232FFD611FF5229198BE0FB33513089C6F4CDA928A175A49B4DAC769F630EB8E4B81D763DA0575B85429E5B7509D5DA1AC1D7035EE990DA2746D7FAD9C3C5AE6A81E8CA472C2FB885026035A2D8B0F7738C3D01AB1912F3D381A00E29B359C0292A06B59E4CFF070DBE7F88D1523EBDC78A6E890048A3EC3211AB6552E8A7E168339046A94A413556BB218F8327FBF817A3DEF9CFA64BB54753C5B07F282524C9CA9ADF6CA88A30F185D78F5178FE18B71965CF411D12A801F62E6AB6CB36F469DCA04CE301AEA681B54759336162791AFD26A85245C934FAB04962C800CAC16EF07627857CAB1225699AE15E9A96C2330269A6FF35E04B9CE296924F9CC6AC19CDDED2EB0E148F04C4086EFECB411400E5CB10426088D2FDB72A764878A074554E2895C967781FB27EF24CE6177795E8BD1B6CBC4DCC20F4E905871BA2E6C90693CE22442F9B25FB0E5F211CA038C660D76F681BCB53EB1C2CA49840C748004D1A5E55CD32B372CD9722248113F36349B510116E0BC9B61FCFA8B89D2ECB2F8286F440DCE21EC6535F8A4BA8165651B63"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(1424)
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\oodag.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-16  19:47:32 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-16 17:47
.
Vor Suchlauf: 11 Verzeichnis(se), 10.102.235.136 Bytes frei
Nach Suchlauf: 9.915.719.680 Bytes frei
.
Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=,1,2,3,4,5,6,7,8,9,10
- - End Of File - - FE907C138B352762156B13327AEA7FAC
         
--- --- ---

Alt 17.04.2011, 20:43   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.04.2011, 22:48   #11
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo Cosinus,
hier einmal das GMER Protokoll



GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-18 22:45:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD3000JS-60PDB0 rev.21.00M21
Running: xtbmh6xx.exe; Driver: C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys


---- System - GMER 1.0.15 ----

SSDT            F7C91256                                                                                                              ZwCreateKey
SSDT            F7C9124C                                                                                                              ZwCreateThread
SSDT            F7C9125B                                                                                                              ZwDeleteKey
SSDT            F7C91265                                                                                                              ZwDeleteValueKey
SSDT            spkg.sys                                                                                                              ZwEnumerateKey [0xF7381DA4]
SSDT            spkg.sys                                                                                                              ZwEnumerateValueKey [0xF7382132]
SSDT            F7C9126A                                                                                                              ZwLoadKey
SSDT            spkg.sys                                                                                                              ZwOpenKey [0xF73690C0]
SSDT            F7C91238                                                                                                              ZwOpenProcess
SSDT            F7C9123D                                                                                                              ZwOpenThread
SSDT            spkg.sys                                                                                                              ZwQueryKey [0xF738220A]
SSDT            spkg.sys                                                                                                              ZwQueryValueKey [0xF738208A]
SSDT            F7C91274                                                                                                              ZwReplaceKey
SSDT            F7C9126F                                                                                                              ZwRestoreKey
SSDT            F7C91260                                                                                                              ZwSetValueKey

INT 0x73        ?                                                                                                                     873D8BF8
INT 0x73        ?                                                                                                                     873D8BF8
INT 0x73        ?                                                                                                                     873D8BF8
INT 0x82        ?                                                                                                                     873D8BF8
INT 0x83        ?                                                                                                                     873D8BF8
INT 0x83        ?                                                                                                                     873D8BF8
INT 0xB4        ?                                                                                                                     870A9BF8
INT 0xB4        ?                                                                                                                     870A9BF8
INT 0xB4        ?                                                                                                                     870A9BF8
INT 0xB4        ?                                                                                                                     870A9BF8

---- Kernel code sections - GMER 1.0.15 ----

?               spkg.sys                                                                                                              Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                              section is writeable [0xF60F93A0, 0x5CC259, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                 F60DA62C 5 Bytes  JMP 870A91D8 
.text           adrqkzvc.SYS                                                                                                          F5F9B386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           adrqkzvc.SYS                                                                                                          F5F9B3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           adrqkzvc.SYS                                                                                                          F5F9B3C4 3 Bytes  [00, 80, 02]
.text           adrqkzvc.SYS                                                                                                          F5F9B3C9 1 Byte  [30]
.text           adrqkzvc.SYS                                                                                                          F5F9B3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                   

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                    [F736A042] spkg.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                            [F736A13E] spkg.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                   [F736A0C0] spkg.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                           [F736A800] spkg.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                   [F736A6D6] spkg.sys
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                    [F7379B90] spkg.sys
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfAcquireSpinLock]                                                  0C8D1C46
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_UCHAR]                                                    B48B8932
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KeGetCurrentIrql]                                                   89000001
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfRaiseIrql]                                                        0001C083
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfLowerIrql]                                                        24468B00
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!HalGetInterruptVector]                                              89820C8D
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!HalTranslateBusAddress]                                             D18BF84D
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KeStallExecutionProcessor]                                          860F1639
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!KfReleaseSpinLock]                                                  000000BD
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                            020CB389
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!READ_PORT_USHORT]                                                   83660000
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                           7400067E
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                   89D60320
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[WMILIB.SYS!WmiSystemControl]                                                8D168B00
IAT             \SystemRoot\System32\Drivers\adrqkzvc.SYS[WMILIB.SYS!WmiCompleteRequest]                                              F0003284

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                873D71F8
Device          \FileSystem\Fastfat \FatCdrom                                                                                         86CD5500
Device          \Driver\usbohci \Device\USBPDO-0                                                                                      871661F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                      871661F8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                      8709D1F8
Device          \Driver\PCI_PNP5502 \Device\00000049                                                                                  spkg.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                873681F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Ftdisk \Device\HarddiskVolume2                                                                                873681F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                                snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Cdrom \Device\CdRom0                                                                                          8714F1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T1L0-1d                                                                          873D81F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7                                                                           873D81F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                    873D81F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-15                                                                          873D81F8
Device          \Driver\Ftdisk \Device\HarddiskVolume3                                                                                873681F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                                snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Cdrom \Device\CdRom1                                                                                          8714F1F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                          8714F1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D2E109DD-DF7F-452A-A8B2-B2839DB0668E}                                              8712B1F8
Device          \Driver\Ftdisk \Device\HarddiskVolume4                                                                                873681F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume4                                                                                snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\Ftdisk \Device\HarddiskVolume5                                                                                873681F8

AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume5                                                                                snapman.sys (Acronis Snapshot API/Acronis)

Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                               8712B1F8
Device          \Driver\usbstor \Device\00000077                                                                                      86DBE500
Device          \Driver\sbp2port \Device\Sbp2Port0                                                                                    873661F8
Device          \Driver\usbstor \Device\00000079                                                                                      86DBE500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                      8712B1F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                      871661F8
Device          \Driver\usbstor \Device\0000007a                                                                                      86DBE500
Device          \Driver\sbp2port \Device\Sbp2\Maxtor&OneTouch&0&0010b902_1143a57e_Instance00                                          873661F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                      871661F8
Device          \Driver\sptd \Device\578995502                                                                                        spkg.sys
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                     870201F8
Device          \Driver\usbstor \Device\0000007b                                                                                      86DBE500
Device          \Driver\usbehci \Device\USBFDO-2                                                                                      8709D1F8
Device          \Driver\usbstor \Device\0000007c                                                                                      86DBE500
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                           870201F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                      873681F8
Device          \Driver\adrqkzvc \Device\Scsi\adrqkzvc1                                                                               8704E1F8
Device          \Driver\adrqkzvc \Device\Scsi\adrqkzvc1Port6Path0Target0Lun0                                                          8704E1F8
Device          \FileSystem\Fastfat \Fat                                                                                              86CD5500

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                              fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                                86B60500

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x1E 0x5D 0xD1 0x81 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x99 0x07 0x51 0x70 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x43 0x53 0x60 0x7F ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x67 0x87 0xE4 0x31 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xD2 0xB4 0xEF 0x98 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x99 0x07 0x51 0x70 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x2A 0xFA 0x33 0x6D ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x99 0x07 0x51 0x70 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0xA6 0x0A 0x34 0x51 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0x0A 0xB3 0x7A 0x8D ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                       C:\Programme\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                           0x49 0x80 0xDA 0xBE ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                    0xDA 0x04 0x62 0xB2 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew                    0xBC 0xEF 0xAE 0x01 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x99 0x07 0x51 0x70 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                    1066491580
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                    1405549899
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                    3
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                   0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                0xEA 0x43 0x3A 0x8C ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                   C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                   2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                0x3A 0xB8 0xFE 0xE2 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                          0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                       0x58 0x2D 0x7B 0x75 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                        
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                  0x14 0x70 0x39 0x36 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                      
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                   1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001                             
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                       0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                 0x99 0x07 0x51 0x70 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                       0
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                    0xEA 0x43 0x3A 0x8C ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Programme\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       2
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x3A 0xB8 0xFE 0xE2 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0x58 0x2D 0x7B 0x75 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)    
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0x14 0x70 0x39 0x36 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                  
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                       1
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                    0x23 0xD8 0x5A 0x43 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)         
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh                           0x5B 0xE0 0x86 0xE1 ...
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)   
Reg             HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh                     0x99 0x07 0x51 0x70 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                 
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION                                  8131FEED8ADE7770EA81CE007E7FAECCE424F058BA0BAC533658E52C7169C07760FDE1E9C20055A8017131834D18BD6E80FBEBD6FCD05392954FFE9CBEAADCD6139877EEEC9D55458A19B1571FB9EA8A3859C4F3C567695A4BE6CD2786A4DBF1702180FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB3452A6171C11EC38DE3DA9C6AECB7A5D1407375677568B63E0E7F24DF3B03D8110D6E4989672B4AF782D8193B197BAD230D2F873CBFB4BC53F7A69B2728990E864B7234A082D6A06F762F7B731AD10FEDB4AA159C2BD30CBF53B3010CFF0B6D1435610403D738C7A722E9A92E797FBAE15C4B913DDB3928EDBC696949ECBA107E529656D7993C62E21842BFAEC3303F937D2AAFDA4E8EEB90B6AD24377F467EA475BBF1A055664D8020ECF9DD8D34D0CE039C6CCA1DD638DE2A7FAF276B7BEF2A8CC21622FF3D84253A514FB4941A224F272BE03630835DD09370E4DB95507278E916E36459AB9CB1DDEE46A6035F415152CAC7C7B4DCC136081EAD1E404BF27BFF0F2599EED4265277B969144DF55C731C80AE6040B34AA1827D55422EB0D2249E559631282CD967FF55DEF9CE37B3574DAB64213111DB39D79F7F89929B95E7A21343FFD6260F8767954D318D6C06ED0AEF566C923D953A27EDBBD7ECE3
Reg             HKLM\SOFTWARE\Classes\Interface\[1B56252A-1BB6-4970-B0FB-31B24AA9C1D0}@                                               ILicHelper
Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{57473AFE-2DF8-4343-006E-1C3B1560CD34}       

---- EOF - GMER 1.0.15 ----
         
--- --- ---

Alt 18.04.2011, 22:52   #12
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Dann haben wir OSAM

OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:01:02 on 17.04.2011

OS: Windows XP Professional Service Pack 2 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "O&O Software GmbH" - C:\WINDOWS\system32\OODBS.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BDEADMIN.CPL" - ? - C:\WINDOWS\system32\BDEADMIN.CPL
"cttune.cpl" - ? - C:\WINDOWS\system32\cttune.cpl
"Ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\Ddbaccpl.cpl
"ddBACCTM.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddBACCTM.cpl
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\WINDOWS\system32\DivXControlPanelApplet.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"pcdhdm.cpl" - ? - C:\WINDOWS\system32\pcdhdm.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal - Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir Personal – Free Antivirus " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic " - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl
"Avira AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a8e8xgzf" (a8e8xgzf) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\a8e8xgzf.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\WINDOWS\System32\DRIVERS\snapman.sys
"Acronis True Image Backup Archive Explorer" (timounter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\timntr.sys
"Acronis True Image FS Filter" (tifsfilter) - "Acronis" - C:\WINDOWS\System32\DRIVERS\tifsfilt.sys
"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DatSecNT" (DatSecNT) - ? - C:\WINDOWS\system32\drivers\DatSecNT.sys  (File not found)
"DSL-Manager Service" (TSMPacket) - "T-Systems" - C:\WINDOWS\System32\DRIVERS\tsmpkt.sys
"dsltestSp5 NDIS Protocol Driver" (dsltestSp5) - ? - C:\WINDOWS\System32\Drivers\dsltestSp5.sys  (File not found)
"Hauppauge WinTV 848/9 WDM Video Driver" (HCWBT8XX) - "Hauppauge Computer Works" - C:\WINDOWS\System32\drivers\HCWBT8XX.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"kxtcifob" (kxtcifob) - ? - C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys  (Hidden registry entry, rootkit activity | File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Padus ASPI Shell" (pfc) - "Padus, Inc." - C:\WINDOWS\System32\drivers\pfc.sys
"PCD5SRVC{8A863ACB-F5F6CC6A-05010003} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{8A863ACB-F5F6CC6A-05010003}) - "PC-Doctor, Inc." - C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Revoflt" (Revoflt) - "VS Revo Group" - C:\WINDOWS\System32\DRIVERS\revoflt.sys
"SASKUTIL" (SASKUTIL) - ? - C:\Programme\SUPERAntiSpyware\SASKUTIL.sys  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\WINDOWS\System32\drivers\truecrypt.sys
"vaxscsi" (vaxscsi) - "Alcohol Soft Co., Ltd." - C:\WINDOWS\System32\Drivers\vaxscsi.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{32020A01-506E-484D-A2A8-BE3CF17601C3} "AlcoholShellEx" - ? -   (File not found | COM-object registry key not found)
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\WINDOWS\system32\erasext.dll
{693BE9C0-BEC3-11D2-B4C1-C33BBD3AD64B} "Fast Explorer Shell Extension" - "Alex Yakovlev" - C:\DOKUME~1\ALLUSE~1\ANWEND~1\AllDup\FEShlExt.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{E6AE80F1-1D7E-11d1-931A-00C0F01AA56D} "Kremlin Shell Extension" - ? - C:\Programme\Mach5 Software\Kremlin\KremShl.dll  (File found, but it contains no detailed information)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nvshell.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} "RUShellExt Class" - "VS Revo Group" - C:\Programme\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "ShellViewRTF" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - ? -   (File not found | COM-object registry key not found)
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software GmbH" - C:\WINDOWS\system32\uxtuneup.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Yahoo! Toolbar" - ? -   (File not found | COM-object registry key not found)
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "{00000000-5736-4205-0008-F7ED0776FB27}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} "Java Plug-in 1.6.0_16" - ? - C:\Programme\Java\jre6\bin\npjpi160_16.dll  (File not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{6E718D87-6909-4FCE-92D4-EDCB2F725727} "Navigram Control" - "Navigram" - C:\Programme\Navigram\NavigramEngine\navigram.ocx / hxxp://www.navigram.com/engine/v1025/Navigram.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} "{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}" - ? -   (File not found | COM-object registry key not found) / hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / 
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Hilfe zu Verbindungen" - ? - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\HP_Besitzer\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - C:\Programme\NVIDIA Corporation\nView\nwiz.exe /installquiet
"PCDrSmartMonitor" - ? - "C:\Programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\HpTcpMon.dll
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"AAV UpdateService" (AAV UpdateService) - ? - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"AVerRemote" (AVerRemote) - "AVerMedia" - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
"AVerScheduleService" (AVerScheduleService) - ? - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Personal – Free Antivirus Planer" (AntiVirScheduler) - ? - "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"  (File not found)
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - ? - C:\Programme\NOS\bin\getPlus_Helper_3004.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (NVSvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"O&O Defrag" (O&O Defrag) - "O&O Software GmbH" - C:\WINDOWS\system32\oodag.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software GmbH" - C:\WINDOWS\System32\uxtuneup.dll
"WISO Börse 2011 Watchdog" (WB11WatchDog) - "market maker Software AG" - C:\Programme\Buhl\WISO Börse 2011\bin\watchdog.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - ? - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 18.04.2011, 22:54   #13
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Und MBR

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00003efc

Kernel Drivers (total 133):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xF7A5C000 \WINDOWS\system32\KDCOM.DLL
0xF796C000 \WINDOWS\system32\BOOTVID.dll
0xF7368000 spkg.sys
0xF7A5E000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF7350000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7321000 ACPI.sys
0xF7310000 pci.sys
0xF755C000 isapnp.sys
0xF756C000 ohci1394.sys
0xF757C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B24000 pciide.sys
0xF77DC000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A60000 viaide.sys
0xF7A62000 intelide.sys
0xF758C000 MountMgr.sys
0xF72F1000 ftdisk.sys
0xF77E4000 PartMgr.sys
0xF759C000 VolSnap.sys
0xF72D9000 atapi.sys
0xF75AC000 disk.sys
0xF75BC000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72B9000 fltMgr.sys
0xF72A7000 sr.sys
0xF75CC000 PxHelp20.sys
0xF7290000 KSecDD.sys
0xF7203000 Ntfs.sys
0xF71D6000 NDIS.sys
0xF7177000 timntr.sys
0xF715E000 snapman.sys
0xF75DC000 sbp2port.sys
0xF7143000 Mup.sys
0xF767C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF60F9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF60E5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF790C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF60C2000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7914000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF768C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF70E3000 \SystemRoot\system32\drivers\pfc.sys
0xF769C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76AC000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF609F000 \SystemRoot\system32\DRIVERS\ks.sys
0xF607A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6066000 \SystemRoot\system32\DRIVERS\parport.sys
0xF76BC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF791C000 \SystemRoot\system32\DRIVERS\PS2.sys
0xF7924000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF792C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF5FE8000 \SystemRoot\system32\drivers\HCWBT8XX.sys
0xF76CC000 \SystemRoot\system32\drivers\STREAM.SYS
0xF5FD4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF76EC000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF5F9B000 \SystemRoot\System32\Drivers\adrqkzvc.SYS
0xF7BCB000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF70CB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5F84000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF770C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF771C000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF785C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5F73000 \SystemRoot\system32\DRIVERS\psched.sys
0xF772C000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7864000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF786C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF774C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A86000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5DDE000 \SystemRoot\system32\DRIVERS\update.sys
0xF70BB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF70B7000 \SystemRoot\system32\DRIVERS\tsmpkt.sys
0xF775C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF777C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A90000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF3102000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF30E0000 \SystemRoot\system32\drivers\portcls.sys
0xF3766000 \SystemRoot\system32\drivers\drmk.sys
0xF7A98000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C70000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78F4000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF78FC000 \SystemRoot\System32\drivers\vga.sys
0xF7A9E000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7904000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7934000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF5F57000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF3085000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF302D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF3005000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF2FBC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF2F9A000 \SystemRoot\System32\drivers\afd.sys
0xF3756000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF3746000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF2F65000 \SystemRoot\System32\drivers\truecrypt.sys
0xF3736000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF793C000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF2F3A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2ECB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF3726000 \SystemRoot\System32\Drivers\Fips.SYS
0xF2EA5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7AA8000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7954000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF795C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF2E5A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2DE5000 \SystemRoot\system32\DRIVERS\AVerPola.sys
0xF5F5B000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0xF3625000 \SystemRoot\system32\DRIVERS\AVPolCIR.sys
0xF3615000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF3605000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF2E7D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF2D7D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7ADE000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF2DE1000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7884000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B55000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB7F31000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF36AD000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xB7F56000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB7C5D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB7C20000 \SystemRoot\system32\drivers\wdmaud.sys
0xF3585000 \SystemRoot\system32\drivers\sysaudio.sys
0xB78D3000 \SystemRoot\system32\DRIVERS\srv.sys
0xF36B5000 \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms
0xB6E4C000 \??\C:\DOKUME~1\HP_BES~1\LOKALE~1\Temp\kxtcifob.sys
0xB6DE1000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 37):
0 System Idle Process
4 System
860 C:\WINDOWS\system32\smss.exe
1064 csrss.exe
1092 C:\WINDOWS\system32\winlogon.exe
1136 C:\WINDOWS\system32\services.exe
1148 C:\WINDOWS\system32\lsass.exe
1348 C:\WINDOWS\system32\nvsvc32.exe
1380 C:\WINDOWS\system32\svchost.exe
1428 svchost.exe
1528 C:\WINDOWS\system32\svchost.exe
1612 svchost.exe
1764 svchost.exe
2024 C:\WINDOWS\system32\spoolsv.exe
352 C:\Programme\Avira\AntiVir Desktop\sched.exe
364 C:\WINDOWS\explorer.exe
696 C:\WINDOWS\system32\rundll32.exe
752 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
776 C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
788 C:\WINDOWS\system32\ctfmon.exe
832 C:\Programme\PC-Doctor 5 for Windows\PcdSmartMonitor.exe
1372 C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
1468 C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
1484 C:\Programme\Avira\AntiVir Desktop\avguard.exe
1504 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
1520 C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
1740 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
1752 C:\Programme\Java\jre6\bin\jqs.exe
1824 C:\WINDOWS\system32\oodag.exe
1940 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
2044 C:\WINDOWS\system32\svchost.exe
2088 C:\Programme\Buhl\WISO Börse 2011\bin\watchdog.exe
2388 C:\Programme\Gemeinsame Dateien\AVerMedia\AVerQuick\AVerHIDReceiver.exe
3296 alg.exe
3020 C:\Programme\Mozilla Firefox\firefox.exe
3532 C:\Programme\Mozilla Firefox\plugin-container.exe
1056 C:\Dokumente und Einstellungen\HP_Besitzer\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`0d284e00 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000005`895b1600 (FAT32)
\\.\L: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3000JS-60PDB0, Rev: 21.00M21
PhysicalDrive1 Model Number: MaxtorOneTouch, Rev: 0121

Size Device Name MBR Status
--------------------------------------------
279 GB \\.\PhysicalDrive0 Legit MBR code detected
SHA1: E68294B13179B1693F581515E9DF034C786D5AEE
931 GB \\.\PhysicalDrive1

Alt 18.04.2011, 22:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.04.2011, 21:27   #15
Sowio
 
Befall mit MS Removal Tool - Standard

Befall mit MS Removal Tool



Hallo Cosinus,
anbei die Vollscans.

MFG

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/25/2011 at 09:20 PM

Application Version : 4.51.1000

Core Rules Database Version : 6917
Trace Rules Database Version: 4729

Scan type : Complete Scan
Total Scan Time : 00:55:36

Memory items scanned : 478
Memory threats detected : 0
Registry items scanned : 7421
Registry threats detected : 0
File items scanned : 63776
File threats detected : 1

Trojan.Agent/Gen-UsrMgr
C:\SYSTEM VOLUME INFORMATION\_RESTORE{2005CC72-E1D4-412C-8599-FDC32E05059E}\RP1044\A0539947.EXE


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6399

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

19.04.2011 22:30:38
mbam-log-2011-04-19 (22-30-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 201455
Laufzeit: 30 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Antwort

Themen zu Befall mit MS Removal Tool
ander, anleitung, befall, leitung, miteinander, ms removal tool, nicht sicher, profis, removal, rootkits, schei, tool



Ähnliche Themen: Befall mit MS Removal Tool


  1. MS removal Tool vollständig entfernen
    Log-Analyse und Auswertung - 21.07.2011 (72)
  2. erst ms removal tool und nun sheur3
    Log-Analyse und Auswertung - 23.06.2011 (22)
  3. Ms Removal tool
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (1)
  4. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  5. MS Removal Tool - dwn.exe + csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (11)
  6. MS Removal Tool auf Vista
    Log-Analyse und Auswertung - 17.04.2011 (19)
  7. Trojaner, Viren und MS Removal Tool etc.
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2011 (8)
  8. MS Removal Tool wehrt sich -.-
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  9. MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (23)
  10. MS Removal Tool entfernen
    Anleitungen, FAQs & Links - 27.03.2011 (2)
  11. BitDefender-Stuxnet-Removal-Tool.exe
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (15)
  12. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  13. boot - removal tool
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (4)
  14. Removal Tool zum Entfernen des 1&1 Trojaners ist da!
    Plagegeister aller Art und deren Bekämpfung - 13.01.2007 (1)

Zum Thema Befall mit MS Removal Tool - Hallo miteinander, ich hatte einen Befall mit dem MS Removal Tool. Ich bin vorgegangen wie in Eurer Anleitung "MS Removal Tool entfernen" beschrieben. Seitdem ist es anscheinend verschwunden, jedenfalls merke - Befall mit MS Removal Tool...
Archiv
Du betrachtest: Befall mit MS Removal Tool auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.