Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word.. (https://www.trojaner-board.de/110737-probleme-laptop-verseuchter-link-trojaner-remote-control-abstuerze-firefox-dlls-word.html)

Picard 02.03.2012 11:00
Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control?, Abstürze von Firefox, dlls, Word..
 
Hallo allerseits,

seit einigen Tagen habe ich Probleme mit meinem Laptop. Evtl. bin ich einem "verseuchten" Link auf einer Website gefolgt und so furchte ich, dass mein Laptop ausspioniert wird. Firefox stürzt häufig ab und allokiert auf der Google-Startseite 100 MB RAM oder irgendwelche *.dlls können gelegentlich nicht ausgeführt werden (Kasten Windowsfehlermeldung). Word hängt sich manchmal auf. Es kam auch einmal vor, dass sich plötzlich ein Ordner vom Desktop öffnete. Remote control? Manchmal hängt plötzlich alles und ich muss neu starten.

Habe immer Antivir aktiviert und auch alles scannen lassen, ebenso durch Emisoft Anti-Maleware und Spybot. Ergebnis: Nichts gefunden. Habe auch defragmentiert und alle eigenen Dateien extern gespeichert. Bin ziemlich ordentlich mit dem System und kenne mich selbst relativ gut aus. Da sind keine Dateien von mir einfach gelöscht oder in der Registry rumeditiert worden. Das ist alles sauber und ordentlich von meiner Seite geführt.

Die Logfiles habe ich alle erstellt. Darüber hinaus netstat -a durchgeführt und einen screenshot (JPG) gemacht. Ist alles anbei im ZIP-File enthalten.

Die dds.txt poste ich, wie gewünscht, hier:



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31
Run by Jean-Luc Picard at 13:17:19 on 2012-03-01
.
============== Running Processes ===============
.
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Time-Sync\TimeSyncServiceClient.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Programme\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\extern\Trojaner\dds.com
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\programme\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [mount.exe] c:\programme\gipo@utilities\fileutilities.3\mount.exe /z
mRun: [SoundMAXPnP] c:\programme\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\programme\analog devices\soundmax\Smax4.exe /tray
mRun: [PTHOSTTR] c:\programme\hpq\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [hpWirelessAssistant] c:\programme\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\programme\hpq\default settings\cpqset.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [WatchDog] c:\programme\intervideo\dvd check\DVDCheck.exe
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [FreePDF Assistant] c:\programme\freepdf_xp\fpassist.exe
mRun: [NeroCheck] c:\windows\system32\NeroCheck.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ISUSPM Startup] c:\progra~1\gemein~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\programme\gemeinsame dateien\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [emsisoft anti-malware] "c:\programme\emsisoft anti-malware\a2guard.exe" /d=60
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{B56D021A-DEE0-4FE8-9CA4-3E46F03C8CD5} : DhcpNameServer = 192.168.178.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\jean-luc picard\anwendungsdaten\mozilla\firefox\profiles\2j7a7nom.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\programme\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\programme\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\programme\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R? GTIPCI21;GTIPCI21
R? SkypeUpdate;Skype Updater
R? vsdatant;vsdatant
S? a2acc;a2acc
S? a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service
S? A2DDA;A2 Direct Disk Access Support Driver
S? a2injectiondriver;a2injectiondriver
S? a2util;a-squared Malware-IDS utility driver
S? AntiVirSchedulerService;Avira Planer
S? AntiVirService;Avira Echtzeit Scanner
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? ServiceTimeSyncClient;Time-Sync Client
.
=============== Created Last 30 ================
.
2012-02-28 18:26:41 -------- d-----w- c:\programme\Emsisoft Anti-Malware
2012-02-22 13:21:34 -------- d-----r- c:\programme\Skype
2012-02-21 07:44:11 -------- d-----w- c:\windows\system32\XPSViewer
2012-02-21 07:43:47 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-21 07:43:37 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-21 07:43:37 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-21 07:43:37 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-21 07:43:37 575488 ------w- c:\windows\system32\xpsshhdr.dll
2012-02-21 07:43:37 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-21 07:43:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2012-02-21 07:43:37 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2012-02-21 07:43:37 117760 ------w- c:\windows\system32\prntvpt.dll
2012-02-21 07:43:37 -------- d-----w- C:\ccb551ccd1f98f9c15573c8f21
2012-02-20 16:08:09 -------- d-----w- c:\programme\GiPo@Utilities
2012-02-20 16:08:09 -------- d-----w- c:\programme\gemeinsame dateien\Gibinsoft Shared
2012-02-20 15:49:35 -------- d-----w- c:\dokumente und einstellungen\jean-luc picard\anwendungsdaten\QuickStoresToolbar
2012-02-20 15:45:29 -------- d-----w- c:\programme\Unlocker
2012-02-16 13:38:43 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-16 13:38:43 476904 ----a-w- c:\programme\mozilla firefox\plugins\npdeployJava1.dll
2012-02-15 08:07:11 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-15 08:07:11 3072 ------w- c:\windows\system32\dllcache\iacenc.dll
2012-02-07 14:35:14 -------- d-----w- c:\dokumente und einstellungen\jean-luc picard\.spss
2012-02-07 14:35:02 -------- d-----w- c:\dokumente und einstellungen\jean-luc picard\lokale einstellungen\anwendungsdaten\IBM
2012-02-07 14:34:56 -------- d-----w- c:\dokumente und einstellungen\jean-luc picard\lokale einstellungen\anwendungsdaten\javasharedresources
2012-02-07 13:55:37 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\SafeNet Sentinel
2012-02-07 13:55:08 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\SPSS
2012-02-07 13:53:07 -------- d-----w- c:\programme\gemeinsame dateien\IBM
2012-02-07 13:50:55 -------- d-----w- c:\programme\IBM
2012-02-07 13:50:42 205 ----a-w- c:\windows\system32\lsprst7.dll
2012-02-07 13:50:42 1025 ----a-w- c:\windows\system32\sysprs7.dll
2012-02-07 09:02:56 -------- d-----w- c:\programme\uTorrent
2012-02-07 09:02:03 -------- d-----w- c:\dokumente und einstellungen\jean-luc picard\anwendungsdaten\uTorrent
.
==================== Find3M ====================
.
2012-02-29 21:34:48 59 ----a-w- c:\windows\wpd99.drv
2012-02-19 12:19:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 13:38:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-12 17:20:28 1860096 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:43:23 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:43:23 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:43:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:19:06,55 ===============



Könnt Ihr bitte ausschließen, dass mein System infiziert ist oder ausspioniert oder fern gesteuert wird? Ich wäre Euch sehr dankbar!

Für weitere Fragen oder die Erstellung von Logfiles oder Systemmodifikationen stehe ich Euch selbstverständlich zur Verfügung. Ich bitte nur um Eure Hilfe! Herzlichen Dank!

Herzliche Grüße
Picard

cosinus 02.03.2012 14:33
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Picard 03.03.2012 12:08
Hallo Cosinus aka Arne,

Danke erstmal für Deine promte Antwort und Deine wertvollen Hinweise.

Habe mir sofort Malwarebytes Anti-Malware installiert und manuell (!) aktualisiert und den Vollscan gestartet. Allerdings trat hier - wie bei Antivir auch - das Problem auf, dass das Programm plötzlich irgendwo hängen blieb. Nach zwei Vollscan-Versuchen von einmal 8 und einmal 4 Stunden Dauer waren jeweils zwei infizierte Objekte entdeckt worden, doch leider war der Prozess noch nicht abgeschlossen. Da es mir schien, dass er auch nicht mehr weiterarbeitete, klickte ich testweise auf "Prozess pausieren". Daraufhin bekam ich "keine Rückmeldung" und ein Schließen des Programms war auch nicht mehr möglich. So musste ich den Computer neu starten und entdecken, dass noch keine Logfiles angelegt waren. Offenbar war der Prozess noch nicht abgeschlossen. Das war nun zwei Mal bei unterschiedlichen Dateien der Fall.

Bei Antivir war das davor auch bei wiederrum völlig anderen Dateien der Fall. Da es sich um m.E. zwei unwichtige Dateien handelte (eine z.B. im Benutzerordner "Temp") löschte ich sie nach dem Neustart einfach und wiederholte den Antivir-Scan. Dieser lief dann bis zum Ende ohne Probleme durch und erbrachte auch keine infizierten Objekte.
Dasselbe Problem habe ich jetzt mit Anti-Malware, doch die Dateien erscheinen mir nicht derart unwichtig zu sein. Den Scan werde ich heute Nacht nochmal versuchen durchzuführen. Könnte mir noch vorstellen, dass es daran liegt, dass Antivir und Emisoft Anti-Malware nicht beendet waren und im Hintergrund weiter beobachteten. Auch die Netzwerkverbindung zum Router bestand. Aber eigentlich waren es keine Dateien, die offensichtlich für diese Prozesse relevant gewesen wären.

Wenn Du hierzu noch Hinweise hast, so würde es mich freuen, sie zu erfahren. Ansonsten poste ich nochmal das Ergebnis des nächsten Versuchs. Ich bin also am Ball. Danke für Deine fachmännische und schnelle Hilfe!!

Herzliche Grüße
Picard

cosinus 05.03.2012 12:08
Probier die Scans im abgesicherten Modus mit Netzwerktreibern mal aus

Picard 06.03.2012 04:39
Hallo Cosinus aka Arne,

nach mehreren Versuchen und nachdem ich jetzt während der Scans sämtliche Hintergrundscanns und die NETZWERKVERBINDUNG beendet habe, ist es mir endlich gelungen beide Scans im normalen Modus durchzuführen. Mit Malwarebytes Anti-Malware habe ich einmal beide Partitionen separat und einmal zusammen gescannt. ESET dauert ziemlich lange und ist irgendwie umständlich. Daher das nur einmal. In beiden Fällen wurden Probleme gefunden. Von ESET selbst nachdem ich die von Malwarebytes Anti-Malware gefundenen entfernt habe. Leider ist nicht ersichtlich um was es sich handelt(e). Von ESET habe ich keine Entfernungen durchführen lassen, da dies nicht explizit in der von Dir geposteten Anleitung stand bzw. sogar explizit ausgeschlossen wurde. Ich denke auch, dass sie systemrelevant sind und daher clean sind.
Seit der ersten Durchführung von Malwarebytes Anti-Malware läuft das System auch wieder stabil und ich habe keine sonderbaren Vorkommnisse mehr. Dennoch bitte ich darum, das Thema ordentlich abzuschließen und - soweit möglich - Infektionen auszuschließen. Herzlichen Dank!

Hier die log-files, wie gewünscht, in CODE-Tags:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jean-Luc Picard :: HAL9000L [Administrator]

04.03.2012 00:31:45
mbam-log-2012-03-04 (06-50-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452457
Laufzeit: 4 Stunde(n), 6 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP26\A0009922.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt.
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP36\A0019816.exe (Affiliate.Downloader) -> Keine Aktion durchgeführt.

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jean-Luc Picard :: HAL9000L [Administrator]

04.03.2012 06:57:57
mbam-log-2012-03-04 (06-57-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 192851
Laufzeit: 1 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.02.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jean-Luc Picard :: HAL9000L [Administrator]

05.03.2012 03:31:12
mbam-log-2012-03-05 (03-31-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 460784
Laufzeit: 4 Stunde(n), 12 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
Code:
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d307bd952b4f644a301c6588cf7bddf
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-04 06:53:07
# local_time=2012-03-04 07:53:07 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 4126 4126 0 0
# scanned=72401
# found=0
# cleaned=0
# scan_time=1478
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d307bd952b4f644a301c6588cf7bddf
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-06 02:56:43
# local_time=2012-03-06 03:56:43 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 147913 147913 0 0
# scanned=269231
# found=7
# cleaned=0
# scan_time=16308
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP52\A0032088.lnk        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP52\A0032089.lnk        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP52\A0032090.lnk        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP52\A0032091.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP53\A0032213.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP53\A0032215.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I
C:\System Volume Information\_restore{62440FC9-BC48-44B8-B4DB-C0AEF4DF6FCF}\RP53\A0032220.exe        Win32/Adware.ADON application (unable to clean)        00000000000000000000000000000000        I
Danke für Deine Hilfe und abermals herzliche Grüße
Picard

cosinus 06.03.2012 13:38
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Picard 06.03.2012 16:42
Hallo Cosinus aka Arne,

Scan ohne Komplikationen und vergleichsweise wirklich sehr "quick" durchgeführt.

Hier das Ergebnis:

OTL Logfile:
Code:
OTL logfile created on: 06.03.2012 16:00:52 - Run 1
OTL by OldTimer - Version 3.2.35.1    Folder = C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,49 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 62,89% Memory free
3,34 Gb Paging File | 2,60 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,83 Gb Total Space | 32,07 Gb Free Space | 37,37% Space Free | Partition Type: NTFS
Drive D: | 7,32 Gb Total Space | 0,58 Gb Free Space | 7,95% Space Free | Partition Type: FAT32
 
Computer Name: HAL9000L | User Name: Jean-Luc Picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.06 13:41:49 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
PRC - [2012.02.29 18:34:16 | 003,048,808 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.10.03 16:42:46 | 000,878,592 | ---- | M] (Speed-Soft) -- C:\Programme\Time-Sync\TimeSyncServiceClient.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Programme\HPQ\Shared\HpqToaster.exe
PRC - [2005.11.04 10:21:36 | 001,524,776 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe
PRC - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005.08.31 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004.07.27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.11.05 16:37:22 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Programme\HPQ\Shared\HpqToaster.exe
MOD - [2005.11.04 10:21:48 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005.09.21 10:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll
MOD - [2004.06.01 10:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002.09.26 03:32:16 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2012.02.29 18:34:16 | 003,048,808 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.03 16:42:46 | 000,878,592 | ---- | M] (Speed-Soft) [Auto | Running] -- C:\Programme\Time-Sync\TimeSyncServiceClient.exe -- (ServiceTimeSyncClient)
SRV - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.10 23:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 20:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (tifm21)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (GTIPCI21)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.02.15 18:35:14 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.02 10:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011.11.02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2006.07.31 02:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.03.30 13:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006.02.09 02:00:04 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2006.02.09 02:00:04 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.19 14:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.01.19 14:50:14 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.01.19 08:45:00 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.11.04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.09.19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.08.31 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.31 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.31 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.31 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.31 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.31 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.31 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.08.25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{A7BC682D-F73B-43DD-A63A-CF4F8DBE58BD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.29 03:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.29 03:50:39 | 000,000,000 | ---D | M]
 
[2012.02.29 01:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Extensions
[2012.03.04 09:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions
[2012.02.29 01:28:48 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.10.19 12:56:26 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\searchplugins\conduit.xml
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.02.29 02:48:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.02.18 07:26:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 14:38:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.02.17 11:36:10 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.01.19 10:13:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 10:13:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.19 10:13:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.19 10:13:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.19 10:13:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.19 10:13:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.26 09:16:55 | 000,441,411 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 15171 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\programme\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006..\Run: [mount.exe] C:\Programme\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (hxxp://www.gibinsoft.net))
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PNotes.lnk - C:\PNotes\PNotes.exe - (Andrey Gruber)
MsConfig - StartUpReg: BrowserChoice - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: Scheduler - hkey= - key= - C:\WINDOWS\SMINST\Scheduler.exe ()
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 13:41:44 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
[2012.03.05 13:54:17 | 000,000,000 | ---D | C] -- C:\Programme\GMATPrep
[2012.03.04 07:19:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.04 07:11:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Recent
[2012.03.03 19:45:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Kraftraining
[2012.03.02 14:45:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Malwarebytes
[2012.03.02 14:45:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.02 14:45:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.02 14:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Videos
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Musik
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
[2012.03.01 00:56:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ppp
[2012.02.29 13:35:16 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Bilder
[2012.02.29 08:40:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Kündigung
[2012.02.28 19:26:41 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2012.02.28 19:26:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Anti-Malware
[2012.02.26 08:06:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Verwaltung
[2012.02.24 09:54:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.23 15:18:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Unipark
[2012.02.22 15:03:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\extern
[2012.02.22 14:21:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Skype
[2012.02.22 14:21:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.02.22 14:21:34 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.02.22 14:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2012.02.21 08:44:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012.02.21 08:44:07 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2012.02.21 08:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012.02.21 08:43:57 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2012.02.21 08:43:37 | 000,000,000 | ---D | C] -- C:\ccb551ccd1f98f9c15573c8f21
[2012.02.20 17:08:09 | 000,000,000 | ---D | C] -- C:\Programme\GiPo@Utilities
[2012.02.20 17:08:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Gibinsoft Shared
[2012.02.20 16:50:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Sicherheit
[2012.02.20 16:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.20 16:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2012.02.19 13:25:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Weltreise
[2012.02.10 17:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Dissertation - Philosophie
[2012.02.10 10:59:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Nach Studium
[2012.02.07 15:35:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\.spss
[2012.02.07 15:35:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\IBM
[2012.02.07 15:34:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\javasharedresources
[2012.02.07 14:55:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.02.07 14:55:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.02.07 14:53:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\IBM
[2012.02.07 14:50:55 | 000,000,000 | ---D | C] -- C:\Programme\IBM
[2012.02.07 10:02:56 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2012.02.07 10:02:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 13:42:45 | 000,085,097 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control_, Abstürze von Firefox, dlls, Word.. - Trojaner-Board.mht.html
[2012.03.06 13:41:49 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
[2012.03.05 16:22:38 | 000,023,359 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\.jose.user.preferences
[2012.03.05 10:31:12 | 000,004,827 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Schwimmplan für die KW 10.pdf
[2012.03.05 10:04:09 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012.03.04 07:14:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.04 07:14:10 | 1601,622,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 13:14:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\defogger_reenable
[2012.02.27 10:02:12 | 000,582,838 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\20091202_nanotechnologie_nanosilber_studie.pdf
[2012.02.26 13:16:10 | 000,065,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\0,1518,632277,00.html
[2012.02.26 13:15:57 | 000,013,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ist_das_internet_ein_rechtsfreier_raum.html
[2012.02.26 09:16:55 | 000,441,411 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.26 08:26:24 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2012.02.24 15:56:20 | 002,283,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80firststeps_ger_2011-05-26.pdf
[2012.02.24 10:01:27 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.24 10:01:27 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.24 10:01:27 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.24 10:01:27 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.23 15:18:29 | 018,729,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80manual_ger_2011-06-07.pdf
[2012.02.23 13:13:57 | 004,678,868 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Wordpress.zip
[2012.02.22 10:57:40 | 000,018,343 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\index.php.htm
[2012.02.21 08:52:38 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.19 13:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.16 08:07:44 | 000,441,342 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120226-091655.backup
[2012.02.15 18:35:14 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.07 14:50:42 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2012.02.07 14:50:42 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.02.07 14:50:42 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012.02.07 14:50:42 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012.02.07 14:50:42 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2012.02.05 21:03:54 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 13:42:45 | 000,085,097 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control_, Abstürze von Firefox, dlls, Word.. - Trojaner-Board.mht.html
[2012.03.05 10:31:12 | 000,004,827 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Schwimmplan für die KW 10.pdf
[2012.03.01 13:14:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\defogger_reenable
[2012.02.27 10:02:09 | 000,582,838 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\20091202_nanotechnologie_nanosilber_studie.pdf
[2012.02.26 13:16:09 | 000,065,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\0,1518,632277,00.html
[2012.02.26 13:15:57 | 000,013,121 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ist_das_internet_ein_rechtsfreier_raum.html
[2012.02.24 15:56:15 | 002,283,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80firststeps_ger_2011-05-26.pdf
[2012.02.23 15:48:25 | 018,729,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80manual_ger_2011-06-07.pdf
[2012.02.23 13:13:55 | 004,678,868 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Wordpress.zip
[2012.02.22 10:57:39 | 000,018,343 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\index.php.htm
[2012.02.15 09:07:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 09:07:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.07 14:50:42 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2012.02.07 14:50:42 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.02.07 14:50:42 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012.02.07 14:50:42 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2012.02.07 14:50:42 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2011.11.15 12:24:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.11.13 17:05:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011.11.05 17:13:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2011.11.05 17:04:54 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011.11.05 16:50:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.11.05 16:50:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.11.05 16:49:47 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2011.11.05 16:37:22 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.11.05 16:37:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011.11.05 16:15:54 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2011.11.05 16:15:54 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2011.11.05 16:05:40 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011.11.05 15:30:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.04 18:44:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011.11.04 09:56:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.11.04 09:56:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.11.04 09:56:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.11.04 09:56:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.11.04 09:56:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.11.04 09:56:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.11.04 09:55:23 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2012.02.29 00:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2012.02.29 01:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2012.03.05 10:04:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995
[2012.02.29 01:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.02.29 01:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.02.29 01:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012.02.29 01:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Transparent
[2012.02.29 01:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\SampleView
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\BaKoMa TeX
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\calibre
[2012.03.06 15:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\EndNote
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\LyX2.0
[2012.02.29 01:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Opera
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\pdf995
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Pdfsvg
[2012.03.04 23:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.29 01:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\SampleView
[2012.02.29 01:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.29 01:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Adobe
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\AdobeUM
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Avira
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\BaKoMa TeX
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\calibre
[2012.03.06 15:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\EndNote
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\HpUpdate
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Identities
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\LyX2.0
[2012.02.29 01:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Macromedia
[2012.03.02 14:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Malwarebytes
[2012.02.29 10:43:19 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Microsoft
[2012.02.29 01:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX
[2012.02.29 01:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla
[2012.02.29 01:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Opera
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\pdf995
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Pdfsvg
[2012.03.04 23:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.29 01:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\SampleView
[2012.03.06 12:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Skype
[2012.02.29 01:29:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Sun
[2012.02.29 01:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
[2012.02.29 01:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\vlc
[2012.02.29 01:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.08.19 15:12:54 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe
[2011.08.19 15:12:54 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-update.exe
[2011.08.19 15:12:59 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe
[2004.08.27 20:09:22 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\skt.exe
[2008.03.09 16:57:59 | 000,041,342 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\devanagari\bin\win32\devnag.exe
[2001.05.12 20:53:02 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\latex\bibarts\gbibsort.exe
[2009.03.23 10:29:07 | 000,018,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\latex\splitindex\splitindex.exe
[2012.02.20 16:45:30 | 000,704,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar\unins000.exe
[2010.03.31 12:17:06 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar\Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\SMINST\RPFiles\MiniNT\System32\Drivers\iastor.sys
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 09:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 09:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 09:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004.08.07 08:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.07 08:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.07 08:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >
--- --- ---

a) Wie ist das alles zu interpretieren?
b) War oder ist mein System infiziert?
c) Wie geht es ggf. weiter?
d) OTL hat auch eine Extras.txt generiert. Soll ich deren Inhalt auch posten (vermutlich nicht, sonst hättest Du es bestimmt geschrieben ;))?

Danke und Grüße,
Picard

cosinus 06.03.2012 20:05
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{A7BC682D-F73B-43DD-A63A-CF4F8DBE58BD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
[2012.02.29 01:28:48 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.10.19 12:56:26 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\searchplugins\conduit.xml
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Picard 06.03.2012 20:26
Ok, schon geschehen.

Hier das log-file:

Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\SearchScopes\{A7BC682D-F73B-43DD-A63A-CF4F8DBE58BD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7BC682D-F73B-43DD-A63A-CF4F8DBE58BD}\ not found.
Registry key HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "Winload Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "LEO Eng-Deu" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=" removed from keyword.URL
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\searchplugin folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\modules folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\META-INF folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\defaults folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\chrome folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} folder moved successfully.
C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\searchplugins\conduit.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
D:\AUTOEXEC.BAT moved successfully.
D:\Autorun.inf moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Jean-Luc Picard
->Temp folder emptied: 246326267 bytes
->Temporary Internet Files folder emptied: 9525559 bytes
->Java cache emptied: 2936101 bytes
->FireFox cache emptied: 220687188 bytes
->Opera cache emptied: 15683345 bytes
->Flash cache emptied: 82457 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4320448 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 477,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03062012_201306

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Aber am Ende wüsste ich schon gerne, was ich da jetzt hatte und ob ich alle meine Passwörter oder gar meinen Wohnsitz ändern muss. ;)

Danke und herzliche Grüße
Picard

cosinus 06.03.2012 21:11
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Picard 06.03.2012 22:10
Habe den Scan zwei mal durchgeführt, weil ich den Report-Button übersehen hatte.

Hier das Log-File, dass die Ergebnisse beider Scans enthält:

Code:

22:32:14.0452 1196        TDSS rootkit removing tool 2.7.19.0 Mar  5 2012 11:23:39
22:32:14.0467 1196        ============================================================
22:32:14.0467 1196        Current date / time: 2012/03/06 22:32:14.0467
22:32:14.0467 1196        SystemInfo:
22:32:14.0467 1196       
22:32:14.0467 1196        OS Version: 5.1.2600 ServicePack: 3.0
22:32:14.0467 1196        Product type: Workstation
22:32:14.0467 1196        ComputerName: HAL9000L
22:32:14.0467 1196        UserName: Jean-Luc Picard
22:32:14.0467 1196        Windows directory: C:\WINDOWS
22:32:14.0467 1196        System windows directory: C:\WINDOWS
22:32:14.0467 1196        Processor architecture: Intel x86
22:32:14.0467 1196        Number of processors: 2
22:32:14.0467 1196        Page size: 0x1000
22:32:14.0467 1196        Boot type: Normal boot
22:32:14.0467 1196        ============================================================
22:32:15.0045 1196        Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x3279, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
22:32:15.0061 1196        \Device\Harddisk0\DR0:
22:32:15.0061 1196        MBR used
22:32:15.0061 1196        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xABA67C1
22:32:15.0061 1196        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xABA683F, BlocksNum 0xEAA251
22:32:15.0123 1196        Initialize success
22:32:15.0123 1196        ============================================================
22:33:32.0623 2292        ============================================================
22:33:32.0623 2292        Scan started
22:33:32.0623 2292        Mode: Manual; SigCheck; TDLFS;
22:33:32.0623 2292        ============================================================
22:33:32.0920 2292        a2acc          (05dac43a484272de87eac038814a7840) C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:33:33.0092 2292        a2acc - ok
22:33:33.0108 2292        A2DDA          (f7eabca8375ea2dc6f35c4bca4757515) C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
22:33:33.0108 2292        A2DDA - ok
22:33:33.0139 2292        a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
22:33:33.0155 2292        a2injectiondriver - ok
22:33:33.0170 2292        a2util          (2da26eb05b5495d3b2ee36456c239fb7) C:\Programme\Emsisoft Anti-Malware\a2util32.sys
22:33:33.0186 2292        a2util - ok
22:33:33.0311 2292        Abiosdsk - ok
22:33:33.0358 2292        abp480n5 - ok
22:33:33.0498 2292        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:33:33.0827 2292        ACPI - ok
22:33:33.0905 2292        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:33:34.0045 2292        ACPIEC - ok
22:33:34.0217 2292        ADIHdAudAddService (761d5bbdb6a5867c9f8ebbb545af7b34) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:33:34.0248 2292        ADIHdAudAddService - ok
22:33:34.0311 2292        adpu160m - ok
22:33:34.0358 2292        AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
22:33:34.0389 2292        AEAudioService - ok
22:33:34.0530 2292        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:33:34.0702 2292        aec - ok
22:33:35.0014 2292        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:33:35.0155 2292        AFD - ok
22:33:35.0452 2292        AgereSoftModem  (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:33:35.0827 2292        AgereSoftModem - ok
22:33:35.0983 2292        Aha154x - ok
22:33:36.0030 2292        aic78u2 - ok
22:33:36.0061 2292        aic78xx - ok
22:33:36.0170 2292        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:33:36.0358 2292        AliIde - ok
22:33:36.0405 2292        amsint - ok
22:33:36.0483 2292        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:33:36.0608 2292        Arp1394 - ok
22:33:36.0639 2292        asc - ok
22:33:36.0795 2292        asc3350p - ok
22:33:36.0842 2292        asc3550 - ok
22:33:36.0905 2292        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:33:37.0077 2292        AsyncMac - ok
22:33:37.0123 2292        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:33:37.0248 2292        atapi - ok
22:33:37.0280 2292        Atdisk - ok
22:33:37.0342 2292        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:33:37.0467 2292        Atmarpc - ok
22:33:37.0530 2292        ATSWPDRV        (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
22:33:37.0623 2292        ATSWPDRV - ok
22:33:37.0764 2292        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:33:37.0952 2292        audstub - ok
22:33:38.0045 2292        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:33:38.0061 2292        avgntflt - ok
22:33:38.0092 2292        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:33:38.0108 2292        avipbb - ok
22:33:38.0123 2292        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:33:38.0123 2292        avkmgr - ok
22:33:38.0139 2292        b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:33:38.0170 2292        b57w2k - ok
22:33:38.0264 2292        BCM43XX        (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:33:38.0327 2292        BCM43XX - ok
22:33:38.0452 2292        bcm4sbxp        (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:33:38.0498 2292        bcm4sbxp - ok
22:33:38.0639 2292        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:33:38.0827 2292        Beep - ok
22:33:38.0889 2292        BTWUSB          (1f5796135b955348ba0622d2eace3e47) C:\WINDOWS\system32\Drivers\btwusb.sys
22:33:38.0920 2292        BTWUSB ( UnsignedFile.Multi.Generic ) - warning
22:33:38.0920 2292        BTWUSB - detected UnsignedFile.Multi.Generic (1)
22:33:38.0998 2292        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:33:39.0123 2292        cbidf2k - ok
22:33:39.0186 2292        cd20xrnt - ok
22:33:39.0264 2292        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:33:39.0405 2292        Cdaudio - ok
22:33:39.0545 2292        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:33:39.0717 2292        Cdfs - ok
22:33:39.0748 2292        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:33:39.0873 2292        Cdrom - ok
22:33:39.0873 2292        Changer - ok
22:33:39.0920 2292        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:33:40.0030 2292        CmBatt - ok
22:33:40.0061 2292        CmdIde - ok
22:33:40.0077 2292        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:33:40.0186 2292        Compbatt - ok
22:33:40.0202 2292        Cpqarray - ok
22:33:40.0248 2292        CVirtA          (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:33:40.0311 2292        CVirtA - ok
22:33:40.0405 2292        CVPNDRVA        (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:33:40.0452 2292        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:33:40.0452 2292        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:33:40.0514 2292        dac2w2k - ok
22:33:40.0561 2292        dac960nt - ok
22:33:40.0686 2292        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:33:40.0811 2292        Disk - ok
22:33:40.0873 2292        DLABOIOM        (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:33:40.0889 2292        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
22:33:40.0889 2292        DLABOIOM - detected UnsignedFile.Multi.Generic (1)
22:33:40.0952 2292        DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:33:40.0983 2292        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
22:33:40.0983 2292        DLACDBHM - detected UnsignedFile.Multi.Generic (1)
22:33:41.0045 2292        DLADResN        (be6fa594aa49efa8d5ef032dfe0a678d) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:33:41.0045 2292        DLADResN ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0045 2292        DLADResN - detected UnsignedFile.Multi.Generic (1)
22:33:41.0123 2292        DLAIFS_M        (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:33:41.0139 2292        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0139 2292        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
22:33:41.0217 2292        DLAOPIOM        (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:33:41.0233 2292        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0233 2292        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
22:33:41.0295 2292        DLAPoolM        (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:33:41.0311 2292        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0311 2292        DLAPoolM - detected UnsignedFile.Multi.Generic (1)
22:33:41.0405 2292        DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:33:41.0436 2292        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0436 2292        DLARTL_N - detected UnsignedFile.Multi.Generic (1)
22:33:41.0530 2292        DLAUDFAM        (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:33:41.0545 2292        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0545 2292        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
22:33:41.0608 2292        DLAUDF_M        (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:33:41.0639 2292        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
22:33:41.0639 2292        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
22:33:41.0780 2292        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:33:42.0030 2292        dmboot - ok
22:33:42.0108 2292        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:33:42.0248 2292        dmio - ok
22:33:42.0311 2292        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:33:42.0420 2292        dmload - ok
22:33:42.0545 2292        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:33:42.0702 2292        DMusic - ok
22:33:42.0748 2292        DNE            (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:33:42.0795 2292        DNE - ok
22:33:42.0905 2292        dpti2o - ok
22:33:42.0920 2292        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:33:43.0061 2292        drmkaud - ok
22:33:43.0092 2292        DRVMCDB        (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:33:43.0092 2292        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
22:33:43.0092 2292        DRVMCDB - detected UnsignedFile.Multi.Generic (1)
22:33:43.0108 2292        DRVNDDM        (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:33:43.0139 2292        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
22:33:43.0139 2292        DRVNDDM - detected UnsignedFile.Multi.Generic (1)
22:33:43.0202 2292        eabfiltr        (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:33:43.0280 2292        eabfiltr - ok
22:33:43.0389 2292        eabusb          (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
22:33:43.0436 2292        eabusb - ok
22:33:43.0483 2292        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:33:43.0655 2292        Fastfat - ok
22:33:43.0686 2292        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:33:43.0827 2292        Fdc - ok
22:33:43.0889 2292        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:33:43.0998 2292        Fips - ok
22:33:44.0014 2292        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:33:44.0155 2292        Flpydisk - ok
22:33:44.0186 2292        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:33:44.0295 2292        FltMgr - ok
22:33:44.0373 2292        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:33:44.0498 2292        Fs_Rec - ok
22:33:44.0592 2292        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:33:44.0717 2292        Ftdisk - ok
22:33:44.0811 2292        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:33:44.0998 2292        Gpc - ok
22:33:45.0045 2292        GTIPCI21 - ok
22:33:45.0061 2292        HBtnKey        (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:33:45.0077 2292        HBtnKey - ok
22:33:45.0108 2292        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:33:45.0217 2292        HDAudBus - ok
22:33:45.0233 2292        hpn - ok
22:33:45.0327 2292        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:33:45.0373 2292        HTTP - ok
22:33:45.0467 2292        i2omgmt - ok
22:33:45.0514 2292        i2omp - ok
22:33:45.0608 2292        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:33:45.0717 2292        i8042prt - ok
22:33:45.0842 2292        ialm            (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:33:46.0077 2292        ialm - ok
22:33:46.0170 2292        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:33:46.0217 2292        iaStor - ok
22:33:46.0405 2292        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:33:46.0577 2292        Imapi - ok
22:33:46.0623 2292        ini910u - ok
22:33:46.0655 2292        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:33:46.0780 2292        IntelIde - ok
22:33:46.0811 2292        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:33:46.0920 2292        intelppm - ok
22:33:47.0030 2292        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:33:47.0155 2292        Ip6Fw - ok
22:33:47.0280 2292        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:33:47.0452 2292        IpFilterDriver - ok
22:33:47.0561 2292        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:33:47.0733 2292        IpInIp - ok
22:33:47.0780 2292        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:33:47.0967 2292        IpNat - ok
22:33:47.0998 2292        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:33:48.0123 2292        IPSec - ok
22:33:48.0155 2292        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:33:48.0280 2292        IRENUM - ok
22:33:48.0342 2292        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:33:48.0467 2292        isapnp - ok
22:33:48.0498 2292        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:33:48.0608 2292        Kbdclass - ok
22:33:48.0686 2292        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:33:48.0811 2292        kbdhid - ok
22:33:48.0905 2292        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:33:49.0030 2292        kmixer - ok
22:33:49.0108 2292        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:33:49.0155 2292        KSecDD - ok
22:33:49.0186 2292        lbrtfdc - ok
22:33:49.0280 2292        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:33:49.0405 2292        mnmdd - ok
22:33:49.0561 2292        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:33:49.0670 2292        Modem - ok
22:33:49.0795 2292        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:33:49.0905 2292        Mouclass - ok
22:33:49.0952 2292        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:33:50.0061 2292        MountMgr - ok
22:33:50.0108 2292        mraid35x - ok
22:33:50.0139 2292        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:33:50.0280 2292        MRxDAV - ok
22:33:50.0389 2292        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:33:50.0467 2292        MRxSmb - ok
22:33:50.0639 2292        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:33:50.0764 2292        Msfs - ok
22:33:50.0827 2292        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:33:50.0936 2292        MSKSSRV - ok
22:33:51.0014 2292        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:33:51.0155 2292        MSPCLOCK - ok
22:33:51.0233 2292        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:33:51.0373 2292        MSPQM - ok
22:33:51.0592 2292        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:33:51.0702 2292        mssmbios - ok
22:33:51.0795 2292        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:33:51.0827 2292        Mup - ok
22:33:51.0952 2292        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:33:52.0077 2292        NDIS - ok
22:33:52.0123 2292        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:33:52.0155 2292        NdisTapi - ok
22:33:52.0327 2292        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:33:52.0452 2292        Ndisuio - ok
22:33:52.0483 2292        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:33:52.0608 2292        NdisWan - ok
22:33:52.0686 2292        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:33:52.0733 2292        NDProxy - ok
22:33:52.0827 2292        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:33:52.0952 2292        NetBIOS - ok
22:33:52.0998 2292        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:33:53.0123 2292        NetBT - ok
22:33:53.0280 2292        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:33:53.0405 2292        NIC1394 - ok
22:33:53.0452 2292        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:33:53.0561 2292        Npfs - ok
22:33:53.0592 2292        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:33:53.0733 2292        Ntfs - ok
22:33:53.0827 2292        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:33:53.0952 2292        Null - ok
22:33:54.0030 2292        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:33:54.0170 2292        NwlnkFlt - ok
22:33:54.0217 2292        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:33:54.0327 2292        NwlnkFwd - ok
22:33:54.0483 2292        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:33:54.0623 2292        ohci1394 - ok
22:33:54.0686 2292        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:33:54.0811 2292        Parport - ok
22:33:54.0858 2292        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:33:54.0983 2292        PartMgr - ok
22:33:55.0077 2292        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:33:55.0202 2292        ParVdm - ok
22:33:55.0248 2292        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:33:55.0358 2292        PCI - ok
22:33:55.0420 2292        PCIDump - ok
22:33:55.0530 2292        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:33:55.0670 2292        PCIIde - ok
22:33:55.0733 2292        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:33:55.0873 2292        Pcmcia - ok
22:33:55.0873 2292        PDCOMP - ok
22:33:55.0889 2292        PDFRAME - ok
22:33:55.0905 2292        PDRELI - ok
22:33:55.0920 2292        PDRFRAME - ok
22:33:55.0936 2292        perc2 - ok
22:33:55.0936 2292        perc2hib - ok
22:33:55.0998 2292        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:33:56.0108 2292        PptpMiniport - ok
22:33:56.0123 2292        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:33:56.0248 2292        PSched - ok
22:33:56.0280 2292        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:33:56.0420 2292        Ptilink - ok
22:33:56.0483 2292        PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:33:56.0483 2292        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:33:56.0483 2292        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:33:56.0498 2292        ql1080 - ok
22:33:56.0514 2292        Ql10wnt - ok
22:33:56.0530 2292        ql12160 - ok
22:33:56.0530 2292        ql1240 - ok
22:33:56.0561 2292        ql1280 - ok
22:33:56.0577 2292        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:33:56.0702 2292        RasAcd - ok
22:33:56.0748 2292        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:33:56.0842 2292        Rasirda - ok
22:33:56.0967 2292        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:33:57.0092 2292        Rasl2tp - ok
22:33:57.0170 2292        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:33:57.0311 2292        RasPppoe - ok
22:33:57.0420 2292        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:33:57.0608 2292        Raspti - ok
22:33:57.0655 2292        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:33:57.0780 2292        Rdbss - ok
22:33:57.0858 2292        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:33:57.0983 2292        RDPCDD - ok
22:33:58.0061 2292        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:33:58.0092 2292        RDPWD - ok
22:33:58.0186 2292        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:33:58.0327 2292        redbook - ok
22:33:58.0420 2292        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:33:58.0545 2292        sdbus - ok
22:33:58.0623 2292        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:33:58.0748 2292        Secdrv - ok
22:33:58.0795 2292        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:33:58.0920 2292        serenum - ok
22:33:58.0983 2292        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:33:59.0092 2292        Serial - ok
22:33:59.0139 2292        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:33:59.0280 2292        Sfloppy - ok
22:33:59.0311 2292        Simbad - ok
22:33:59.0358 2292        SMCIRDA        (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
22:33:59.0436 2292        SMCIRDA - ok
22:33:59.0483 2292        Sparrow - ok
22:33:59.0561 2292        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:33:59.0686 2292        splitter - ok
22:33:59.0764 2292        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:33:59.0920 2292        sr - ok
22:33:59.0998 2292        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:34:00.0108 2292        Srv - ok
22:34:00.0155 2292        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:34:00.0170 2292        ssmdrv - ok
22:34:00.0202 2292        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:34:00.0358 2292        swenum - ok
22:34:00.0452 2292        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:34:00.0561 2292        swmidi - ok
22:34:00.0686 2292        symc810 - ok
22:34:00.0748 2292        symc8xx - ok
22:34:00.0795 2292        SYMIDSCO - ok
22:34:00.0842 2292        sym_hi - ok
22:34:00.0873 2292        sym_u3 - ok
22:34:01.0014 2292        SynTP          (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:34:01.0045 2292        SynTP - ok
22:34:01.0108 2292        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:34:01.0280 2292        sysaudio - ok
22:34:01.0436 2292        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:34:01.0577 2292        Tcpip - ok
22:34:01.0639 2292        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:34:01.0764 2292        TDPIPE - ok
22:34:01.0873 2292        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:34:02.0045 2292        TDTCP - ok
22:34:02.0139 2292        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:34:02.0248 2292        TermDD - ok
22:34:02.0264 2292        tifm21 - ok
22:34:02.0280 2292        TosIde - ok
22:34:02.0311 2292        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:34:02.0436 2292        Udfs - ok
22:34:02.0498 2292        ultra - ok
22:34:02.0577 2292        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Programme\Unlocker\UnlockerDriver5.sys
22:34:02.0608 2292        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
22:34:02.0608 2292        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
22:34:02.0686 2292        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:34:02.0889 2292        Update - ok
22:34:02.0983 2292        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:34:03.0123 2292        usbehci - ok
22:34:03.0202 2292        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:34:03.0389 2292        usbhub - ok
22:34:03.0467 2292        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:34:03.0577 2292        USBSTOR - ok
22:34:03.0608 2292        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:34:03.0717 2292        usbuhci - ok
22:34:03.0733 2292        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:34:03.0858 2292        VgaSave - ok
22:34:03.0873 2292        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:34:03.0998 2292        ViaIde - ok
22:34:04.0014 2292        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:34:04.0170 2292        VolSnap - ok
22:34:04.0280 2292        vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
22:34:04.0405 2292        vsdatant - ok
22:34:04.0623 2292        w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:34:04.0795 2292        w39n51 - ok
22:34:04.0936 2292        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:34:05.0108 2292        Wanarp - ok
22:34:05.0123 2292        WDICA - ok
22:34:05.0139 2292        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:34:05.0264 2292        wdmaud - ok
22:34:05.0327 2292        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:34:05.0436 2292        WmiAcpi - ok
22:34:05.0483 2292        MBR (0x1B8)    (14c6601bdcc8a8484143829f2700ed2c) \Device\Harddisk0\DR0
22:34:05.0795 2292        \Device\Harddisk0\DR0 - ok
22:34:05.0795 2292        Boot (0x1200)  (b1088af1e76728b3851fe432628123d7) \Device\Harddisk0\DR0\Partition0
22:34:05.0811 2292        \Device\Harddisk0\DR0\Partition0 - ok
22:34:05.0811 2292        Boot (0x1200)  (4e1aeec345ba321a7a82f3515b3bd77e) \Device\Harddisk0\DR0\Partition1
22:34:05.0811 2292        \Device\Harddisk0\DR0\Partition1 - ok
22:34:05.0811 2292        ============================================================
22:34:05.0811 2292        Scan finished
22:34:05.0811 2292        ============================================================
22:34:05.0920 2652        Detected object count: 15
22:34:05.0920 2652        Actual detected object count: 15
22:34:19.0295 2652        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0295 2652        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0311 2652        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0311 2652        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:19.0327 2652        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:34:19.0327 2652        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:34:47.0436 3688        ============================================================
22:34:47.0436 3688        Scan started
22:34:47.0436 3688        Mode: Manual; SigCheck; TDLFS;
22:34:47.0436 3688        ============================================================
22:34:47.0952 3688        a2acc          (05dac43a484272de87eac038814a7840) C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:34:47.0983 3688        a2acc - ok
22:34:48.0014 3688        A2DDA          (f7eabca8375ea2dc6f35c4bca4757515) C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
22:34:48.0030 3688        A2DDA - ok
22:34:48.0061 3688        a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
22:34:48.0077 3688        a2injectiondriver - ok
22:34:48.0092 3688        a2util          (2da26eb05b5495d3b2ee36456c239fb7) C:\Programme\Emsisoft Anti-Malware\a2util32.sys
22:34:48.0108 3688        a2util - ok
22:34:48.0248 3688        Abiosdsk - ok
22:34:48.0311 3688        abp480n5 - ok
22:34:48.0483 3688        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:34:48.0670 3688        ACPI - ok
22:34:48.0670 3688        Scan interrupted by user!
22:34:48.0670 3688        Scan interrupted by user!
22:34:48.0670 3688        Scan interrupted by user!
22:34:48.0670 3688        ============================================================
22:34:48.0670 3688        Scan finished
22:34:48.0670 3688        ============================================================
22:34:48.0670 3232        Detected object count: 0
22:34:48.0670 3232        Actual detected object count: 0
22:34:53.0045 2860        ============================================================
22:34:53.0045 2860        Scan started
22:34:53.0045 2860        Mode: Manual; SigCheck; TDLFS;
22:34:53.0045 2860        ============================================================
22:34:53.0295 2860        a2acc          (05dac43a484272de87eac038814a7840) C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
22:34:53.0311 2860        a2acc - ok
22:34:53.0327 2860        A2DDA          (f7eabca8375ea2dc6f35c4bca4757515) C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
22:34:53.0342 2860        A2DDA - ok
22:34:53.0373 2860        a2injectiondriver (23aac49133765eeaa86a65452d21ef1c) C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
22:34:53.0373 2860        a2injectiondriver - ok
22:34:53.0405 2860        a2util          (2da26eb05b5495d3b2ee36456c239fb7) C:\Programme\Emsisoft Anti-Malware\a2util32.sys
22:34:53.0420 2860        a2util - ok
22:34:53.0545 2860        Abiosdsk - ok
22:34:53.0592 2860        abp480n5 - ok
22:34:53.0686 2860        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:34:53.0795 2860        ACPI - ok
22:34:53.0936 2860        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:34:54.0077 2860        ACPIEC - ok
22:34:54.0139 2860        ADIHdAudAddService (761d5bbdb6a5867c9f8ebbb545af7b34) C:\WINDOWS\system32\drivers\ADIHdAud.sys
22:34:54.0155 2860        ADIHdAudAddService - ok
22:34:54.0186 2860        adpu160m - ok
22:34:54.0373 2860        AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
22:34:54.0389 2860        AEAudioService - ok
22:34:54.0530 2860        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:34:54.0655 2860        aec - ok
22:34:54.0748 2860        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:34:54.0764 2860        AFD - ok
22:34:54.0889 2860        AgereSoftModem  (4458fcb8a00da31fdcc086449274c40d) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
22:34:54.0983 2860        AgereSoftModem - ok
22:34:55.0108 2860        Aha154x - ok
22:34:55.0170 2860        aic78u2 - ok
22:34:55.0202 2860        aic78xx - ok
22:34:55.0248 2860        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
22:34:55.0373 2860        AliIde - ok
22:34:55.0420 2860        amsint - ok
22:34:55.0514 2860        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:34:55.0623 2860        Arp1394 - ok
22:34:55.0639 2860        asc - ok
22:34:55.0655 2860        asc3350p - ok
22:34:55.0670 2860        asc3550 - ok
22:34:55.0702 2860        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:34:55.0811 2860        AsyncMac - ok
22:34:55.0827 2860        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:34:55.0936 2860        atapi - ok
22:34:55.0952 2860        Atdisk - ok
22:34:55.0983 2860        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:34:56.0108 2860        Atmarpc - ok
22:34:56.0248 2860        ATSWPDRV        (002ecb6f1197a7754cc87f2073f41841) C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
22:34:56.0280 2860        ATSWPDRV - ok
22:34:56.0358 2860        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:34:56.0483 2860        audstub - ok
22:34:56.0530 2860        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
22:34:56.0545 2860        avgntflt - ok
22:34:56.0592 2860        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
22:34:56.0608 2860        avipbb - ok
22:34:56.0655 2860        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
22:34:56.0670 2860        avkmgr - ok
22:34:56.0686 2860        b57w2k          (c0acd392ece55784884cc208aafa06ce) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
22:34:56.0702 2860        b57w2k - ok
22:34:56.0780 2860        BCM43XX        (69f940672be0ecee5bd1e905706ba8ce) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
22:34:56.0858 2860        BCM43XX - ok
22:34:56.0983 2860        bcm4sbxp        (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
22:34:57.0030 2860        bcm4sbxp - ok
22:34:57.0139 2860        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:34:57.0311 2860        Beep - ok
22:34:57.0389 2860        BTWUSB          (1f5796135b955348ba0622d2eace3e47) C:\WINDOWS\system32\Drivers\btwusb.sys
22:34:57.0420 2860        BTWUSB ( UnsignedFile.Multi.Generic ) - warning
22:34:57.0420 2860        BTWUSB - detected UnsignedFile.Multi.Generic (1)
22:34:57.0452 2860        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:34:57.0592 2860        cbidf2k - ok
22:34:57.0623 2860        cd20xrnt - ok
22:34:57.0655 2860        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:34:57.0780 2860        Cdaudio - ok
22:34:57.0936 2860        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:34:58.0108 2860        Cdfs - ok
22:34:58.0186 2860        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:34:58.0311 2860        Cdrom - ok
22:34:58.0608 2860        Changer - ok
22:34:58.0655 2860        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:34:58.0780 2860        CmBatt - ok
22:35:00.0092 2860        CmdIde - ok
22:35:00.0186 2860        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:35:00.0342 2860        Compbatt - ok
22:35:00.0373 2860        Cpqarray - ok
22:35:00.0420 2860        CVirtA          (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
22:35:00.0452 2860        CVirtA - ok
22:35:00.0592 2860        CVPNDRVA        (244b0408e9e20c734c97ce1e783d67ee) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
22:35:00.0608 2860        CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning
22:35:00.0608 2860        CVPNDRVA - detected UnsignedFile.Multi.Generic (1)
22:35:00.0623 2860        dac2w2k - ok
22:35:00.0639 2860        dac960nt - ok
22:35:00.0702 2860        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:35:00.0811 2860        Disk - ok
22:35:00.0936 2860        DLABOIOM        (244b6285b14e06a9ba81b3ed9b9a3b38) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
22:35:00.0952 2860        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
22:35:00.0952 2860        DLABOIOM - detected UnsignedFile.Multi.Generic (1)
22:35:00.0983 2860        DLACDBHM        (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
22:35:01.0014 2860        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0014 2860        DLACDBHM - detected UnsignedFile.Multi.Generic (1)
22:35:01.0045 2860        DLADResN        (be6fa594aa49efa8d5ef032dfe0a678d) C:\WINDOWS\system32\DLA\DLADResN.SYS
22:35:01.0061 2860        DLADResN ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0061 2860        DLADResN - detected UnsignedFile.Multi.Generic (1)
22:35:01.0077 2860        DLAIFS_M        (46cdf41ab0f616168f2c03edb590643a) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
22:35:01.0092 2860        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0092 2860        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
22:35:01.0202 2860        DLAOPIOM        (94f39387819a9ae05c788cfd7ea4e16b) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
22:35:01.0202 2860        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0202 2860        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
22:35:01.0217 2860        DLAPoolM        (f4dcc4df6b27ee4e3d08258ecddecb1f) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
22:35:01.0217 2860        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0217 2860        DLAPoolM - detected UnsignedFile.Multi.Generic (1)
22:35:01.0280 2860        DLARTL_N        (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
22:35:01.0311 2860        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0311 2860        DLARTL_N - detected UnsignedFile.Multi.Generic (1)
22:35:01.0327 2860        DLAUDFAM        (bde11a8c697c5e22aedf34ca3fdb5940) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
22:35:01.0327 2860        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0327 2860        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
22:35:01.0342 2860        DLAUDF_M        (069d67eed1cec572dc28cb5582b5aa96) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
22:35:01.0358 2860        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
22:35:01.0358 2860        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
22:35:01.0436 2860        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
22:35:01.0655 2860        dmboot - ok
22:35:01.0764 2860        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
22:35:01.0889 2860        dmio - ok
22:35:01.0967 2860        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:35:02.0077 2860        dmload - ok
22:35:02.0248 2860        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:35:02.0389 2860        DMusic - ok
22:35:02.0467 2860        DNE            (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
22:35:02.0514 2860        DNE - ok
22:35:02.0592 2860        dpti2o - ok
22:35:02.0623 2860        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:35:02.0795 2860        drmkaud - ok
22:35:02.0889 2860        DRVMCDB        (fe923d5529144d47b907663d2838c032) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
22:35:02.0905 2860        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
22:35:02.0905 2860        DRVMCDB - detected UnsignedFile.Multi.Generic (1)
22:35:03.0014 2860        DRVNDDM        (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
22:35:03.0061 2860        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
22:35:03.0061 2860        DRVNDDM - detected UnsignedFile.Multi.Generic (1)
22:35:03.0233 2860        eabfiltr        (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
22:35:03.0295 2860        eabfiltr - ok
22:35:03.0389 2860        eabusb          (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys
22:35:03.0436 2860        eabusb - ok
22:35:03.0514 2860        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:35:03.0686 2860        Fastfat - ok
22:35:03.0780 2860        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
22:35:03.0905 2860        Fdc - ok
22:35:03.0920 2860        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
22:35:04.0030 2860        Fips - ok
22:35:04.0077 2860        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
22:35:04.0202 2860        Flpydisk - ok
22:35:04.0248 2860        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:35:04.0373 2860        FltMgr - ok
22:35:04.0436 2860        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:35:04.0577 2860        Fs_Rec - ok
22:35:04.0623 2860        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:35:04.0780 2860        Ftdisk - ok
22:35:04.0873 2860        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:35:04.0998 2860        Gpc - ok
22:35:05.0061 2860        GTIPCI21 - ok
22:35:05.0092 2860        HBtnKey        (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
22:35:05.0123 2860        HBtnKey - ok
22:35:05.0186 2860        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:35:05.0327 2860        HDAudBus - ok
22:35:05.0389 2860        hpn - ok
22:35:05.0483 2860        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:35:05.0514 2860        HTTP - ok
22:35:05.0561 2860        i2omgmt - ok
22:35:05.0592 2860        i2omp - ok
22:35:05.0686 2860        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:35:05.0858 2860        i8042prt - ok
22:35:05.0983 2860        ialm            (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
22:35:06.0108 2860        ialm - ok
22:35:06.0186 2860        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
22:35:06.0233 2860        iaStor - ok
22:35:06.0327 2860        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:35:06.0467 2860        Imapi - ok
22:35:06.0608 2860        ini910u - ok
22:35:06.0670 2860        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
22:35:06.0842 2860        IntelIde - ok
22:35:06.0889 2860        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:35:06.0983 2860        intelppm - ok
22:35:07.0045 2860        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:35:07.0170 2860        Ip6Fw - ok
22:35:07.0295 2860        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:35:07.0436 2860        IpFilterDriver - ok
22:35:07.0514 2860        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:35:07.0639 2860        IpInIp - ok
22:35:07.0733 2860        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:35:07.0858 2860        IpNat - ok
22:35:07.0920 2860        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:35:08.0030 2860        IPSec - ok
22:35:08.0077 2860        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:35:08.0202 2860        IRENUM - ok
22:35:08.0280 2860        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:35:08.0405 2860        isapnp - ok
22:35:08.0436 2860        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:35:08.0545 2860        Kbdclass - ok
22:35:08.0639 2860        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
22:35:08.0748 2860        kbdhid - ok
22:35:08.0827 2860        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:35:08.0952 2860        kmixer - ok
22:35:08.0983 2860        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:35:08.0998 2860        KSecDD - ok
22:35:09.0014 2860        lbrtfdc - ok
22:35:09.0077 2860        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:35:09.0202 2860        mnmdd - ok
22:35:09.0233 2860        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
22:35:09.0342 2860        Modem - ok
22:35:09.0373 2860        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:35:09.0498 2860        Mouclass - ok
22:35:09.0592 2860        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:35:09.0702 2860        MountMgr - ok
22:35:09.0748 2860        mraid35x - ok
22:35:09.0780 2860        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:35:09.0905 2860        MRxDAV - ok
22:35:09.0983 2860        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:35:10.0045 2860        MRxSmb - ok
22:35:10.0092 2860        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:35:10.0217 2860        Msfs - ok
22:35:10.0264 2860        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:35:10.0373 2860        MSKSSRV - ok
22:35:10.0405 2860        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:35:10.0530 2860        MSPCLOCK - ok
22:35:10.0561 2860        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:35:10.0686 2860        MSPQM - ok
22:35:10.0764 2860        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:35:10.0873 2860        mssmbios - ok
22:35:11.0030 2860        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:35:11.0045 2860        Mup - ok
22:35:11.0139 2860        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:35:11.0264 2860        NDIS - ok
22:35:11.0342 2860        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:35:11.0358 2860        NdisTapi - ok
22:35:11.0389 2860        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:35:11.0514 2860        Ndisuio - ok
22:35:11.0577 2860        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:35:11.0717 2860        NdisWan - ok
22:35:11.0764 2860        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:35:11.0795 2860        NDProxy - ok
22:35:11.0889 2860        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:35:11.0983 2860        NetBIOS - ok
22:35:12.0061 2860        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:35:12.0186 2860        NetBT - ok
22:35:12.0233 2860        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:35:12.0342 2860        NIC1394 - ok
22:35:12.0358 2860        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:35:12.0483 2860        Npfs - ok
22:35:12.0530 2860        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:35:12.0670 2860        Ntfs - ok
22:35:12.0811 2860        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:35:12.0936 2860        Null - ok
22:35:12.0998 2860        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:35:13.0123 2860        NwlnkFlt - ok
22:35:13.0186 2860        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:35:13.0311 2860        NwlnkFwd - ok
22:35:13.0389 2860        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:35:13.0514 2860        ohci1394 - ok
22:35:13.0545 2860        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
22:35:13.0686 2860        Parport - ok
22:35:13.0702 2860        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:35:13.0811 2860        PartMgr - ok
22:35:13.0889 2860        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
22:35:14.0014 2860        ParVdm - ok
22:35:14.0030 2860        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
22:35:14.0139 2860        PCI - ok
22:35:14.0155 2860        PCIDump - ok
22:35:14.0186 2860        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:35:14.0311 2860        PCIIde - ok
22:35:14.0358 2860        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:35:14.0483 2860        Pcmcia - ok
22:35:14.0545 2860        PDCOMP - ok
22:35:14.0577 2860        PDFRAME - ok
22:35:14.0608 2860        PDRELI - ok
22:35:14.0639 2860        PDRFRAME - ok
22:35:14.0670 2860        perc2 - ok
22:35:14.0795 2860        perc2hib - ok
22:35:14.0905 2860        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:35:15.0077 2860        PptpMiniport - ok
22:35:15.0092 2860        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:35:15.0202 2860        PSched - ok
22:35:15.0248 2860        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:35:15.0405 2860        Ptilink - ok
22:35:15.0467 2860        PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:35:15.0483 2860        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
22:35:15.0483 2860        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
22:35:15.0514 2860        ql1080 - ok
22:35:15.0545 2860        Ql10wnt - ok
22:35:15.0623 2860        ql12160 - ok
22:35:15.0686 2860        ql1240 - ok
22:35:15.0748 2860        ql1280 - ok
22:35:15.0780 2860        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:35:15.0952 2860        RasAcd - ok
22:35:15.0983 2860        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
22:35:16.0061 2860        Rasirda - ok
22:35:16.0123 2860        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:35:16.0248 2860        Rasl2tp - ok
22:35:16.0311 2860        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:35:16.0420 2860        RasPppoe - ok
22:35:16.0530 2860        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:35:16.0686 2860        Raspti - ok
22:35:16.0733 2860        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:35:16.0873 2860        Rdbss - ok
22:35:16.0905 2860        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:35:17.0061 2860        RDPCDD - ok
22:35:17.0108 2860        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:35:17.0123 2860        RDPWD - ok
22:35:17.0186 2860        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:35:17.0327 2860        redbook - ok
22:35:17.0420 2860        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
22:35:17.0577 2860        sdbus - ok
22:35:17.0717 2860        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:35:17.0873 2860        Secdrv - ok
22:35:17.0952 2860        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
22:35:18.0123 2860        serenum - ok
22:35:18.0217 2860        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
22:35:18.0327 2860        Serial - ok
22:35:18.0373 2860        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:35:18.0498 2860        Sfloppy - ok
22:35:18.0514 2860        Simbad - ok
22:35:18.0561 2860        SMCIRDA        (d03a4cdb1b089e3f6c23501339506e5e) C:\WINDOWS\system32\DRIVERS\smcirda.sys
22:35:18.0608 2860        SMCIRDA - ok
22:35:18.0702 2860        Sparrow - ok
22:35:18.0795 2860        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:35:18.0905 2860        splitter - ok
22:35:18.0952 2860        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
22:35:19.0061 2860        sr - ok
22:35:19.0155 2860        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:35:19.0217 2860        Srv - ok
22:35:19.0373 2860        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
22:35:19.0373 2860        ssmdrv - ok
22:35:19.0530 2860        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:35:19.0639 2860        swenum - ok
22:35:19.0686 2860        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:35:19.0811 2860        swmidi - ok
22:35:19.0842 2860        symc810 - ok
22:35:19.0873 2860        symc8xx - ok
22:35:19.0967 2860        SYMIDSCO - ok
22:35:20.0014 2860        sym_hi - ok
22:35:20.0045 2860        sym_u3 - ok
22:35:20.0123 2860        SynTP          (c9a1785cc0d7a040dd0fdbfeaa8be135) C:\WINDOWS\system32\DRIVERS\SynTP.sys
22:35:20.0155 2860        SynTP - ok
22:35:20.0233 2860        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:35:20.0389 2860        sysaudio - ok
22:35:20.0467 2860        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:35:20.0514 2860        Tcpip - ok
22:35:20.0577 2860        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:35:20.0686 2860        TDPIPE - ok
22:35:20.0748 2860        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:35:20.0873 2860        TDTCP - ok
22:35:20.0936 2860        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:35:21.0045 2860        TermDD - ok
22:35:21.0170 2860        tifm21 - ok
22:35:21.0217 2860        TosIde - ok
22:35:21.0342 2860        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:35:21.0467 2860        Udfs - ok
22:35:21.0467 2860        ultra - ok
22:35:21.0545 2860        UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Programme\Unlocker\UnlockerDriver5.sys
22:35:21.0577 2860        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
22:35:21.0577 2860        UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
22:35:21.0670 2860        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:35:21.0827 2860        Update - ok
22:35:21.0967 2860        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:35:22.0077 2860        usbehci - ok
22:35:22.0139 2860        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:35:22.0264 2860        usbhub - ok
22:35:22.0342 2860        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:35:22.0452 2860        USBSTOR - ok
22:35:22.0498 2860        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:35:22.0608 2860        usbuhci - ok
22:35:22.0686 2860        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:35:22.0795 2860        VgaSave - ok
22:35:22.0827 2860        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
22:35:22.0920 2860        ViaIde - ok
22:35:22.0936 2860        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
22:35:23.0045 2860        VolSnap - ok
22:35:23.0123 2860        vsdatant        (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
22:35:23.0139 2860        vsdatant - ok
22:35:23.0248 2860        w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:35:23.0373 2860        w39n51 - ok
22:35:23.0514 2860        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:35:23.0623 2860        Wanarp - ok
22:35:23.0670 2860        WDICA - ok
22:35:23.0780 2860        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:35:23.0889 2860        wdmaud - ok
22:35:23.0998 2860        WmiAcpi        (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
22:35:24.0108 2860        WmiAcpi - ok
22:35:24.0155 2860        MBR (0x1B8)    (14c6601bdcc8a8484143829f2700ed2c) \Device\Harddisk0\DR0
22:35:24.0545 2860        \Device\Harddisk0\DR0 - ok
22:35:24.0545 2860        Boot (0x1200)  (b1088af1e76728b3851fe432628123d7) \Device\Harddisk0\DR0\Partition0
22:35:24.0545 2860        \Device\Harddisk0\DR0\Partition0 - ok
22:35:24.0545 2860        Boot (0x1200)  (4e1aeec345ba321a7a82f3515b3bd77e) \Device\Harddisk0\DR0\Partition1
22:35:24.0545 2860        \Device\Harddisk0\DR0\Partition1 - ok
22:35:24.0545 2860        ============================================================
22:35:24.0545 2860        Scan finished
22:35:24.0545 2860        ============================================================
22:35:24.0561 2660        Detected object count: 15
22:35:24.0561 2660        Actual detected object count: 15
22:35:57.0233 2660        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0233 2660        CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0233 2660        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0233 2660        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0233 2660        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0233 2660        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0233 2660        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0248 2660        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0248 2660        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0264 2660        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0264 2660        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:35:57.0264 2660        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
22:35:57.0264 2660        UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:36:35.0248 2436        Deinitialize success
Unihide habe ich ausgeführt. Dadurch kam allerdings nichts zum Vorschein. Soll ich hierzu auch das Log-File posten?

cosinus 07.03.2012 00:23
Nein unhide braucht ich nicht. Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Picard 07.03.2012 10:26
Hallo Cosinus aka Arne,

habe CombiFix, wie von Dir beschrieben, durchgeführt. Fehlermeldungen traten keine auf. Wiederherstellungskonsole wurde installiert. Das lief relativ schnell ohne Probleme durch und das System läuft auch normal weiter.

Hier das ComboFix-Log:

Code:
ComboFix 12-03-06.01 - Jean-Luc Picard 07.03.2012  9:43.1.2 - x86
ausgeführt von:: c:\dokumente und einstellungen\Jean-Luc Picard\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_desktop.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\sponsoring\sponsor.html
c:\programme\xp-AntiSpy\sponsoring\sponsor.url
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\lsprst7.dll
c:\windows\system32\pcre3.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-07 bis 2012-03-07  ))))))))))))))))))))))))))))))
.
.
2012-03-06 19:13 . 2012-03-06 19:13        --------        d-----w-        C:\_OTL
2012-03-05 12:54 . 2012-03-05 12:56        --------        d-----w-        c:\programme\GMATPrep
2012-03-04 06:19 . 2012-03-04 06:19        --------        d-----w-        c:\programme\ESET
2012-03-02 13:45 . 2012-03-02 13:45        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Anwendungsdaten\Malwarebytes
2012-03-02 13:45 . 2012-03-02 13:45        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-03-02 13:45 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-02 13:45 . 2012-03-02 13:45        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-29 07:34 . 2012-02-29 07:34        --------        d-sh--w-        c:\windows\system32\config\systemprofile\IETldCache
2012-02-28 18:26 . 2012-03-07 07:52        --------        d-----w-        c:\programme\Emsisoft Anti-Malware
2012-02-26 19:12 . 2012-02-29 01:18        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Eigene Dateien
2012-02-26 02:11 . 2012-02-29 01:18        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2012-02-26 02:11 . 2012-02-29 01:18        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache
2012-02-22 13:21 . 2012-03-07 08:32        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Anwendungsdaten\Skype
2012-02-22 13:21 . 2012-02-29 01:34        --------        d-----w-        c:\programme\Gemeinsame Dateien\Skype
2012-02-22 13:21 . 2012-02-29 02:52        --------        d-----r-        c:\programme\Skype
2012-02-22 13:21 . 2012-02-29 00:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2012-02-21 07:44 . 2012-02-21 07:44        --------        d-----w-        c:\windows\system32\XPSViewer
2012-02-21 07:44 . 2012-02-29 02:50        --------        d-----w-        c:\programme\MSBuild
2012-02-21 07:43 . 2012-02-29 02:51        --------        d-----w-        c:\programme\Reference Assemblies
2012-02-21 07:43 . 2008-07-06 12:06        89088        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-02-21 07:43 . 2012-02-28 23:59        --------        d-----w-        C:\ccb551ccd1f98f9c15573c8f21
2012-02-21 07:43 . 2008-07-06 12:06        89088        ------w-        c:\windows\system32\dllcache\filterpipelineprintproc.dll
2012-02-21 07:43 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\xpsshhdr.dll
2012-02-21 07:43 . 2008-07-06 12:06        575488        ------w-        c:\windows\system32\dllcache\xpsshhdr.dll
2012-02-21 07:43 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\xpssvcs.dll
2012-02-21 07:43 . 2008-07-06 12:06        1676288        ------w-        c:\windows\system32\dllcache\xpssvcs.dll
2012-02-21 07:43 . 2008-07-06 12:06        117760        ------w-        c:\windows\system32\prntvpt.dll
2012-02-21 07:43 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2012-02-21 07:43 . 2008-07-06 10:50        597504        ------w-        c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2012-02-20 16:08 . 2012-02-29 01:34        --------        d-----w-        c:\programme\GiPo@Utilities
2012-02-20 16:08 . 2012-02-29 01:33        --------        d-----w-        c:\programme\Gemeinsame Dateien\Gibinsoft Shared
2012-02-20 15:49 . 2012-03-04 22:13        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
2012-02-20 15:45 . 2012-02-29 02:54        --------        d-----w-        c:\programme\Unlocker
2012-02-16 13:38 . 2012-02-16 13:38        476904        ----a-w-        c:\programme\Mozilla Firefox\plugins\npdeployJava1.dll
2012-02-16 13:38 . 2012-02-16 13:38        73728        ----a-w-        c:\windows\system32\javacpl.cpl
2012-02-15 08:07 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\iacenc.dll
2012-02-15 08:07 . 2012-01-11 19:06        3072        ------w-        c:\windows\system32\dllcache\iacenc.dll
2012-02-07 14:35 . 2012-02-29 00:00        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\.spss
2012-02-07 14:35 . 2012-02-29 00:51        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\IBM
2012-02-07 14:34 . 2012-02-29 00:52        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\javasharedresources
2012-02-07 13:55 . 2012-02-29 00:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
2012-02-07 13:55 . 2012-02-29 00:00        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SPSS
2012-02-07 13:53 . 2012-02-29 01:33        --------        d-----w-        c:\programme\Gemeinsame Dateien\IBM
2012-02-07 13:50 . 2012-02-29 01:35        --------        d-----w-        c:\programme\IBM
2012-02-07 13:50 . 2012-02-07 13:50        1025        ----a-w-        c:\windows\system32\sysprs7.dll
2012-02-07 09:02 . 2012-02-29 02:54        --------        d-----w-        c:\programme\uTorrent
2012-02-07 09:02 . 2012-02-29 00:29        --------        d-----w-        c:\dokumente und einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-19 12:19 . 2011-11-04 14:46        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 13:38 . 2011-11-04 11:13        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-15 17:35 . 2011-11-04 14:33        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-01-12 17:20 . 2004-08-04 08:00        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-08-04 08:00        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-04 08:00        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-04 08:00        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-04 08:00        385024        ----a-w-        c:\windows\system32\html.iec
2012-02-18 06:26 . 2012-01-19 09:13        134104        ----a-w-        c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mount.exe"="c:\programme\GiPo@Utilities\FileUtilities.3\mount.exe" [2008-04-11 374272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"PTHOSTTR"="c:\programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2010-06-17 370176]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2012-01-18 254696]
"emsisoft anti-malware"="c:\programme\emsisoft anti-malware\a2guard.exe" [2012-02-28 3360656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2011-11-5 110592]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PNotes.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\PNotes.lnk
backup=c:\windows\pss\PNotes.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03        293376        ------w-        c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2011-05-10 01:41        49208        ----a-w-        c:\programme\Hp\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-02-15 15:43        892928        ----a-w-        c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-02-07 09:02        737656        ----a-w-        c:\programme\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programme\\Activision Value\\World Series of Poker TOC\\WSOPTOC.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\IBM\\SPSS\\Statistics\\20\\WinWrapIDE.exe"=
"c:\\Programme\\IBM\\SPSS\\Statistics\\20\\stats.com"=
"c:\\Programme\\IBM\\SPSS\\Statistics\\20\\stats.exe"=
"c:\\Programme\\IBM\\SPSS\\Statistics\\20\\JRE\\bin\\javaw.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\programme\Emsisoft Anti-Malware\a2ddax86.sys [28.02.2012 19:26 17904]
R1 a2injectiondriver;a2injectiondriver;c:\programme\Emsisoft Anti-Malware\a2dix86.sys [28.02.2012 19:26 34768]
R1 a2util;a-squared Malware-IDS utility driver;c:\programme\Emsisoft Anti-Malware\a2util32.sys [28.02.2012 19:26 11776]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [04.11.2011 15:33 36000]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\programme\Emsisoft Anti-Malware\a2service.exe [28.02.2012 19:26 3048808]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [04.11.2011 15:33 86224]
R2 ServiceTimeSyncClient;Time-Sync Client;c:\programme\Time-Sync\TimeSyncServiceClient.exe [03.10.2009 16:42 878592]
R3 a2acc;a2acc;c:\programme\Emsisoft Anti-Malware\a2accx86.sys [28.02.2012 19:26 51632]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [15.02.2012 13:30 158856]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys --> c:\windows\system32\DRIVERS\gtipci21.sys [?]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 45965578
*NewlyCreated* - 55088780
*Deregistered* - 45965578
*Deregistered* - 55088780
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUN0407.EXE
AddRemove-Easy CD-DA Extractor 6.1 - c:\windows\iun6002.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-07 09:53
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe?????????t???????????????? ??4B??????????????hB??????t?
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-03-07  10:02:13
ComboFix-quarantined-files.txt  2012-03-07 09:02
.
Vor Suchlauf: 11 Verzeichnis(se), 34.471.854.080 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 34.480.828.416 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /noguiboot
.
- - End Of File - - E4B17DB4F643BBAE2DE60B4B2C8E959A
Danke und herzliche Grüße
Picard

cosinus 07.03.2012 12:02
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Picard 07.03.2012 21:39
Ok, Cosinus aka Arne,

meine Nerven liegen heute blank mit der ganzen Scannerei. Habe jetzt langsam keine Lust mehr. Habe wieder alle Scans, wie gewünscht, durchgeführt. Probleme gab es dabei keine. Hat nur sehr lange gedauert. Nach den Scans konnte ich irgendwie auf dem Desktop trotz mehrmaligem Neustart keine Objekte anklicken/auswählen (blau unterlegen, also nicht öffnen!) ohne dass es unendlich geladen hat. Rechter Mausklick und Auswahlmenü ging auch nicht. Bin dann in den Abgesicherten Modus und habe die heruntergeladenen Scan-Programme alle gelöscht. Jetzt geht es zum Glück wieder problemlos. Aber ich will durch die Aktionen echt nichts verschlimmern. Momentan läuft der Computer eigentlich gut und die Scans laufen auch reibungslos durch. Bei dem letzten wurde ein Error angezeigt und ein "suspicous" file. Das wird ja in den Logs ersichtlich sein. Ansonsten verlief alles ohne Komplikationen.

Hier die Log-files:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-07 20:12:59
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.892C
Running: us6k0rww.exe; Driver: C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\fxlyipoc.sys


---- System - GMER 1.0.15 ----

SSDT            9B777D3C                                                                                                      ZwClose
SSDT            9B777CF6                                                                                                      ZwCreateKey
SSDT            9B777D46                                                                                                      ZwCreateSection
SSDT            9B777CEC                                                                                                      ZwCreateThread
SSDT            9B777CFB                                                                                                      ZwDeleteKey
SSDT            9B777D05                                                                                                      ZwDeleteValueKey
SSDT            9B777D37                                                                                                      ZwDuplicateObject
SSDT            9B777D0A                                                                                                      ZwLoadKey
SSDT            9B777CD8                                                                                                      ZwOpenProcess
SSDT            9B777CDD                                                                                                      ZwOpenThread
SSDT            9B777D5F                                                                                                      ZwQueryValueKey
SSDT            9B777D14                                                                                                      ZwReplaceKey
SSDT            9B777D50                                                                                                      ZwRequestWaitReplyPort
SSDT            9B777D0F                                                                                                      ZwRestoreKey
SSDT            9B777D4B                                                                                                      ZwSetContextThread
SSDT            9B777D55                                                                                                      ZwSetSecurityObject
SSDT            9B777D00                                                                                                      ZwSetValueKey
SSDT            9B777D5A                                                                                                      ZwSystemDebugControl
SSDT            9B777CE7                                                                                                      ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile                                                          7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile                                                          7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtCreateFile + 4                                                      7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtDeleteValueKey                                                      7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtDeleteValueKey + 4                                                  7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenFile                                                            7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenFile + 4                                                        7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenProcess                                                          7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtOpenProcess + 4                                                      7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetContextThread                                                    7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetContextThread + 4                                                7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetValueKey                                                          7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] ntdll.dll!NtSetValueKey + 4                                                      7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\Explorer.EXE[808] kernel32.dll!LoadLibraryExW + C4                                                7C801BB9 4 Bytes  CALL 00CA0001
.text          C:\WINDOWS\Explorer.EXE[808] ADVAPI32.dll!CreateServiceA                                                      77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\Explorer.EXE[808] ADVAPI32.dll!CreateServiceW                                                      77E073A9 6 Bytes  JMP 71940F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!PostMessageW                                                          7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendMessageW                                                          7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!PostMessageA                                                          7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendInput                                                            7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendInput + 4                                                        7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!SendMessageA                                                          7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!mouse_event                                                          7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\Explorer.EXE[808] USER32.dll!keybd_event                                                          7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!GetAddrInfoW                                                          02B52899 6 Bytes  JMP 71760F5A
.text          C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!connect                                                              02B54A07 6 Bytes  JMP 717F0F5A
.text          C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!gethostbyname                                                        02B55355 6 Bytes  JMP 71790F5A
.text          C:\WINDOWS\Explorer.EXE[808] WS2_32.dll!listen                                                                02B58CD3 6 Bytes  JMP 717C0F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile                                    7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtCreateFile + 4                                7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtDeleteValueKey                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtDeleteValueKey + 4                            7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenFile                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenFile + 4                                  7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenProcess                                  7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtOpenProcess + 4                              7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetContextThread                              7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetContextThread + 4                          7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetValueKey                                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ntdll.dll!NtSetValueKey + 4                              7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] kernel32.dll!LoadLibraryExW + C4                          7C801BB9 4 Bytes  CALL 00B80001
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ADVAPI32.dll!CreateServiceA                              77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] ADVAPI32.dll!CreateServiceW                              77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!PostMessageW                                  7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendMessageW                                  7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!PostMessageA                                  7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendInput                                      7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendInput + 4                                  7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!SendMessageA                                  7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!mouse_event                                    7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\Analog Devices\Core\smax4pnp.exe[2108] USER32.dll!keybd_event                                    7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile                                            7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile                                            7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtCreateFile + 4                                        7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtDeleteValueKey                                        7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtDeleteValueKey + 4                                    7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenFile                                              7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenFile + 4                                          7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenProcess                                            7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtOpenProcess + 4                                        7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetContextThread                                      7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetContextThread + 4                                  7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetValueKey                                            7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ntdll.dll!NtSetValueKey + 4                                        7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] kernel32.dll!LoadLibraryExW + C4                                  7C801BB9 4 Bytes  CALL 009F0001
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ADVAPI32.dll!CreateServiceA                                        77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] ADVAPI32.dll!CreateServiceW                                        77E073A9 6 Bytes  JMP 71940F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!PostMessageW                                            7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendMessageW                                            7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!PostMessageA                                            7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendInput                                              7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendInput + 4                                          7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!SendMessageA                                            7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!mouse_event                                            7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\System32\DLA\DLACTRLW.EXE[2468] USER32.dll!keybd_event                                            7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile                                        7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile                                        7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtCreateFile + 4                                    7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtDeleteValueKey                                    7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtDeleteValueKey + 4                                7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenFile                                          7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenFile + 4                                      7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenProcess                                      7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtOpenProcess + 4                                  7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetContextThread                                  7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetContextThread + 4                              7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetValueKey                                      7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ntdll.dll!NtSetValueKey + 4                                  7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] kernel32.dll!LoadLibraryExW + C4                              7C801BB9 4 Bytes  CALL 00B20001
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!PostMessageW                                      7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendMessageW                                      7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!PostMessageA                                      7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendInput                                          7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendInput + 4                                      7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!SendMessageA                                      7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!mouse_event                                        7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] USER32.dll!keybd_event                                        7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ADVAPI32.dll!CreateServiceA                                  77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] ADVAPI32.dll!CreateServiceW                                  77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!GetAddrInfoW                                      016B2899 6 Bytes  JMP 71760F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!connect                                            016B4A07 6 Bytes  JMP 717F0F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!gethostbyname                                      016B5355 6 Bytes  JMP 71790F5A
.text          C:\Programme\Synaptics\SynTP\SynTPEnh.exe[2536] WS2_32.dll!listen                                            016B8CD3 6 Bytes  JMP 717C0F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile                                                  7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile                                                  7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtCreateFile + 4                                              7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtDeleteValueKey                                              7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtDeleteValueKey + 4                                          7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenFile                                                    7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenFile + 4                                                7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenProcess                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtOpenProcess + 4                                            7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetContextThread                                            7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetContextThread + 4                                        7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetValueKey                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ntdll.dll!NtSetValueKey + 4                                            7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] kernel32.dll!LoadLibraryExW + C4                                        7C801BB9 4 Bytes  CALL 00900001
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!PostMessageW                                                7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendMessageW                                                7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!PostMessageA                                                7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendInput                                                    7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendInput + 4                                                7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!SendMessageA                                                7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!mouse_event                                                  7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] USER32.dll!keybd_event                                                  7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ADVAPI32.dll!CreateServiceA                                            77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\system32\wscntfy.exe[3116] ADVAPI32.dll!CreateServiceW                                            77E073A9 6 Bytes  JMP 71940F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile                                                    7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile                                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtCreateFile + 4                                                7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtDeleteValueKey                                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtDeleteValueKey + 4                                            7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenFile                                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenFile + 4                                                  7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenProcess                                                  7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtOpenProcess + 4                                              7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetContextThread                                              7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetContextThread + 4                                          7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetValueKey                                                  7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ntdll.dll!NtSetValueKey + 4                                              7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] kernel32.dll!LoadLibraryExW + C4                                          7C801BB9 4 Bytes  CALL 00A10001
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!PostMessageW                                                  7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendMessageW                                                  7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!PostMessageA                                                  7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendInput                                                      7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendInput + 4                                                  7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!SendMessageA                                                  7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!mouse_event                                                    7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] USER32.dll!keybd_event                                                    7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ADVAPI32.dll!CreateServiceA                                              77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\system32\hkcmd.exe[3176] ADVAPI32.dll!CreateServiceW                                              77E073A9 6 Bytes  JMP 71940F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile                                                7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile                                                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtCreateFile + 4                                            7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtDeleteValueKey                                            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtDeleteValueKey + 4                                        7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenFile                                                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenFile + 4                                              7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenProcess                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtOpenProcess + 4                                            7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetContextThread                                          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetContextThread + 4                                      7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetValueKey                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ntdll.dll!NtSetValueKey + 4                                            7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] kernel32.dll!LoadLibraryExW + C4                                      7C801BB9 4 Bytes  CALL 003C0001
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!PostMessageW                                                7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendMessageW                                                7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!PostMessageA                                                7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendInput                                                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendInput + 4                                              7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!SendMessageA                                                7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!mouse_event                                                7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] USER32.dll!keybd_event                                                7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ADVAPI32.dll!CreateServiceA                                            77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\system32\igfxpers.exe[3184] ADVAPI32.dll!CreateServiceW                                            77E073A9 6 Bytes  JMP 71940F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile                                                7C91D0AE 1 Byte  [FF]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile                                                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtCreateFile + 4                                            7C91D0B2 2 Bytes  [87, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtDeleteValueKey                                            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtDeleteValueKey + 4                                        7C91D272 2 Bytes  [8D, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenFile                                                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenFile + 4                                              7C91D5A2 2 Bytes  [84, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenProcess                                                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtOpenProcess + 4                                            7C91D602 2 Bytes  [8A, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetContextThread                                          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetContextThread + 4                                      7C91DBB2 2 Bytes  [81, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetValueKey                                                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ntdll.dll!NtSetValueKey + 4                                            7C91DDD2 2 Bytes  [90, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] kernel32.dll!LoadLibraryExW + C4                                      7C801BB9 4 Bytes  CALL 009D0001
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!PostMessageW                                                7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendMessageW                                                7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!PostMessageA                                                7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendInput                                                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendInput + 4                                              7E37F144 2 Bytes  [A5, 71]
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!SendMessageA                                                7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!mouse_event                                                7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] USER32.dll!keybd_event                                                7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ADVAPI32.dll!CreateServiceA                                            77E07211 6 Bytes  JMP 71970F5A
.text          C:\WINDOWS\system32\igfxsrvc.exe[3252] ADVAPI32.dll!CreateServiceW                                            77E073A9 6 Bytes  JMP 71940F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile                                              7C91D0AE 1 Byte  [FF]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile                                              7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtCreateFile + 4                                          7C91D0B2 2 Bytes  [81, 71]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtDeleteValueKey                                          7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtDeleteValueKey + 4                                      7C91D272 2 Bytes  [87, 71]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenFile                                                7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenFile + 4                                            7C91D5A2 2 Bytes  [7E, 71] {JLE 0x73}
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenProcess                                            7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtOpenProcess + 4                                        7C91D602 2 Bytes  [84, 71]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetContextThread                                        7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetContextThread + 4                                    7C91DBB2 2 Bytes  [7B, 71] {JNP 0x73}
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetValueKey                                            7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ntdll.dll!NtSetValueKey + 4                                        7C91DDD2 2 Bytes  [8A, 71]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] kernel32.dll!LoadLibraryExW + C4                                    7C801BB9 4 Bytes  CALL 00A70001
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ADVAPI32.dll!CreateServiceA                                        77E07211 6 Bytes  JMP 71910F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] ADVAPI32.dll!CreateServiceW                                        77E073A9 6 Bytes  JMP 718E0F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!PostMessageW                                            7E368CCB 6 Bytes  JMP 71940F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendMessageW                                            7E37929A 6 Bytes  JMP 719A0F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!PostMessageA                                            7E37AAFD 6 Bytes  JMP 71970F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendInput                                                7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendInput + 4                                            7E37F144 2 Bytes  [9F, 71]
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!SendMessageA                                            7E37F3C2 6 Bytes  JMP 719D0F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!mouse_event                                              7E3B673F 6 Bytes  JMP 71A60F5A
.text          C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE[3276] USER32.dll!keybd_event                                              7E3B6783 6 Bytes  JMP 71A30F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile                7C91D0AE 1 Byte  [FF]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtCreateFile + 4            7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtDeleteValueKey            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtDeleteValueKey + 4        7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenFile                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenFile + 4              7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenProcess                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtOpenProcess + 4            7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetContextThread          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetContextThread + 4      7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetValueKey                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ntdll.dll!NtSetValueKey + 4            7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] kernel32.dll!LoadLibraryExW + C4      7C801BB9 4 Bytes  CALL 003F0001
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ADVAPI32.dll!CreateServiceA            77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] ADVAPI32.dll!CreateServiceW            77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!PostMessageW                7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendMessageW                7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!PostMessageA                7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendInput                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendInput + 4              7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!SendMessageA                7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!mouse_event                7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] USER32.dll!keybd_event                7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!GetAddrInfoW                00D62899 6 Bytes  JMP 717F0F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!connect                    00D64A07 6 Bytes  JMP 717C0F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!gethostbyname              00D65355 6 Bytes  JMP 71760F5A
.text          C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[3488] WS2_32.dll!listen                      00D68CD3 6 Bytes  JMP 71790F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile                7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile                7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtCreateFile + 4            7C91D0B2 2 Bytes  [81, 71]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtDeleteValueKey            7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtDeleteValueKey + 4        7C91D272 2 Bytes  [87, 71]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenFile                  7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenFile + 4              7C91D5A2 2 Bytes  [7E, 71] {JLE 0x73}
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenProcess                7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtOpenProcess + 4            7C91D602 2 Bytes  [84, 71]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetContextThread          7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetContextThread + 4      7C91DBB2 2 Bytes  [7B, 71] {JNP 0x73}
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetValueKey                7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ntdll.dll!NtSetValueKey + 4            7C91DDD2 2 Bytes  [8A, 71]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] kernel32.dll!LoadLibraryExW + C4      7C801BB9 4 Bytes  CALL 00B30001
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!PostMessageW                7E368CCB 6 Bytes  JMP 71940F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendMessageW                7E37929A 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!PostMessageA                7E37AAFD 6 Bytes  JMP 71970F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendInput                  7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendInput + 4              7E37F144 2 Bytes  [9F, 71]
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!SendMessageA                7E37F3C2 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!mouse_event                7E3B673F 6 Bytes  JMP 71A60F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] USER32.dll!keybd_event                7E3B6783 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ADVAPI32.dll!CreateServiceA            77E07211 6 Bytes  JMP 71910F5A
.text          C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3500] ADVAPI32.dll!CreateServiceW            77E073A9 6 Bytes  JMP 718E0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile                                    7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile                                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtCreateFile + 4                                7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtDeleteValueKey                                7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtDeleteValueKey + 4                            7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenFile                                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenFile + 4                                  7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenProcess                                    7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtOpenProcess + 4                                7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetContextThread                              7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetContextThread + 4                          7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetValueKey                                    7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ntdll.dll!NtSetValueKey + 4                                7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] kernel32.dll!LoadLibraryExW + C4                          7C801BB9 4 Bytes  CALL 00AB0001
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!PostMessageW                                    7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendMessageW                                    7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!PostMessageA                                    7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendInput                                      7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendInput + 4                                  7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!SendMessageA                                    7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!mouse_event                                    7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] USER32.dll!keybd_event                                    7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ADVAPI32.dll!CreateServiceA                                77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] ADVAPI32.dll!CreateServiceW                                77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!GetAddrInfoW                                    01352899 6 Bytes  JMP 717C0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!connect                                        01354A07 6 Bytes  JMP 71790F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!gethostbyname                                  01355355 6 Bytes  JMP 717F0F5A
.text          C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3620] WS2_32.dll!listen                                          01358CD3 6 Bytes  JMP 71760F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile                                            7C91D0AE 1 Byte  [FF]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile                                            7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtCreateFile + 4                                        7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtDeleteValueKey                                        7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtDeleteValueKey + 4                                    7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenFile                                              7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenFile + 4                                          7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenProcess                                            7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtOpenProcess + 4                                        7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetContextThread                                      7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetContextThread + 4                                  7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetValueKey                                            7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ntdll.dll!NtSetValueKey + 4                                        7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] kernel32.dll!LoadLibraryExW + C4                                  7C801BB9 4 Bytes  CALL 00A50001
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!PostMessageW                                            7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendMessageW                                            7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!PostMessageA                                            7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendInput                                              7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendInput + 4                                          7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!SendMessageA                                            7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!mouse_event                                            7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] USER32.dll!keybd_event                                            7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ADVAPI32.dll!CreateServiceA                                        77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\FreePDF_XP\fpassist.exe[3676] ADVAPI32.dll!CreateServiceW                                        77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile              7C91D0AE 1 Byte  [FF]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile              7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtCreateFile + 4          7C91D0B2 2 Bytes  [87, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtDeleteValueKey          7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtDeleteValueKey + 4      7C91D272 2 Bytes  [8D, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenFile                7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenFile + 4            7C91D5A2 2 Bytes  [84, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenProcess            7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtOpenProcess + 4        7C91D602 2 Bytes  [8A, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetContextThread        7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetContextThread + 4    7C91DBB2 2 Bytes  [81, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetValueKey            7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ntdll.dll!NtSetValueKey + 4        7C91DDD2 2 Bytes  [90, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] kernel32.dll!LoadLibraryExW + C4    7C801BB9 4 Bytes  CALL 003D0001
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!PostMessageW            7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendMessageW            7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!PostMessageA            7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendInput                7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendInput + 4            7E37F144 2 Bytes  [A5, 71]
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!SendMessageA            7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!mouse_event              7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] USER32.dll!keybd_event              7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ADVAPI32.dll!CreateServiceA        77E07211 6 Bytes  JMP 71970F5A
.text          C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\us6k0rww.exe[3816] ADVAPI32.dll!CreateServiceW        77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile            7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile            7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtCreateFile + 4        7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtDeleteValueKey        7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtDeleteValueKey + 4    7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenFile              7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenFile + 4          7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenProcess          7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtOpenProcess + 4      7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetContextThread      7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetContextThread + 4  7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetValueKey          7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ntdll.dll!NtSetValueKey + 4      7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] kernel32.dll!LoadLibraryExW + C4  7C801BB9 4 Bytes  CALL 003C0001
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!PostMessageW          7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendMessageW          7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!PostMessageA          7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendInput              7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendInput + 4          7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!SendMessageA          7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!mouse_event            7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] USER32.dll!keybd_event            7E3B6783 6 Bytes  JMP 71A90F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ADVAPI32.dll!CreateServiceA      77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe[3920] ADVAPI32.dll!CreateServiceW      77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile                    7C91D0AE 1 Byte  [FF]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile                    7C91D0AE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtCreateFile + 4                7C91D0B2 2 Bytes  [87, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtDeleteValueKey                7C91D26E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtDeleteValueKey + 4            7C91D272 2 Bytes  [8D, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenFile                      7C91D59E 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenFile + 4                  7C91D5A2 2 Bytes  [84, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenProcess                    7C91D5FE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtOpenProcess + 4                7C91D602 2 Bytes  [8A, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetContextThread              7C91DBAE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetContextThread + 4          7C91DBB2 2 Bytes  [81, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetValueKey                    7C91DDCE 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ntdll.dll!NtSetValueKey + 4                7C91DDD2 2 Bytes  [90, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] kernel32.dll!LoadLibraryExW + C4          7C801BB9 4 Bytes  CALL 00C70001
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ADVAPI32.dll!CreateServiceA                77E07211 6 Bytes  JMP 71970F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] ADVAPI32.dll!CreateServiceW                77E073A9 6 Bytes  JMP 71940F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!PostMessageW                    7E368CCB 6 Bytes  JMP 719A0F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendMessageW                    7E37929A 6 Bytes  JMP 71A00F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!PostMessageA                    7E37AAFD 6 Bytes  JMP 719D0F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendInput                      7E37F140 3 Bytes  [FF, 25, 1E]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendInput + 4                  7E37F144 2 Bytes  [A5, 71]
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!SendMessageA                    7E37F3C2 6 Bytes  JMP 71A30F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!mouse_event                    7E3B673F 6 Bytes  JMP 71AC0F5A
.text          C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[3980] USER32.dll!keybd_event                    7E3B6783 6 Bytes  JMP 71A90F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                      SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                      eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                        DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:23:49 on 07.03.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 10.0.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"ImageDrive.cpl" - "Ahead Software AG" - C:\WINDOWS\system32\ImageDrive.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"WACntlPnl.cpl" - "Hewlett-Packard Development Company, L.P." - C:\WINDOWS\system32\WACntlPnl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"ContentDirectory" - "Microsoft Corporation" - c:\programme\windows media connect\mswmccpl.dll
"PTHOST.CPL" - "HP" - C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOST.CPL
"QlbConfg" - ? - C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbConfg.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"a-squared Malware-IDS utility driver" (a2util) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2util32.sys
"A2 Direct Disk Access Support Driver" (A2DDA) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys
"a2acc" (a2acc) - "Emsi Software GmbH" - C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2accx86.sys
"a2injectiondriver" (a2injectiondriver) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2dix86.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"Cisco Systems IPsec Driver" (CVPNDRVA) - "Cisco Systems, Inc." - C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"fxlyipoc" (fxlyipoc) - ? - C:\DOKUME~1\JEAN-L~1\LOKALE~1\Temp\fxlyipoc.sys  (Hidden registry entry, rootkit activity | File not found)
"GTIPCI21" (GTIPCI21) - ? - C:\WINDOWS\System32\DRIVERS\gtipci21.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"SYMIDSCO" (SYMIDSCO) - ? - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20050901.036\symidsco.sys  (File not found)
"tifm21" (tifm21) - ? - C:\WINDOWS\System32\drivers\tifm21.sys  (File not found)
"vsdatant" (vsdatant) - "Zone Labs LLC" - C:\WINDOWS\system32\vsdatant.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{AB77609F-2178-4E6F-9C4B-44AC179D937A} "a-squared Anti-Malware Shell Extension" - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2contmenu.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} "SampleView" - "XSS" - C:\WINDOWS\system32\ShellvRTF.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Programme\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Klicke hier um das Projekt xp-AntiSpy zu unterstützen" - ? - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html  (File not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} "QuickStores-Toolbar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Autostart\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"mount.exe" - "Gibin Software House (hxxp://www.gibinsoft.net)" - C:\Programme\GiPo@Utilities\FileUtilities.3\mount.exe /z
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Cpqset" - ? - C:\Programme\HPQ\Default Settings\cpqset.exe  (File found, but it contains no detailed information)
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"emsisoft anti-malware" - "Emsi Software GmbH" - "c:\programme\emsisoft anti-malware\a2guard.exe" /d=60
"FreePDF Assistant" - "shbox.de" - C:\Programme\FreePDF_XP\fpassist.exe
"hpWirelessAssistant" - "Hewlett-Packard Development Company, L.P." - C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"NeroCheck" - "Ahead Software Gmbh" - C:\WINDOWS\system32\NeroCheck.exe
"PTHOSTTR" - "Hewlett-Packard Development Company, L.P." - C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
"QlbCtrl" - " Hewlett-Packard Development Company, L.P." - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"Recguard" - ? - C:\WINDOWS\Sminst\Recguard.exe
"Reminder" - ? - C:\WINDOWS\Creator\Remind_XP.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"WatchDog" - "InterVideo Inc." - C:\Programme\InterVideo\DVD Check\DVDCheck.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDF995 Monitor" - ? - C:\WINDOWS\system32\pdf995mon.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\WINDOWS\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
"Emsisoft Anti-Malware 6.0 - Service" (a2AntiMalware) - "Emsi Software GmbH" - C:\Programme\Emsisoft Anti-Malware\a2service.exe
"hpqwmiex" (hpqwmiex) - "Hewlett-Packard Development Company, L.P." - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"PC Angel" (PCA) - "SoftThinks" - C:\WINDOWS\SMINST\PCAngel.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Programme\Skype\Updater\Updater.exe
"Time-Sync Client" (ServiceTimeSyncClient) - "Speed-Soft" - C:\Programme\Time-Sync\TimeSyncServiceClient.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Media Connect (WMC)" (WmcCds) - "Microsoft Corporation" - c:\programme\windows media connect\mswmccds.exe
"Windows Media Connect-Hilfsprogramm" (WmcCdsLs) - "Microsoft Corporation" - C:\Programme\Windows Media Connect\mswmcls.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-07 20:29:27
-----------------------------
20:29:27.233    OS Version: Windows 5.1.2600 Service Pack 3
20:29:27.233    Number of processors: 2 586 0xE08
20:29:27.233    ComputerName: HAL9000L  UserName:
20:29:27.718    Initialize success
20:29:55.806    write error "aswEngin.dll". Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden.
20:30:11.806    AVAST engine download error: 0
20:30:11.806    AVAST engine error: -1
20:30:29.602    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:30:29.602    Disk 0 Vendor: FUJITSU_ 892C Size: 95396MB BusType: 3
20:30:29.727    Disk 0 MBR read successfully
20:30:29.727    Disk 0 MBR scan
20:30:29.727    Disk 0 unknown MBR code
20:30:29.774    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        87884 MB offset 63
20:30:29.836    Disk 0 Partition 2 00    0C    FAT32 LBA RECOVERY    7508 MB offset 179988543
20:30:29.883    Disk 0 scanning sectors +195365520
20:30:30.336    Disk 0 scanning C:\WINDOWS\system32\drivers
20:31:52.649    Service scanning
20:32:08.668    Modules scanning
20:33:29.064    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
20:33:41.907    Disk 0 trace - called modules:
20:33:41.954   
20:33:41.954    Scan finished successfully
20:33:55.079    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\MBR.dat"
20:33:55.095    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\aswMBR.txt"
Trotz der vielen Scans und der damit verbundenen unproduktiven Wartezeit, bin ich Dir natürlich für Deine Hilfe dankbar.

Herzliche Grüße
Picard


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:07 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129