Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg (https://www.trojaner-board.de/111624-tr-sirefef-bp-1-tr-crypt-xpack-gen-tr-rootkit-gen2-avira-bekommt-weg.html)

Swillswissen 15.03.2012 22:49
TR/Sirefef.BP.1, TR/Crypt.XPACK.Gen, TR/Rootkit.Gen2 und Avira bekommt es nicht weg
 
Hallo,

ich habe Avira Antivir und bei mir kam ganz oft die gleiche Meldung, dass etwas schädliches gefunden wurde. Die Auswahl "In Quarantäne verschieben" gab es nicht, deshalb habe ich "Entfernen" gedrückt. Gleichzeit hat sich ein Suchlauf gestartet. So ging das über eine Stunde... dann habe ich einen Suchlauf durch Antivir gemacht, der hat die vorherigen Viren/Trojaner alle immer noch gefunden (knapp 170 Dateien betroffen), dann ging es auch sie in Quarantäne zu verschieben. Leider wird aber weiterhin etwas gefunden, d.h. das ganze ist irgendwie immer noch nciht weg. Angezeigt wurde:
TR/Sirefef.BP.1 --> am öftesten
Tr/Crypt.XPACK.Gen --> selten
TR/Rootkit.Gen2 --> selten

Ich hab die verlangten Programme laufen lassen, hier das Ergebnis. Ich hoffe das passt so? Ich kenn mich mit solchen Programmen etc. sehr wenig aus... Danke für Hilfe!
Lg Swillswissen

Defogger:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:17 on 15/03/2012 (admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

DDS:

DDS Logfile:
Code:
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_29
Run by admin at 18:19:53 on 2012-03-15
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.321 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Programme\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\dokumente und einstellungen\all users\anwendungsdaten\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\programme\zonealarm\prxtbZon0.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
mRun: [Dell QuickSet] c:\programme\dell\quickset\quickset.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [NokiaMServer] c:\programme\gemeinsame dateien\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\programme\gemeinsame dateien\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\anwendungsdaten\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178992216781
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab
DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} - hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - hxxp://support.microsoft.com/mats/DiagWebControl.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D7C20709-6F15-4A19-A72B-64383BD5111B} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - component: c:\dokumente und einstellungen\admin\anwendungsdaten\mozilla\firefox\profiles\2hfot8x9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
.
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-10 36000]
R1 uigxrdr;uigxrdr;c:\windows\system32\drivers\uigxrdr.SYS [2010-12-12 148992]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\avira\antivir desktop\sched.exe [2011-11-10 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\programme\avira\antivir desktop\avguard.exe [2011-11-10 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-14 74640]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\gemeinsame dateien\sony ericsson\emma core\services\EmmaDeviceMgmt.exe [2010-7-1 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\gemeinsame dateien\sony ericsson\emma core\services\EmmaUpdateMgmt.exe [2010-7-1 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-6-29 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-6-29 27632]
S2 mclserviceatl;Mssqlserveradhelper;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 mcshield;Modemcsa;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 mksvirmonsvc;MREMPR5;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 navap;Vpctcom;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 pav_security;Fetnd5bv;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S2 vetmonnt;DFUBTUSB;c:\windows\system32\svchost.exe -k netsvcs [2004-8-18 14336]
S3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\drivers\o4501u.sys --> c:\windows\system32\drivers\O4501U.sys [?]
.
=============== Created Last 30 ================
.
2012-03-15 02:31:00        0        --sha-w-        c:\windows\system32\dds_log_ad13.cmd
2012-03-15 02:28:29        --------        d-sh--w-        c:\dokumente und einstellungen\admin\lokale einstellungen\anwendungsdaten\f4631c47
.
==================== Find3M  ====================
.
2012-02-16 16:45:11        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20:28        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43:23        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43:23        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43:23        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2008-12-01 16:30:46        12681040        -c--a-w-        c:\programme\mm20deu.exe
.
============= FINISH: 18:22:34,90 ===============
--- --- ---



Attach von DDS:

Code:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 13.04.2006 16:05:51
System Uptime: 15.03.2012 16:57:36 (2 hours ago)
.
Motherboard: Dell Inc. |  | 0RJ272
Processor: Intel(R) Celeron(R) M processor        1.50GHz | Microprocessor | 1496/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 34 GiB total, 2,286 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: Mehrfach-Kommunikationsanschluss
Device ID: ROOT\PORTS\0001
Manufacturer: (Standardanschlusstypen)
Name: Mehrfach-Kommunikationsanschluss (COM6)
PNP Device ID: ROOT\PORTS\0001
Service: Serial
.
Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
Description: ECP-Druckeranschluss
Device ID: ROOT\PORTS\0002
Manufacturer: (Standardanschlusstypen)
Name: ECP-Druckeranschluss (LPT3)
PNP Device ID: ROOT\PORTS\0002
Service: Parport
.
==== System Restore Points ===================
.
RP1715: 25.01.2012 22:22:43 - Systemprüfpunkt
RP1716: 27.01.2012 00:50:52 - Systemprüfpunkt
RP1717: 28.01.2012 11:25:16 - Systemprüfpunkt
RP1718: 29.01.2012 21:28:06 - Systemprüfpunkt
RP1719: 30.01.2012 21:39:47 - Systemprüfpunkt
RP1720: 31.01.2012 23:33:11 - Systemprüfpunkt
RP1721: 02.02.2012 00:19:50 - Systemprüfpunkt
RP1722: 03.02.2012 01:32:44 - Systemprüfpunkt
RP1723: 05.02.2012 15:33:36 - Systemprüfpunkt
RP1724: 06.02.2012 18:53:27 - Systemprüfpunkt
RP1725: 07.02.2012 20:04:25 - Systemprüfpunkt
RP1726: 08.02.2012 20:10:20 - Systemprüfpunkt
RP1727: 10.02.2012 00:06:21 - Systemprüfpunkt
RP1728: 12.02.2012 23:28:59 - Systemprüfpunkt
RP1729: 13.02.2012 23:54:53 - Systemprüfpunkt
RP1730: 15.02.2012 00:26:57 - Systemprüfpunkt
RP1731: 16.02.2012 01:05:51 - Systemprüfpunkt
RP1732: 17.02.2012 17:00:59 - Systemprüfpunkt
RP1733: 18.02.2012 23:43:00 - Software Distribution Service 3.0
RP1734: 20.02.2012 11:48:38 - Systemprüfpunkt
RP1735: 21.02.2012 18:35:48 - Systemprüfpunkt
RP1736: 22.02.2012 23:43:43 - Systemprüfpunkt
RP1737: 25.02.2012 14:31:50 - Systemprüfpunkt
RP1738: 26.02.2012 20:29:16 - Systemprüfpunkt
RP1739: 27.02.2012 20:33:23 - Systemprüfpunkt
RP1740: 28.02.2012 20:39:58 - Systemprüfpunkt
RP1741: 29.02.2012 23:15:18 - Systemprüfpunkt
RP1742: 01.03.2012 23:20:18 - Systemprüfpunkt
RP1743: 03.03.2012 11:19:53 - Systemprüfpunkt
RP1744: 04.03.2012 12:49:26 - Systemprüfpunkt
RP1745: 05.03.2012 21:32:46 - Systemprüfpunkt
RP1746: 06.03.2012 21:42:25 - Systemprüfpunkt
RP1747: 07.03.2012 21:45:38 - Systemprüfpunkt
RP1748: 08.03.2012 22:10:03 - Systemprüfpunkt
RP1749: 10.03.2012 13:06:38 - Systemprüfpunkt
RP1750: 11.03.2012 15:21:39 - Systemprüfpunkt
RP1751: 12.03.2012 18:12:14 - Systemprüfpunkt
RP1752: 13.03.2012 18:54:15 - Systemprüfpunkt
RP1753: 14.03.2012 19:32:25 - Systemprüfpunkt
.
==== Installed Programs ======================
.
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.0 - Deutsch
AliceHilfe
Apple Application Support
Apple Software Update
ARTEuro
Avanquest update
Avira Free Antivirus
Bonjour
Broadcom Management Programs
Compatibility Pack für 2007 Office System
Conexant HDA D110 MDC V.92 Modem
Dell CinePlayer
Dell Driver Reset Tool
Dell Support 3.1
Dell Support Center
Dell System Restore
Dell Wireless WLAN Card
DesignWorkshop Lite
Digital Line Detect
ElsterFormular für Privatanwender
Emma Core
F-pro 1.3
f4 3.0.3
Free Studio version 5.2.1
Free YouTube Download version 2.10.29
freenet.de Zugangssoftware
GMX Upload-Manager
High Definition Audio Driver Package - KB835221
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB2570791)
Hotfix für Windows XP (KB2633952)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976002-v5)
HP Color LaserJet 2820/2830/2840 2.0
HP OfficeJet T Series (Nur entfernen)
hppFaxUtility
hppIOFiles
hppManuals2800
hppscan2800
hppTooCool
Intel(R) Graphics Media Accelerator Driver for Mobile
Java Auto Updater
Java(TM) 6 Update 29
MCU
MediaManager
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 German Language Pack
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MicroStaff WINASPI
Modem Helper
Mozilla Firefox (2.0.0.20)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MVBdP Version 1.5.3
NetWaiting
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Olympus Digital Wave Player
OpenVPN 2.1.4
Ovi Desktop Sync Engine
OviMPlatform
PC Connectivity Solution
PDFCreator
QuickSet
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
ScanToWeb
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
SEMC OMSI Module
Sibelius Scorch (ActiveX Only)
Sicherheitsupdate für Microsoft Windows (KB2564958)
Sicherheitsupdate für Step by Step Interactive Training (KB898458)
Sicherheitsupdate für Step by Step Interactive Training (KB923723)
Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
Sicherheitsupdate für Windows Internet Explorer 7 (KB933566)
Sicherheitsupdate für Windows Internet Explorer 7 (KB937143)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2530548)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2544521)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2559049)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2586448)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2618444)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2647516)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB911564)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 11 (KB936782)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
Sicherheitsupdate für Windows Media Player 9 (KB911565)
Sicherheitsupdate für Windows Media Player 9 (KB917734)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476490)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2503665)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2507938)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB2535512)
Sicherheitsupdate für Windows XP (KB2536276-v2)
Sicherheitsupdate für Windows XP (KB2536276)
Sicherheitsupdate für Windows XP (KB2544893-v2)
Sicherheitsupdate für Windows XP (KB2544893)
Sicherheitsupdate für Windows XP (KB2555917)
Sicherheitsupdate für Windows XP (KB2562937)
Sicherheitsupdate für Windows XP (KB2566454)
Sicherheitsupdate für Windows XP (KB2567053)
Sicherheitsupdate für Windows XP (KB2567680)
Sicherheitsupdate für Windows XP (KB2570222)
Sicherheitsupdate für Windows XP (KB2570947)
Sicherheitsupdate für Windows XP (KB2584146)
Sicherheitsupdate für Windows XP (KB2585542)
Sicherheitsupdate für Windows XP (KB2592799)
Sicherheitsupdate für Windows XP (KB2598479)
Sicherheitsupdate für Windows XP (KB2603381)
Sicherheitsupdate für Windows XP (KB2618451)
Sicherheitsupdate für Windows XP (KB2619339)
Sicherheitsupdate für Windows XP (KB2620712)
Sicherheitsupdate für Windows XP (KB2624667)
Sicherheitsupdate für Windows XP (KB2631813)
Sicherheitsupdate für Windows XP (KB2633171)
Sicherheitsupdate für Windows XP (KB2639417)
Sicherheitsupdate für Windows XP (KB2646524)
Sicherheitsupdate für Windows XP (KB2660465)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923689)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.5
Sonic Activation Module
Sony Ericsson PC Suite 6.009.00
Synaptics Pointing Device Driver
Systemsteuerung "MobileMe"
T-Online Installationsdateien
TeamViewer 7
TextMaker Viewer
Uninstall 1.0.0.1
Update für Windows Internet Explorer 8 (KB971180)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB2541763)
Update für Windows XP (KB2607712)
Update für Windows XP (KB2616676-v2)
Update für Windows XP (KB2641690)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB955839)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update Service
WebFldrs XP
Wichtiges Update für Windows Media Player 11 (KB959772)
Wie man's spricht DEMO
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
Windows Communication Foundation Language Pack - DEU
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows PowerShell(TM) 1.0
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (DEU)
Windows Workflow Foundation DE Language Pack
Windows XP Service Pack 3
WinRAR
Wizard101(DE)
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
15.03.2012 06:37:50, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 06:24:26, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 06:11:42, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
15.03.2012 05:54:40, Informationen: Windows File Protection [64002]  - Es wurde versucht, die geschützte Systemdatei c:\windows\system32\drivers\mrxsmb.sys zu ersetzen. Diese Datei wurde von der Originalversion wiederhergestellt, um die Systemstabilität zu gewährleisten. Die Dateiversion der Systemdatei ist 5.1.2600.6133.
.
==== End Of File ===========================

GMER:

Code:
MER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-15 22:23:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapod.sys


---- System - GMER 1.0.15 ----

SSDT            F8C0306C                                                                                              ZwClose
SSDT            F8C03026                                                                                              ZwCreateKey
SSDT            F8C03076                                                                                              ZwCreateSection
SSDT            F8C0301C                                                                                              ZwCreateThread
SSDT            F8C0302B                                                                                              ZwDeleteKey
SSDT            F8C03035                                                                                              ZwDeleteValueKey
SSDT            F8C03067                                                                                              ZwDuplicateObject
SSDT            F8C0303A                                                                                              ZwLoadKey
SSDT            F8C03008                                                                                              ZwOpenProcess
SSDT            F8C0300D                                                                                              ZwOpenThread
SSDT            F8C0308F                                                                                              ZwQueryValueKey
SSDT            F8C03044                                                                                              ZwReplaceKey
SSDT            F8C03080                                                                                              ZwRequestWaitReplyPort
SSDT            F8C0303F                                                                                              ZwRestoreKey
SSDT            F8C0307B                                                                                              ZwSetContextThread
SSDT            F8C03085                                                                                              ZwSetSecurityObject
SSDT            F8C03030                                                                                              ZwSetValueKey
SSDT            F8C0308A                                                                                              ZwSystemDebugControl
SSDT            F8C03017                                                                                              ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          atapi.sys                                                                                            F8340852 1 Byte  [CC] {INT 3 }
?              C:\DOKUME~1\admin\LOKALE~1\Temp\mbr.sys                                                              Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\program files\real\realplayer\update\realsched.exe[3440] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                              SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Fastfat \Fat                                                                              A19C8D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                              fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \FileSystem\Cdfs \Cdfs                                                                                DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Threads - GMER 1.0.15 ----

Thread          System [4:116]                                                                                        82CE139F
Thread          System [4:120]                                                                                        82C6A0F4

---- Files - GMER 1.0.15 ----

File            C:\WINDOWS\$NtUninstallKB6107$\1412421291                                                            0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007                                                            0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\@                                                          2048 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\L                                                          0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\L\nnffsaqa                                                  456320 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\loader.tlb                                                  2632 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U                                                          0 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@00000001                                                45968 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000c0                                                2560 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cb                                                3072 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cf                                                1536 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@80000000                                                73728 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000c0                                                43008 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cb                                                25600 bytes
File            C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cf                                                31232 bytes

---- EOF - GMER 1.0.15 ----

Chris4You 15.03.2012 23:04
Hi,

da ist er ja, der kleine Schelm:
Code:
File C:\WINDOWS\$NtUninstallKB6107$\1412421291 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\L 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\L\nnffsaqa 456320 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U 0 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@80000000 73728 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000c0 43008 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cb 25600 bytes
File C:\WINDOWS\$NtUninstallKB6107$\4100136007\U\@800000cf 31232 bytes
Bevor ich mich jetzt verkünstele, CF runterladen, auf test.com umbenennen und laufen lassen...

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

Danach:
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (GMER - Rootkit Detector and Remover), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein. Stürzt GMER ab, bitte im abgesicherten Modus (F8 beim Booten) probieren!

chris

Swillswissen 16.03.2012 01:28
Kurze Frage:
Wie kann ich Avira Free Antivirus wirklich ausschalten? Ich habe den Echtzeitscanner ausgeschaltet, aber trotzden sagt ComboFix, das Antivir noch läuft.
Bei mir gibt es keine Zeile "Deaktivieren" wenn ich mit der rechten Maustaste auf das Symbol in der Taskleiste klicke!

Wäre über Hilfe dankbar...:glaskugel2: (So gehts nämlich sonst bald meinem PC, wenn ich immer nur Suche und nicht Finde...)

Chris4You 16.03.2012 12:06
Hi,

keine Angst, die Anweisung ist nur zur Sicherheit, eigentlich macht das CF alleine...

Gehe wie beschrieben vor...

chris

Swillswissen 17.03.2012 02:48
Hallo Chris,
danke für die Info. Ich bin dran, aber es dauert teilw. ja relativ lang und zwischendurch muss ich auch noch andere Dinge tun...

Unten der Zwischenstand. Es hat sich auch Avira nochmal gemeldet und zwar nach dem Scan von Malwarebytes. Die Namen: TR/ATRAPS.Gen2 und TR/Dropper.Gen8

Lg S

Combo Fix:

Code:
ComboFix 12-03-15.03 - admin 16.03.2012  2:22.3.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.95 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\test.com.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\X
c:\windows\IsUn0407.exe
c:\windows\system32\STEC3.sys
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_STEC3
-------\Service_STEC3
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-16 bis 2012-03-16  ))))))))))))))))))))))))))))))
.
.
2012-03-16 00:43 . 2008-04-14 01:49        188800        ----a-w-        c:\windows\system32\drivers\acpi.sys
2012-03-16 00:43 . 2008-04-14 01:49        188800        ----a-w-        c:\windows\system32\dllcache\acpi.sys
2012-03-15 02:31 . 2012-03-15 02:31        0        --sha-w-        c:\windows\system32\dds_log_ad13.cmd
2012-03-15 02:28 . 2012-03-16 01:54        --------        d-sh--w-        c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:35 . 2011-11-10 16:45        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-16 16:45 . 2011-05-18 12:37        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-18 12:05        1860096        ----a-w-        c:\windows\system32\win32k.sys
2011-12-17 19:43 . 2004-08-18 12:05        916992        ----a-w-        c:\windows\system32\wininet.dll
2011-12-17 19:43 . 2004-08-18 12:05        43520        ----a-w-        c:\windows\system32\licmgr10.dll
2011-12-17 19:43 . 2004-08-18 12:05        1469440        ------w-        c:\windows\system32\inetcpl.cpl
2008-12-01 16:30 . 2008-12-01 16:30        12681040        -c--a-w-        c:\programme\mm20deu.exe
2010-05-01 08:17 . 2007-02-02 14:08        67688        -c--a-w-        c:\programme\mozilla firefox\components\jar50.dll
2010-05-01 08:17 . 2007-02-02 14:08        54368        -c--a-w-        c:\programme\mozilla firefox\components\jsd3250.dll
2010-05-01 08:17 . 2008-03-22 06:53        34944        -c--a-w-        c:\programme\mozilla firefox\components\myspell.dll
2010-05-01 08:17 . 2008-03-22 06:53        46712        -c--a-w-        c:\programme\mozilla firefox\components\spellchk.dll
2010-05-01 08:17 . 2007-02-02 14:08        172136        -c--a-w-        c:\programme\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49        176936        ----a-w-        c:\programme\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-06 273528]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Philips SNU5600 Wireless USB-Adapter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Philips SNU5600 Wireless USB-Adapter.lnk
backup=c:\windows\pss\Philips SNU5600 Wireless USB-Adapter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OfficeJet T Series]
c:\programme\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet T Series\Install [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12        111936        -c--a-w-        c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 00:04        332800        -c--a-w-        c:\programme\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12        94208        -c----w-        c:\programme\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44        81920        -c--a-w-        c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 15:30        282624        -c--a-w-        c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56        761947        -c--a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\F-pro\\fscommand\\PipeBeama.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Programme\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\ipmgui.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [10.11.2011 17:45 36000]
R1 uigxrdr;uigxrdr;c:\windows\system32\drivers\uigxrdr.SYS [12.12.2010 22:32 148992]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [10.11.2011 17:45 86224]
R2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [01.07.2010 16:43 306296]
R2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [01.07.2010 16:43 162936]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [29.06.2010 03:49 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [29.06.2010 03:50 27632]
S3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\DRIVERS\O4501U.sys --> c:\windows\system32\DRIVERS\O4501U.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
dcsloader
AF15BDA
cdralw2k
df5serv
mfcom
WimFltr
tpkmpsvc
issimon
CcmExec
LXARScan
hwpsgt
mstdc
vmnetadapter
PPPoEWin
sptisrv
SE2Cbus
PCTINDIS5
smartwiservice
clmtomcatstartersvc
caili
vetmonnt
CSDriver
USBVCD
cxusb
fsma
upnp
vmusb
SE2Dobex
s125mdm
pop3d32
streamip
x10nets
nvraid
HpqRemHid
backupexecalertserver
pav_security
navap
hpt3xx
websensecamserver
se2Bnd5
epfw
PGPwded
roxmediadb
tcsd_win32.exe
WmBEnum
tvtnetwk
pdlncbas
kservice
mksvirmonsvc
F700isw
DCamUSBMke
EPOWER
SeratoUsb
IBMTPCHK
avidsdmservice
mcshield
AtiHdmiService
BsHelpCS
wg5n
keriomailserver
adiusbaw
lp6nds35
sisnic
WDM_YAMAHAAC97
cvspydr2
Maplom
nsvclog
hap16v2k
ptbsync
aiclient
o2flash
alcaudsl
ProcObsrv
tvtpktfilter
backupexecagentaccelerator
ARSVC
CAMCAUD
sandradatasrv
nchssvad
SenFiltService
hsf_msft
Rawwan
qbreminderflash
iwebmsg
vmparport
tifm
stac97
se45mgmt
zpnodecollector
tfsndrct
TuneUp.ProgramStatisticsSvc
Appn
igateway
se45obex
svcwrsssdk
imagedrv
EPSON_EB_RPCV4_01
raysat3_4_6_18server
dbmang
HPSLPSVC
NOWMEMDF
wsearch
lvckap
dklogger
nmindexingservice
armoucfltr
AlteraByteBlaster
mclserviceatl
w550bus
ndassvc
eskerlicensecontrol
websenseusagemonitor
bridgemp
btwusb
sony_ssm.sys
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-02-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-SunJavaUpdateSched - c:\programme\Java\jre6\bin\jusched.exe
MSConfigStartUp-TkBellExe - c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
AddRemove-HP OfficeJet T Series - c:\windows\ISUN0407.EXE
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-16 06:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(992)
c:\windows\System32\uigxnp.dll
.
- - - - - - - > 'explorer.exe'(2924)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\System32\uigxnp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
c:\windows\system32\HPZipm12.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16  07:06:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-16 06:06
ComboFix2.txt  2010-09-19 18:12
ComboFix3.txt  2010-09-18 19:43
.
Vor Suchlauf: 3.180.404.736 Bytes frei
Nach Suchlauf: 3.205.197.824 Bytes frei
.
- - End Of File - - 108371D433527CC2BB4C2B1FEE035E4A

Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.16.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
admin :: D614P62J [Administrator]

16.03.2012 18:00:04
mbam-log-2012-03-16 (18-00-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 282830
Laufzeit: 7 Stunde(n), 16 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Qoobox\Quarantine\C\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\X.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Chris4You 17.03.2012 13:10
Hi,

ComboFix-Script
Die nachfolgenden Zeilen (ohne Zitat!) abkopieren und in den Windows-Editor(start->Programme->zubehör->edior)
kopieren und auf dem Desktop unter dem Namen "CFScript.txt" speichern (ohne Anführungszeichen!).
Code:

Folder::
C:\WINDOWS\$NtUninstallKB6107$\4100136007
C:\WINDOWS\$NtUninstallKB6107$\1412421291
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
Danach die CFScript.txt mit der Mause anklicken und gedrückt halten und über dem ComboFix-Symbol fallen lassen
(Maustaste loslassen, nennt man "Drag-and-Drop";o).
Jetzt sollte combofix starten und das script ausführen, poste das combofix-Log!

Lass danach GMER nochmal laufen und poste das Log...

chris

Swillswissen 18.03.2012 14:07
Hallo,
das mit dem ComboSkript habe ich jetzt noch nicht gemacht. Hier aber die Berichte von OTL. GMER hat von sich aus nichts gemeldet. Dann bin ich auf den Reiter Rootkit und habe den Scan gemacht. Ich hoffe das ist die richtige Info die ich hier poste, konnte nämlich nicht auf Speichern unter, aber bin auf copy gegangen.

Lg S

:dankeschoen:

Code:
OTL logfile created on: 17.03.2012 02:50:48 - Run 2
OTL by OldTimer - Version 3.2.37.1    Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,37 Mb Total Physical Memory | 227,14 Mb Available Physical Memory | 45,12% Memory free
1,21 Gb Paging File | 0,72 Gb Available in Paging File | 59,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 2,91 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
 
Computer Name: D614P62J | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Programme\Dell\QuickSet\preflibcl.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (zpnodecollector) -- %systemroot%\system32\stunnel.dll File not found
SRV - (x10nets) -- %systemroot%\system32\stac97.dll File not found
SRV - (wsearch) -- %systemroot%\system32\sfloppy.dll File not found
SRV - (WmBEnum) -- %systemroot%\system32\s24eventmonitor.dll File not found
SRV - (WimFltr) -- %systemroot%\system32\sbpci.dll File not found
SRV - (wg5n) -- %systemroot%\system32\caisafe.dll File not found
SRV - (websenseusagemonitor) -- %systemroot%\system32\pavagente.dll File not found
SRV - (WDM_YAMAHAAC97) -- %systemroot%\system32\zppinger.dll File not found
SRV - (w550bus) -- %systemroot%\system32\lanmanworkstation.dll File not found
SRV - (vmusb) -- %systemroot%\system32\sysenforce.dll File not found
SRV - (vmparport) -- %systemroot%\system32\GTF32BUS.dll File not found
SRV - (vmnetadapter) -- %systemroot%\system32\ftpds.dll File not found
SRV - (vetmonnt) -- %systemroot%\system32\ialm.dll File not found
SRV - (USBVCD) -- %systemroot%\system32\p3.dll File not found
SRV - (upnp) -- %systemroot%\system32\pcidump.dll File not found
SRV - (tvtpktfilter) -- %systemroot%\system32\mdc8021x.dll File not found
SRV - (tvtnetwk) -- %systemroot%\system32\alcxsens.dll File not found
SRV - (TuneUp.ProgramStatisticsSvc) -- %systemroot%\system32\adihdaudaddservice.dll File not found
SRV - (tpkmpsvc) -- %systemroot%\system32\secdrv.dll File not found
SRV - (tifm) -- %systemroot%\system32\bdftdif.dll File not found
SRV - (tfsndrct) -- %systemroot%\system32\cqcpu.dll File not found
SRV - (tcsd_win32.exe) -- %systemroot%\system32\LVCap138.dll File not found
SRV - (svcwrsssdk) -- %systemroot%\system32\WINUSB.dll File not found
SRV - (streamip) -- %systemroot%\system32\ibmfilter.dll File not found
SRV - (stac97) -- %systemroot%\system32\p2k.dll File not found
SRV - (sony_ssm.sys) -- %systemroot%\system32\soma.dll File not found
SRV - (smartwiservice) -- %systemroot%\system32\adfs.dll File not found
SRV - (sisnic) -- %systemroot%\system32\tphkdrv.dll File not found
SRV - (SeratoUsb) -- %systemroot%\system32\advantage.dll File not found
SRV - (se45obex) -- %systemroot%\system32\procexp100.dll File not found
SRV - (se45mgmt) -- %systemroot%\system32\mssql$microsoftsmlbiz.dll File not found
SRV - (SE2Dobex) -- %systemroot%\system32\tsp.dll File not found
SRV - (SE2Cbus) -- %systemroot%\system32\aolavupd.dll File not found
SRV - (se2Bnd5) -- %systemroot%\system32\roxupnprenderer.dll File not found
SRV - (sandradatasrv) -- %systemroot%\system32\TryAndDecideService.dll File not found
SRV - (s125mdm) -- %systemroot%\system32\regservice.dll File not found
SRV - (roxmediadb) -- %systemroot%\system32\tifm.dll File not found
SRV - (raysat3_4_6_18server) -- %systemroot%\system32\fsbwsys.dll File not found
SRV - (Rawwan) -- %systemroot%\system32\tossmbnt.dll File not found
SRV - (qbreminderflash) -- %systemroot%\system32\sr.dll File not found
SRV - (ptbsync) -- %systemroot%\system32\pcradminserver.dll File not found
SRV - (ProcObsrv) -- %systemroot%\system32\inotask.dll File not found
SRV - (PPPoEWin) -- %systemroot%\system32\SE26bus.dll File not found
SRV - (pop3d32) -- %systemroot%\system32\kwatchsvc.dll File not found
SRV - (PGPwded) -- %systemroot%\system32\tnidriver.dll File not found
SRV - (pdlncbas) -- %systemroot%\system32\avg7rsxp.dll File not found
SRV - (PCTINDIS5) -- %systemroot%\system32\bdfsfltr.dll File not found
SRV - (pav_security) -- %systemroot%\system32\NVXBAR.dll File not found
SRV - (o2flash) -- %systemroot%\system32\naveng.dll File not found
SRV - (nvraid) -- %systemroot%\system32\symids.dll File not found
SRV - (nsvclog) -- %systemroot%\system32\MSW_USB.dll File not found
SRV - (NOWMEMDF) -- %systemroot%\system32\backupexecdevicemediaservice.dll File not found
SRV - (ndassvc) -- %systemroot%\system32\EPSON_EB_RPCV4_01.dll File not found
SRV - (navap) -- %systemroot%\system32\dac960nt.dll File not found
SRV - (mksvirmonsvc) -- %systemroot%\system32\imagedrv.dll File not found
SRV - (mfcom) -- %systemroot%\system32\lxcf_device.dll File not found
SRV - (mcshield) -- %systemroot%\system32\rt2500usb.dll File not found
SRV - (mclserviceatl) -- %systemroot%\system32\nnsvc.dll File not found
SRV - (Maplom) -- %systemroot%\system32\filemon701.dll File not found
SRV - (LXARScan) -- %systemroot%\system32\pid_0928.dll File not found
SRV - (lvckap) -- %systemroot%\system32\NVR0FLASHDev.dll File not found
SRV - (lp6nds35) -- %systemroot%\system32\mldserv.dll File not found
SRV - (kservice) -- %systemroot%\system32\Wuser32.dll File not found
SRV - (keriomailserver) -- %systemroot%\system32\eskerlicensecontrol.dll File not found
SRV - (iwebmsg) -- %systemroot%\system32\spbbcsvc.dll File not found
SRV - (issimon) -- %systemroot%\system32\netw4x32.dll File not found
SRV - (imagedrv) -- %systemroot%\system32\zd1211u(zydas).dll File not found
SRV - (igateway) -- %systemroot%\system32\UxTuneUp.dll File not found
SRV - (IBMTPCHK) -- %systemroot%\system32\ctxcpuusync.dll File not found
SRV - (hwpsgt) -- %systemroot%\system32\enecbpth.dll File not found
SRV - (hsf_msft) -- %systemroot%\system32\aha154x.dll File not found
SRV - (hpt3xx) -- %systemroot%\system32\alcxwdm.dll File not found
SRV - (HPSLPSVC) -- %systemroot%\system32\WmHidLo.dll File not found
SRV - (HpqRemHid) -- %systemroot%\system32\rchost.dll File not found
SRV - (fsma) -- %systemroot%\system32\usbhub.dll File not found
SRV - (F700isw) -- %systemroot%\system32\tosrfnds.dll File not found
SRV - (eskerlicensecontrol) -- %systemroot%\system32\CTERFXFX.DLL.dll File not found
SRV - (EPSON_EB_RPCV4_01) -- %systemroot%\system32\pdlnepkt.dll File not found
SRV - (EPOWER) -- %systemroot%\system32\JRAID.dll File not found
SRV - (epfw) -- %systemroot%\system32\P17xfi.dll File not found
SRV - (dklogger) -- %systemroot%\system32\idsvc.dll File not found
SRV - (df5serv) -- %systemroot%\system32\EU3_USB.dll File not found
SRV - (dcsloader) -- %systemroot%\system32\avgclean.dll File not found
SRV - (DCamUSBMke) -- %systemroot%\system32\ESMCR.dll File not found
SRV - (dbmang) -- %systemroot%\system32\aexnsclient.dll File not found
SRV - (cvspydr2) -- %systemroot%\system32\ssfs0509.dll File not found
SRV - (CSDriver) -- %systemroot%\system32\omniusb.dll File not found
SRV - (clmtomcatstartersvc) -- %systemroot%\system32\pae_1394.dll File not found
SRV - (cdralw2k) -- %systemroot%\system32\cachemanxp.dll File not found
SRV - (CcmExec) -- %systemroot%\system32\dtsrvc.dll File not found
SRV - (CAMCAUD) -- %systemroot%\system32\MTDVC2_ENUM.dll File not found
SRV - (caili) -- %systemroot%\system32\scan.dll File not found
SRV - (btwusb) -- %systemroot%\system32\SNP2STD.dll File not found
SRV - (BsHelpCS) -- %systemroot%\system32\cavasm.dll File not found
SRV - (bridgemp) -- %systemroot%\system32\w300mdm.dll File not found
SRV - (backupexecalertserver) -- %systemroot%\system32\MTsensor.dll File not found
SRV - (backupexecagentaccelerator) -- %systemroot%\system32\ncupdatesvc.dll File not found
SRV - (avidsdmservice) -- %systemroot%\system32\s7oppitx.dll File not found
SRV - (AtiHdmiService) -- %systemroot%\system32\bdrsdrv.dll File not found
SRV - (ARSVC) -- %systemroot%\system32\advservice.dll File not found
SRV - (armoucfltr) -- %systemroot%\system32\jobserver_report.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AlteraByteBlaster) -- %systemroot%\system32\mvserver.dll File not found
SRV - (alcaudsl) -- %systemroot%\system32\SGIR.dll File not found
SRV - (aiclient) -- %systemroot%\system32\scsk4.dll File not found
SRV - (AF15BDA) -- %systemroot%\system32\vhidmini.dll File not found
SRV - (adiusbaw) -- %systemroot%\system32\3combootp.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (EmmaDevMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (EmmaUpdMgmtSvc) -- C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe (Sony Ericsson Mobile Communications)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ZDPSp50) -- System32\Drivers\ZDPSp50.sys File not found
DRV - (WN4501HLFZZ) -- system32\DRIVERS\O4501U.sys File not found
DRV - (Winsock - Google Desktop Search Backup Before Last Install) --  File not found
DRV - (Winsock - Google Desktop Search Backup Before First Install) --  File not found
DRV - (WDICA) --  File not found
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (GEARAspiWDM) -- System32\Drivers\GEARAspiWDM.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\test.com\catchme.sys File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (uigxrdr) -- C:\WINDOWS\system32\drivers\uigxrdr.SYS (1&1 Mail & Media GmbH)
DRV - (tap0901) -- C:\WINDOWS\system32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (BCMWLNPF) -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS (CACE Technologies)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (VNUSB) -- C:\WINDOWS\system32\drivers\VNUSB.sys (OLYMPUS IMAGING CORP.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (k750obex) -- C:\WINDOWS\system32\drivers\k750obex.sys (MCCI)
DRV - (k750mgmt) -- C:\WINDOWS\system32\drivers\k750mgmt.sys (MCCI)
DRV - (k750mdm) -- C:\WINDOWS\system32\drivers\k750mdm.sys (MCCI)
DRV - (k750mdfl) -- C:\WINDOWS\system32\drivers\k750mdfl.sys (MCCI)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS\system32\drivers\k750bus.sys (MCCI)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (SDDMI2) -- C:\WINDOWS\system32\DDMI2.sys (Gteko Ltd.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {557255DC-41E7-4BD8-89DF-5C32C27CF95E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{557255DC-41E7-4BD8-89DF-5C32C27CF95E}: "URL" = hxxp://de.forestle.org/search.php?q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2611275
IE - HKCU\..\SearchScopes\{EB130F25-A656-412D-8E99-B31F4345EF0B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.06 11:44:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.06 11:44:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.13 14:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.10.01 11:29:18 | 000,000,000 | ---D | M]
 
[2012.03.16 17:53:22 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions
[2009.12.23 18:49:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.06 14:57:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.07.03 07:00:11 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2011.01.17 05:26:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.16 17:53:23 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.10.24 10:18:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\extensions\staged-xpis
[2012.03.16 17:53:01 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\searchplugins\sweetim.xml
[2011.10.21 12:47:13 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.26 21:31:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.18 09:55:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.06 11:51:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.09.14 14:45:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.21 12:47:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2008.03.22 07:53:12 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\Programme\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2010.10.22 16:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2008.03.22 07:53:12 | 000,000,000 | ---D | M] (Real Networks Settings) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT
File not found (No name found) -- C:\PROGRAMME\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010.09.26 21:30:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\PDFCREATOR TOOLBAR\V3.3.0.1\FIREFOX
[2010.05.01 09:17:20 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jar50.dll
[2010.05.01 09:17:20 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\jsd3250.dll
[2010.05.01 09:17:20 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\myspell.dll
[2010.05.01 09:17:26 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\spellchk.dll
[2010.05.01 09:17:26 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\xpinstal.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.01 09:18:01 | 000,001,525 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.05.01 09:18:01 | 000,001,063 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010.05.01 09:18:01 | 000,000,998 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.05.01 09:18:01 | 000,000,815 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Forestle (de) ()
CHR - default_search_provider: search_url = hxxp://de.forestle.org/search.php?q={searchTerms}
CHR - default_search_provider: suggest_url =
 
O1 HOSTS File: ([2012.03.16 02:57:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Programme\ZoneAlarm\prxtbZon0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178992216781 (MUWebControl Class)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab (EPSON Web Printer-SelfTest Control Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} hxxp://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.18 13:18:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.16 17:59:20 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.03.16 17:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.03.16 17:56:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.16 17:56:15 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.16 17:54:29 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.16 17:52:33 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2012.03.16 17:52:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2012.03.16 17:50:00 | 000,333,616 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Dokumente und Einstellungen\admin\Desktop\SweetImSetup.exe
[2012.03.16 01:43:31 | 000,188,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acpi.sys
[2012.03.15 23:47:39 | 004,436,988 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\test.com.exe
[2012.03.15 18:19:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\dds.com
[2012.03.15 05:38:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.03.15 03:28:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
[2012.03.12 02:39:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\Wizard101
[2012.03.10 09:48:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Desktop\Neuer Ordner (2)
[10 C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.17 02:41:14 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL.exe
[2012.03.17 02:27:43 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.03.17 02:16:30 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
[2012.03.17 02:15:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.17 02:15:08 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.16 21:52:01 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
[2012.03.16 17:56:29 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.16 17:54:29 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\admin\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.16 17:50:02 | 000,333,616 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Dokumente und Einstellungen\admin\Desktop\SweetImSetup.exe
[2012.03.16 17:40:06 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.03.16 02:57:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.03.15 23:57:02 | 000,001,425 | ---- | M] () -- C:\WINDOWS\HPOCSS05.INI
[2012.03.15 23:57:02 | 000,000,564 | ---- | M] () -- C:\WINDOWS\HPOTBX05.INI
[2012.03.15 23:57:02 | 000,000,118 | ---- | M] () -- C:\WINDOWS\HPODJC05.INI
[2012.03.15 23:47:42 | 004,436,988 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\test.com.exe
[2012.03.15 18:30:19 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\vnfkzi98.exe
[2012.03.15 18:19:21 | 000,607,260 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\admin\Desktop\dds.com
[2012.03.15 18:17:26 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.03.15 18:15:52 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\Defogger.exe
[2012.03.15 03:31:00 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012.03.12 19:46:44 | 000,200,704 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.10 12:29:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.03.03 12:01:12 | 000,157,595 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\SchriftInPfade2.pdf
[2012.02.19 09:35:06 | 000,344,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.19 00:13:34 | 000,464,894 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.19 00:13:34 | 000,446,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.19 00:13:34 | 000,087,098 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.19 00:13:34 | 000,073,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.18 23:53:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.17 15:35:11 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.16 17:45:11 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.16 17:56:28 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.15 18:30:17 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\vnfkzi98.exe
[2012.03.15 18:17:26 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\defogger_reenable
[2012.03.15 18:15:51 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\Defogger.exe
[2012.03.15 03:31:00 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\System32\dds_log_ad13.cmd
[2012.03.08 17:24:07 | 000,157,595 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\SchriftInPfade2.pdf
[2011.11.07 23:08:47 | 000,098,344 | ---- | C] () -- C:\WINDOWS\unTMV.exe
[2011.03.17 23:04:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2010.12.01 02:07:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.11 08:37:32 | 000,001,071 | ---- | C] () -- C:\WINDOWS\AVAK.INI
[2010.09.18 20:08:45 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.09.18 20:08:45 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.09.18 20:08:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.09.18 20:08:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.09.18 20:08:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.08 20:39:22 | 000,000,118 | ---- | C] () -- C:\WINDOWS\HPODJC05.INI
[2010.06.08 20:38:52 | 000,001,425 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2010.06.08 20:38:52 | 000,000,564 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2010.06.08 20:31:20 | 000,000,065 | ---- | C] () -- C:\WINDOWS\opleinst.ini
[2010.06.08 20:31:18 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\hpocnt05.dll
[2010.06.08 20:31:18 | 000,000,970 | ---- | C] () -- C:\WINDOWS\hpoio05.ini
[2010.05.27 21:40:19 | 000,000,122 | ---- | C] () -- C:\WINDOWS\telephon.ini

< End of report >

Code:
OTL Extras logfile created on: 17.03.2012 02:50:48 - Run 2
OTL by OldTimer - Version 3.2.37.1    Folder = C:\Dokumente und Einstellungen\admin\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
503,37 Mb Total Physical Memory | 227,14 Mb Available Physical Memory | 45,12% Memory free
1,21 Gb Paging File | 0,72 Gb Available in Paging File | 59,65% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 34,17 Gb Total Space | 2,91 Gb Free Space | 8,53% Space Free | Partition Type: NTFS
 
Computer Name: D614P62J | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Programme\MSN Messenger\msncall.exe" = C:\Programme\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\F-pro\fscommand\PipeBeama.exe" = C:\Programme\F-pro\fscommand\PipeBeama.exe:*:Enabled:PipeBeama -- (www.webmechaniker.de)
"C:\Programme\Sony Ericsson\Update Service\Update Service.exe" = C:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe" = C:\Programme\Sony Ericsson\SEMC OMSI Module\SEMC OMSI Module.exe:*:Enabled:SEMC OMSI Module -- ()
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\OpenVPN\bin\openvpn.exe" = C:\Programme\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn -- ()
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Avira\AntiVir Desktop\avnotify.exe" = C:\Programme\Avira\AntiVir Desktop\avnotify.exe:*:Enabled:Avira Notification Tool -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\ipmgui.exe" = C:\Programme\Avira\AntiVir Desktop\ipmgui.exe:*:Enabled:Avira In Product Messaging -- (Avira Operations GmbH & Co. KG)
"C:\Programme\Avira\AntiVir Desktop\avcenter.exe" = C:\Programme\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:Avira Control Center -- (Avira Operations GmbH & Co. KG)
"C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" = C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe:*:Enabled:SweetPacksUpdateManager -- (SweetIM Technologies Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}" = SweetIM for Messenger 3.6
"{1030DCDC-2425-407d-BEE1-13558B837FCA}" = HP Color LaserJet 2820/2830/2840 2.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{384A291D-1138-4218-A41B-87CBAE22CFBA}" = hppFaxUtility
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{548EEA8E-8299-497F-8057-811D2D7097DC}" = Dell Support 3.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59073DF9-3D3D-4FFC-AF41-C2C268A1A31E}" = hppTooCool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7D7F2CB5-F9A4-4E86-853D-1BADD936DDAD}" = hppscan2800
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8043D1B8-81AE-4597-AAA8-1E1F49D6E4DF}" = hppManuals2800
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A28F43DA-258F-42EC-9C95-E6C9A7475670}" = hppIOFiles
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{B8C54AB1-7E1A-40E8-B794-EDB6E8921F3A}" = Dell Support Center
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D460F2F5-645E-489F-AB9A-DEB24C47C2B5}" = T-Online Installationsdateien
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{FB697452-8CA4-46B4-98B1-165C922A2EF3}" = Update Manager for SweetPacks 1.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE3F3C9B-2C29-4FEE-A74F-11E436729F2C}" = Scan
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AliceHilfe 1.0.0.1" = AliceHilfe
"Avira AntiVir Desktop" = Avira Free Antivirus
"BdP Mitgliederverwaltung_is1" = MVBdP Version 1.5.3
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DesignWorkshop Lite" = DesignWorkshop Lite
"ElsterFormular für Privatanwender 12.3.2.6814p" = ElsterFormular für Privatanwender
"f4" = f4 3.0.3
"F-pro" = F-pro 1.3
"Free Studio_is1" = Free Studio version 5.2.1
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"freenet.de Zugangssoftware" = freenet.de Zugangssoftware
"GMX Upload-Manager" = GMX Upload-Manager
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MediaManager" = MediaManager
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Suite" = Nokia Ovi Suite
"OpenVPN" = OpenVPN 2.1.4
"RealPlayer 12.0" = RealPlayer
"SEMC OMSI Module" = SEMC OMSI Module
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"TextMaker Viewer" = TextMaker Viewer
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Wie man's spricht DEMO" = Wie man's spricht DEMO
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Wizard101(DE)_is1" = Wizard101(DE)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.03.2012 19:22:36 | Computer Name = D614P62J | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
 Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
 
Error - 15.03.2012 20:59:21 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 15.03.2012 22:08:48 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 09:07:20 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:07:20 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:36:59 | Computer Name = D614P62J | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 16.03.2012 09:44:32 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 21:16:51 | Computer Name = D614P62J | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 16.03.2012 21:20:22 | Computer Name = D614P62J | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
Error - 16.03.2012 21:22:04 | Computer Name = D614P62J | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
 
[ System Events ]
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:41 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:23:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
Error - 16.03.2012 21:51:43 | Computer Name = D614P62J | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
 
Error - 16.03.2012 21:51:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
 Fehler beendet: 2250 (0x8CA).
 
Error - 16.03.2012 21:51:46 | Computer Name = D614P62J | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
 
< End of report >

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-18 14:03:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Cdfs \Cdfs                                                                                          DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device          \FileSystem\Fastfat \Fat                                                                                        A00E8D20
Device          \FileSystem\Fastfat \Fat                                                                                        A0100631

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text          C:\program files\real\realplayer\update\realsched.exe[3584] kernel32.dll!SetUnhandledExceptionFilter            7C84495D 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]  [451F1ACB] C:\Programme\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW]    5F0E0000
IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW]  5F0E0000
IAT            C:\Programme\Internet Explorer\iexplore.exe[252] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW]  5F0E0000

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Internet Explorer\iexplore.exe[252] ADVAPI32.dll!RegOpenKeyExW                                      77DA6AAF 6 Bytes  JMP 5F040F5A
.text          C:\Programme\Internet Explorer\iexplore.exe[252] ADVAPI32.dll!RegQueryValueExW                                  77DA6FFF 6 Bytes  JMP 5F0A0F5A
.text          C:\Programme\Internet Explorer\iexplore.exe[252] kernel32.dll!LoadLibraryExW + C4                                7C801BB9 4 Bytes  CALL 03AC0001
.text          C:\Programme\Internet Explorer\iexplore.exe[252] ole32.dll!CoCreateInstance                                      774CF1BC 5 Bytes  JMP 4126DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] ole32.dll!OleLoadFromStream                                    774F983B 5 Bytes  JMP 41365717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CallNextHookEx                                      7E37B3C6 5 Bytes  JMP 4125D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateDialogParamA                                  7E38C7DB 5 Bytes  JMP 03F6D020 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateDialogParamW                                  7E36EA3B 5 Bytes  JMP 03F6CEA0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!CreateWindowExW                                      7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxIndirectParamA                              7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxIndirectParamW                              7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxParamA                                      7E38B144 5 Bytes  JMP 03F6D110 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!DialogBoxParamW                                      7E3747AB 5 Bytes  JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxA                                          7E3A07EA 5 Bytes  JMP 03F6D380 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxExA                                        7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxExW                                        7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxIndirectA                                  7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxIndirectW                                  7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!MessageBoxW                                          7E3B6534 5 Bytes  JMP 03F6D460 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!SetWindowsHookExW                                    7E37820F 5 Bytes  JMP 41269AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!TrackPopupMenu                                      7E3B531E 5 Bytes  JMP 03F6C180 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!TrackPopupMenuEx                                    7E3BCF62 5 Bytes  JMP 03F6C2E0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[252] USER32.dll!UnhookWindowsHookEx                                  7E37D5F3 5 Bytes  JMP 411D4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueA                                      77DCC79E 5 Bytes  JMP 0450CA90 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueExA                                    77DAEAE7 7 Bytes  JMP 0450CC10 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueExW                                    77DAD767 7 Bytes  JMP 0450CCD0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] ADVAPI32.dll!RegSetValueW                                      77E06116 5 Bytes  JMP 0450CB50 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateDialogParamA                                  7E38C7DB 5 Bytes  JMP 0450D020 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateDialogParamW                                  7E36EA3B 5 Bytes  JMP 0450CEA0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!CreateWindowExW                                    7E37D0A3 5 Bytes  JMP 4126DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamA                            7E3A6D7D 5 Bytes  JMP 41365412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxIndirectParamW                            7E382072 5 Bytes  JMP 413653AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamA                                    7E38B144 5 Bytes  JMP 0450D110 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!DialogBoxParamW                                    7E3747AB 5 Bytes  JMP 0450D200 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxA                                        7E3A07EA 5 Bytes  JMP 0450D380 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExA                                      7E3A085C 5 Bytes  JMP 41365214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxExW                                      7E3A0838 5 Bytes  JMP 413651B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectA                                7E38A082 5 Bytes  JMP 413652E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxIndirectW                                7E3B64D5 5 Bytes  JMP 41365276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!MessageBoxW                                        7E3B6534 5 Bytes  JMP 0450D460 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!TrackPopupMenu                                      7E3B531E 5 Bytes  JMP 0450C180 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)
.text          C:\Programme\Internet Explorer\iexplore.exe[4040] USER32.dll!TrackPopupMenuEx                                    7E3BCF62 5 Bytes  JMP 0450C2E0 C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\ZoneAlarm\tbZon0.dll (Conduit Toolbar/Conduit Ltd.)

---- System - GMER 1.0.15 ----

SSDT            F8ABA4E8                                                                                                        ZwOpenProcess
SSDT            F8ABA4ED                                                                                                        ZwOpenThread
SSDT            F8ABA4F7                                                                                                        ZwTerminateProcess
SSDT            F8ABA4FC                                                                                                        ZwCreateThread
SSDT            F8ABA506                                                                                                        ZwCreateKey
SSDT            F8ABA50B                                                                                                        ZwDeleteKey
SSDT            F8ABA510                                                                                                        ZwSetValueKey
SSDT            F8ABA515                                                                                                        ZwDeleteValueKey
SSDT            F8ABA51A                                                                                                        ZwLoadKey
SSDT            F8ABA51F                                                                                                        ZwRestoreKey
SSDT            F8ABA524                                                                                                        ZwReplaceKey
SSDT            F8ABA547                                                                                                        ZwDuplicateObject
SSDT            F8ABA54C                                                                                                        ZwClose
SSDT            F8ABA556                                                                                                        ZwCreateSection
SSDT            F8ABA55B                                                                                                        ZwSetContextThread
SSDT            F8ABA560                                                                                                        ZwRequestWaitReplyPort
SSDT            F8ABA565                                                                                                        ZwSetSecurityObject
SSDT            F8ABA56A                                                                                                        ZwSystemDebugControl
SSDT            F8ABA56F                                                                                                        ZwQueryValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 256C                                                                            80501DA4 4 Bytes  CALL E748C94D
?              ynaprijt.sys                                                                                                    Das System kann die angegebene Datei nicht finden. !

---- EOF - GMER 1.0.15 ----

Swillswissen 18.03.2012 18:54
So, hallo!

Hier nun das Log von dem SFScript und Gmer. Gmer hat von sich aus gesucht, nur relativ kurz, und danach bin ich wieder auf copy und das füge ich hier ein. Ist das ok oder soll ich da was ausführlicheres machen?

So, dann hab ich glaub erstmal alles abgearbeitet - ich hoffe der Trojaner ist so langsam weg... oder ich warte auf weitere Tips ;-) Wenn ich wieder unbedenklich Emails verschicken kann etc. sag mir bescheid!

Lg S

Code:
ComboFix 12-03-17.01 - admin 18.03.2012  14:29:46.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.503.225 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\admin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\admin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47
c:\dokumente und einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\@
c:\dokumente und einstellungen\admin\WINDOWS
c:\windows\$NtUninstallKB6107$\4100136007
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-18 bis 2012-03-18  ))))))))))))))))))))))))))))))
.
.
2012-03-16 16:59 . 2012-03-17 01:27        40776        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-16 16:56 . 2012-03-16 16:56        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-03-16 16:56 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-16 16:52 . 2012-03-16 16:54        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\SweetIM
2012-03-16 16:52 . 2012-03-16 16:53        --------        d-----w-        c:\programme\SweetIM
2012-03-16 00:43 . 2008-04-14 01:49        188800        ----a-w-        c:\windows\system32\drivers\acpi.sys
2012-03-16 00:43 . 2008-04-14 01:49        188800        ----a-w-        c:\windows\system32\dllcache\acpi.sys
2012-03-15 02:31 . 2012-03-15 02:31        0        --sha-w-        c:\windows\system32\dds_log_ad13.cmd
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 14:35 . 2011-11-10 16:45        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-02-16 16:45 . 2011-05-18 12:37        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-18 12:05        1860096        ----a-w-        c:\windows\system32\win32k.sys
2008-12-01 16:30 . 2008-12-01 16:30        12681040        -c--a-w-        c:\programme\mm20deu.exe
2010-05-01 08:17 . 2007-02-02 14:08        67688        -c--a-w-        c:\programme\mozilla firefox\components\jar50.dll
2010-05-01 08:17 . 2007-02-02 14:08        54368        -c--a-w-        c:\programme\mozilla firefox\components\jsd3250.dll
2010-05-01 08:17 . 2008-03-22 06:53        34944        -c--a-w-        c:\programme\mozilla firefox\components\myspell.dll
2010-05-01 08:17 . 2008-03-22 06:53        46712        -c--a-w-        c:\programme\mozilla firefox\components\spellchk.dll
2010-05-01 08:17 . 2007-02-02 14:08        172136        -c--a-w-        c:\programme\mozilla firefox\components\xpinstal.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-03-16_05.49.58  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-17 01:16 . 2012-03-17 01:16        16384              c:\windows\Temp\Perflib_Perfdata_2b0.dat
+ 2012-03-16 16:53 . 2012-03-16 16:53        10134              c:\windows\Installer\{2F603A45-D956-496B-81B5-50D782424976}\ARPPRODUCTICON.exe
+ 2012-03-16 16:52 . 2012-03-16 16:52        10134              c:\windows\Installer\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}\ARPPRODUCTICON.exe
+ 2012-03-16 16:53 . 2012-03-16 16:53        1417728              c:\windows\Installer\b022d0.msi
+ 2012-03-16 16:53 . 2012-03-16 16:53        1839104              c:\windows\Installer\b022cb.msi
+ 2012-03-16 16:52 . 2012-03-16 16:52        1947136              c:\windows\Installer\b022c6.msi
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2012-01-15 130864]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
2011-05-09 09:49        176936        ----a-w-        c:\programme\ZoneAlarm\prxtbZon0.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-01-15 11:27        1330480        ----a-w-        c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\programme\ZoneAlarm\prxtbZon0.dll" [2011-05-09 176936]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-01-15 1330480]
.
[HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"Dell QuickSet"="c:\programme\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-06 273528]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SweetIM"="c:\programme\SweetIM\Messenger\SweetIM.exe" [2012-02-16 114992]
"Sweetpacks Communicator"="c:\programme\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Philips SNU5600 Wireless USB-Adapter.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Philips SNU5600 Wireless USB-Adapter.lnk
backup=c:\windows\pss\Philips SNU5600 Wireless USB-Adapter.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP OfficeJet T Series]
c:\programme\Hewlett-Packard\HP OfficeJet T Series\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet T Series\Install [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07        843712        ----a-r-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51        37296        ----a-w-        c:\programme\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-09-03 18:12        111936        -c--a-w-        c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2005-05-15 00:04        332800        -c--a-w-        c:\programme\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12        94208        -c----w-        c:\programme\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44        81920        -c--a-w-        c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-24 15:30        282624        -c--a-w-        c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-11-29 03:56        761947        -c--a-w-        c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\F-pro\\fscommand\\PipeBeama.exe"=
"c:\\Programme\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Programme\\Sony Ericsson\\SEMC OMSI Module\\SEMC OMSI Module.exe"=
"c:\\Programme\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avnotify.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\ipmgui.exe"=
"c:\\Programme\\Avira\\AntiVir Desktop\\avcenter.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Programme\\SweetIM\\Communicator\\SweetPacksUpdateManager.exe"=
.
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WN4501HLFZZ;802.11g Wireless USB Adapter;c:\windows\system32\DRIVERS\O4501U.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 uigxrdr;uigxrdr;c:\windows\system32\DRIVERS\uigxrdr.sys [2010-11-19 148992]
S2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 EmmaDevMgmtSvc;Emma Device Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe [2010-07-01 306296]
S2 EmmaUpdMgmtSvc;Emma Update Management;c:\programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe [2010-07-01 162936]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-03-17 40776]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - uwdyapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
NETSVCS BENÖTIGT REPARATUR - Derzeitig vorhandene Einträge:
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
ERSvc
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Messenger
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
dcsloader
AF15BDA
cdralw2k
df5serv
mfcom
WimFltr
tpkmpsvc
issimon
CcmExec
LXARScan
hwpsgt
mstdc
vmnetadapter
PPPoEWin
sptisrv
SE2Cbus
PCTINDIS5
smartwiservice
clmtomcatstartersvc
caili
vetmonnt
CSDriver
USBVCD
cxusb
fsma
upnp
vmusb
SE2Dobex
s125mdm
pop3d32
streamip
x10nets
nvraid
HpqRemHid
backupexecalertserver
pav_security
navap
hpt3xx
websensecamserver
se2Bnd5
epfw
PGPwded
roxmediadb
tcsd_win32.exe
WmBEnum
tvtnetwk
pdlncbas
kservice
mksvirmonsvc
F700isw
DCamUSBMke
EPOWER
SeratoUsb
IBMTPCHK
avidsdmservice
mcshield
AtiHdmiService
BsHelpCS
wg5n
keriomailserver
adiusbaw
lp6nds35
sisnic
WDM_YAMAHAAC97
cvspydr2
Maplom
nsvclog
hap16v2k
ptbsync
aiclient
o2flash
alcaudsl
ProcObsrv
tvtpktfilter
backupexecagentaccelerator
ARSVC
CAMCAUD
sandradatasrv
nchssvad
SenFiltService
hsf_msft
Rawwan
qbreminderflash
iwebmsg
vmparport
tifm
stac97
se45mgmt
zpnodecollector
tfsndrct
TuneUp.ProgramStatisticsSvc
Appn
igateway
se45obex
svcwrsssdk
imagedrv
EPSON_EB_RPCV4_01
raysat3_4_6_18server
dbmang
HPSLPSVC
NOWMEMDF
wsearch
lvckap
dklogger
nmindexingservice
armoucfltr
AlteraByteBlaster
mclserviceatl
w550bus
ndassvc
eskerlicensecontrol
websenseusagemonitor
bridgemp
btwusb
sony_ssm.sys
Rasman
Remoteaccess
Schedule
Seclogon
SENS
Sharedaccess
SRService
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
wscsvc
xmlprov
BITS
wuauserv
ShellHWDetection
helpsvc
WmdmPmSN
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2012-03-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
2012-03-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 12:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Free YouTube Download - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Web-Suche - c:\programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
FF - ProfilePath - c:\dokumente und einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\2hfot8x9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://de.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-18 15:05
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]
"7040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(984)
c:\windows\System32\uigxnp.dll
c:\windows\system32\igfxdev.dll
.
Zeit der Fertigstellung: 2012-03-18  15:16:20
ComboFix-quarantined-files.txt  2012-03-18 14:15
ComboFix2.txt  2010-09-19 18:12
ComboFix3.txt  2010-09-18 19:43
.
Vor Suchlauf: 3.066.425.344 Bytes frei
Nach Suchlauf: 3.083.739.136 Bytes frei
.
- - End Of File - - 5CE973E98BA5BCCC5232E9F0EC0A085D

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit quick scan 2012-03-18 18:05:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 Hitachi_HTS541040G9AT00 rev.MB2OA61A
Running: vnfkzi98.exe; Driver: C:\DOKUME~1\admin\LOKALE~1\Temp\uwdyapob.sys


---- System - GMER 1.0.15 ----

Code            \??\C:\DOKUME~1\admin\LOKALE~1\Temp\catchme.sys  pIofCallDriver

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Fastfat \Fat                        fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1          SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----

Chris4You 18.03.2012 20:19
Hi,

Du solltest Neuaufsetzen, war/ist hochgradig verseucht, inkl. Backdoor...
UIUSYS.SYS, jede Menge Reste alter Infektionen...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
[2012.03.15 03:28:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47

:REG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = dword:0x00

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

OSAM
Prüft Programme/Treiber die gestartet werden online.
Folge den Anweisungen hier http://www.trojaner-board.de/84180-a...n-manager.html zur Erstellung eines Logs und poste das hier in Deinem Thread.

aswMBR
Folge den Anweisungen hier.
Kurzanleitung:
Von http://filepony.de/download-aswmbr/ die aswMBR.exe runterladen und auf dem Desktop speichern.
  • Doppelklick auf die aswMBR.exe.
  • Scan-Button anklicken
  • Bootsectoren (MBR) etc. werden nun untersucht.....
  • Log speichern und im Thread posten

Zur Sicherheit: Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch auf 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

Swillswissen 18.03.2012 22:59
Hi Chris,

du schreibst ich muss neu aufsetzen, aber gleichzeitig viele neue Schritte wie ich die Trojaner los bekomme - muss ich dann doch nicht neu aufsetzen? Oder die Schritte machen und dann aber trotzdem neu aufsetzen?

Ich mach mich mal dran... danke schonmal...

Lg S

Swillswissen 18.03.2012 23:57
Hallo,

ich habe OTL laufen lassen. Währenddessen wollte es einen Neustart, den habe ich gemacht. Danach ging nur das Textfenster auf mit folgenden Daten. Einen Ordner %systemroot%\_OTL habe ich nicht finden können...
Lg S


Code:
All processes killed
========== OTL ==========
Service UIUSys stopped successfully!
Service UIUSys deleted successfully!
File  system32\DRIVERS\UIUSYS.SYS File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Folder C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\f4631c47\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled" | dword:0x00 /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: admin
->Temp folder emptied: 20054 bytes
->Temporary Internet Files folder emptied: 45933197 bytes
->Java cache emptied: 6465143 bytes
->FireFox cache emptied: 4494756 bytes
->Google Chrome cache emptied: 6923019 bytes
->Apple Safari cache emptied: 576512 bytes
->Flash cache emptied: 1186 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 300 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62,00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.37.1 log created on 03182012_232911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Swillswissen 19.03.2012 00:28
Und hier TDSS:

Code:
0:15:53.0171 3692        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
00:15:53.0343 3692        ============================================================
00:15:53.0343 3692        Current date / time: 2012/03/19 00:15:53.0343
00:15:53.0343 3692        SystemInfo:
00:15:53.0343 3692       
00:15:53.0343 3692        OS Version: 5.1.2600 ServicePack: 3.0
00:15:53.0343 3692        Product type: Workstation
00:15:53.0343 3692        ComputerName: D614P62J
00:15:53.0343 3692        UserName: admin
00:15:53.0343 3692        Windows directory: C:\WINDOWS
00:15:53.0343 3692        System windows directory: C:\WINDOWS
00:15:53.0343 3692        Processor architecture: Intel x86
00:15:53.0343 3692        Number of processors: 1
00:15:53.0343 3692        Page size: 0x1000
00:15:53.0343 3692        Boot type: Normal boot
00:15:53.0343 3692        ============================================================
00:15:56.0750 3692        Drive \Device\Harddisk0\DR0 - Size: 0x950A60000 (37.26 Gb), SectorSize: 0x200, Cylinders: 0x1300, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:15:56.0750 3692        \Device\Harddisk0\DR0:
00:15:56.0750 3692        MBR used
00:15:56.0750 3692        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2738A, BlocksNum 0x445892D
00:15:56.0843 3692        Initialize success
00:15:56.0843 3692        ============================================================
00:16:48.0718 1164        ============================================================
00:16:48.0718 1164        Scan started
00:16:48.0718 1164        Mode: Manual; SigCheck; TDLFS;
00:16:48.0718 1164        ============================================================
00:16:50.0406 1164        Abiosdsk - ok
00:16:50.0921 1164        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:16:59.0234 1164        abp480n5 - ok
00:16:59.0953 1164        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:17:00.0609 1164        ACPI - ok
00:17:01.0093 1164        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:17:01.0281 1164        ACPIEC - ok
00:17:01.0921 1164        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:17:02.0125 1164        adpu160m - ok
00:17:02.0718 1164        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:17:02.0890 1164        aec - ok
00:17:03.0484 1164        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:17:03.0578 1164        AFD - ok
00:17:04.0093 1164        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:17:04.0296 1164        agp440 - ok
00:17:04.0812 1164        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:17:05.0000 1164        agpCPQ - ok
00:17:05.0671 1164        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:17:05.0750 1164        Aha154x - ok
00:17:06.0265 1164        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:17:06.0515 1164        aic78u2 - ok
00:17:07.0046 1164        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:17:07.0218 1164        aic78xx - ok
00:17:07.0718 1164        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:17:07.0890 1164        AliIde - ok
00:17:08.0468 1164        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:17:08.0671 1164        alim1541 - ok
00:17:09.0203 1164        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:17:09.0437 1164        amdagp - ok
00:17:09.0921 1164        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:17:10.0015 1164        amsint - ok
00:17:10.0546 1164        APPDRV          (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:17:10.0578 1164        APPDRV ( UnsignedFile.Multi.Generic ) - warning
00:17:10.0578 1164        APPDRV - detected UnsignedFile.Multi.Generic (1)
00:17:11.0218 1164        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:17:11.0421 1164        asc - ok
00:17:11.0968 1164        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:17:12.0046 1164        asc3350p - ok
00:17:12.0531 1164        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:17:12.0718 1164        asc3550 - ok
00:17:13.0250 1164        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:17:13.0468 1164        AsyncMac - ok
00:17:14.0015 1164        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:17:14.0203 1164        atapi - ok
00:17:14.0671 1164        Atdisk - ok
00:17:15.0187 1164        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:17:15.0390 1164        Atmarpc - ok
00:17:15.0875 1164        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:17:16.0046 1164        audstub - ok
00:17:16.0656 1164        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
00:17:17.0312 1164        avgntflt - ok
00:17:18.0031 1164        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\WINDOWS\system32\DRIVERS\avipbb.sys
00:17:18.0046 1164        avipbb - ok
00:17:18.0562 1164        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\WINDOWS\system32\DRIVERS\avkmgr.sys
00:17:18.0578 1164        avkmgr - ok
00:17:19.0437 1164        BCM43XX        (b89bcf0a25aeb3b47030ac83287f894a) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:17:19.0890 1164        BCM43XX - ok
00:17:20.0484 1164        bcm4sbxp        (c768c8a463d32c219ce291645a0621a4) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
00:17:20.0640 1164        bcm4sbxp - ok
00:17:21.0171 1164        BCMWLNPF        (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
00:17:21.0187 1164        BCMWLNPF ( UnsignedFile.Multi.Generic ) - warning
00:17:21.0187 1164        BCMWLNPF - detected UnsignedFile.Multi.Generic (1)
00:17:21.0687 1164        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:17:21.0906 1164        Beep - ok
00:17:22.0125 1164        catchme - ok
00:17:22.0625 1164        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:17:22.0812 1164        cbidf - ok
00:17:23.0296 1164        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:17:23.0484 1164        cbidf2k - ok
00:17:23.0984 1164        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:17:24.0078 1164        cd20xrnt - ok
00:17:24.0671 1164        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:17:24.0859 1164        Cdaudio - ok
00:17:25.0406 1164        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:17:25.0656 1164        Cdfs - ok
00:17:26.0187 1164        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:17:26.0390 1164        Cdrom - ok
00:17:26.0859 1164        Changer - ok
00:17:27.0406 1164        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:17:27.0609 1164        CmBatt - ok
00:17:28.0109 1164        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:17:28.0312 1164        CmdIde - ok
00:17:28.0812 1164        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:17:28.0984 1164        Compbatt - ok
00:17:29.0531 1164        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:17:29.0765 1164        Cpqarray - ok
00:17:30.0484 1164        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:17:30.0734 1164        dac2w2k - ok
00:17:31.0218 1164        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:17:31.0421 1164        dac960nt - ok
00:17:31.0968 1164        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:17:32.0171 1164        Disk - ok
00:17:32.0781 1164        DLABOIOM        (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
00:17:32.0796 1164        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
00:17:32.0796 1164        DLABOIOM - detected UnsignedFile.Multi.Generic (1)
00:17:33.0281 1164        DLACDBHM        (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:17:33.0296 1164        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
00:17:33.0296 1164        DLACDBHM - detected UnsignedFile.Multi.Generic (1)
00:17:33.0796 1164        DLADResN        (8342c37a0667183e0d2d7dee77e0388f) C:\WINDOWS\system32\DLA\DLADResN.SYS
00:17:33.0796 1164        DLADResN ( UnsignedFile.Multi.Generic ) - warning
00:17:33.0796 1164        DLADResN - detected UnsignedFile.Multi.Generic (1)
00:17:34.0296 1164        DLAIFS_M        (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
00:17:34.0312 1164        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
00:17:34.0312 1164        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
00:17:34.0875 1164        DLAOPIOM        (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
00:17:34.0906 1164        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
00:17:34.0906 1164        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
00:17:35.0343 1164        DLAPoolM        (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
00:17:35.0359 1164        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
00:17:35.0359 1164        DLAPoolM - detected UnsignedFile.Multi.Generic (1)
00:17:35.0890 1164        DLARTL_N        (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
00:17:35.0890 1164        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
00:17:35.0890 1164        DLARTL_N - detected UnsignedFile.Multi.Generic (1)
00:17:36.0390 1164        DLAUDFAM        (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
00:17:36.0421 1164        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
00:17:36.0421 1164        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
00:17:36.0921 1164        DLAUDF_M        (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
00:17:36.0953 1164        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
00:17:36.0953 1164        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
00:17:38.0000 1164        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
00:17:38.0515 1164        dmboot - ok
00:17:39.0234 1164        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
00:17:39.0421 1164        dmio - ok
00:17:39.0921 1164        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:17:40.0093 1164        dmload - ok
00:17:40.0609 1164        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:17:40.0859 1164        DMusic - ok
00:17:41.0359 1164        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:17:41.0546 1164        dpti2o - ok
00:17:42.0046 1164        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:17:42.0250 1164        drmkaud - ok
00:17:42.0828 1164        DRVMCDB        (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:17:42.0843 1164        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
00:17:42.0843 1164        DRVMCDB - detected UnsignedFile.Multi.Generic (1)
00:17:43.0343 1164        DRVNDDM        (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:17:43.0359 1164        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
00:17:43.0359 1164        DRVNDDM - detected UnsignedFile.Multi.Generic (1)
00:17:43.0906 1164        E100B          (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
00:17:44.0093 1164        E100B - ok
00:17:44.0718 1164        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:17:44.0953 1164        Fastfat - ok
00:17:45.0468 1164        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:17:45.0656 1164        Fdc - ok
00:17:46.0281 1164        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
00:17:46.0453 1164        Fips - ok
00:17:46.0953 1164        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:17:47.0156 1164        Flpydisk - ok
00:17:47.0765 1164        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
00:17:48.0000 1164        FltMgr - ok
00:17:48.0500 1164        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:17:48.0671 1164        Fs_Rec - ok
00:17:49.0250 1164        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:17:49.0500 1164        Ftdisk - ok
00:17:49.0953 1164        GEARAspiWDM - ok
00:17:50.0546 1164        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:17:50.0718 1164        Gpc - ok
00:17:51.0281 1164        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:17:51.0531 1164        HDAudBus - ok
00:17:52.0093 1164        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:17:52.0296 1164        HidUsb - ok
00:17:52.0796 1164        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:17:52.0968 1164        hpn - ok
00:17:53.0625 1164        HSFHWAZL        (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:17:53.0750 1164        HSFHWAZL - ok
00:17:54.0859 1164        HSF_DPV        (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
00:17:55.0468 1164        HSF_DPV - ok
00:17:56.0171 1164        HSXHWAZL        (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
00:17:56.0218 1164        HSXHWAZL - ok
00:17:56.0875 1164        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:17:56.0968 1164        HTTP - ok
00:17:57.0750 1164        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:17:57.0921 1164        i2omgmt - ok
00:17:58.0671 1164        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:17:58.0859 1164        i2omp - ok
00:17:59.0375 1164        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:17:59.0828 1164        i8042prt - ok
00:18:01.0390 1164        ialm            (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
00:18:02.0484 1164        ialm - ok
00:18:03.0343 1164        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:18:03.0546 1164        Imapi - ok
00:18:04.0062 1164        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:18:04.0515 1164        ini910u - ok
00:18:05.0015 1164        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:18:05.0484 1164        IntelIde - ok
00:18:06.0015 1164        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:18:06.0468 1164        intelppm - ok
00:18:06.0953 1164        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
00:18:07.0390 1164        Ip6Fw - ok
00:18:08.0031 1164        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:18:08.0484 1164        IpFilterDriver - ok
00:18:09.0000 1164        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:18:09.0437 1164        IpInIp - ok
00:18:10.0031 1164        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:18:10.0484 1164        IpNat - ok
00:18:11.0031 1164        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:18:11.0500 1164        IPSec - ok
00:18:12.0000 1164        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:18:12.0125 1164        IRENUM - ok
00:18:12.0671 1164        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:18:12.0828 1164        isapnp - ok
00:18:13.0515 1164        k750bus        (fe8300320281d658a7854d5cfc02a63f) C:\WINDOWS\system32\DRIVERS\k750bus.sys
00:18:13.0609 1164        k750bus - ok
00:18:14.0093 1164        k750mdfl        (f44521f63c0c00364fa3d59db980de6a) C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
00:18:14.0375 1164        k750mdfl - ok
00:18:14.0968 1164        k750mdm        (e93323c3ed5e8923a177740a973c27b2) C:\WINDOWS\system32\DRIVERS\k750mdm.sys
00:18:15.0015 1164        k750mdm - ok
00:18:15.0593 1164        k750mgmt        (9d5f5a70ca0b7c428efcd73db50e6ac7) C:\WINDOWS\system32\DRIVERS\k750mgmt.sys
00:18:15.0640 1164        k750mgmt - ok
00:18:16.0187 1164        k750obex        (81ca2d57b2c14f76f4ba80846784bb3d) C:\WINDOWS\system32\DRIVERS\k750obex.sys
00:18:16.0234 1164        k750obex - ok
00:18:16.0734 1164        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:18:16.0921 1164        Kbdclass - ok
00:18:17.0671 1164        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:18:17.0859 1164        kbdhid - ok
00:18:18.0453 1164        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:18:18.0625 1164        kmixer - ok
00:18:19.0234 1164        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:18:19.0406 1164        KSecDD - ok
00:18:19.0875 1164        lbrtfdc - ok
00:18:20.0421 1164        MASPINT        (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
00:18:20.0437 1164        MASPINT ( UnsignedFile.Multi.Generic ) - warning
00:18:20.0437 1164        MASPINT - detected UnsignedFile.Multi.Generic (1)
00:18:20.0968 1164        MBAMSwissArmy  (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
00:18:20.0984 1164        MBAMSwissArmy - ok
00:18:21.0500 1164        mdmxsdk        (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:18:21.0531 1164        mdmxsdk - ok
00:18:22.0046 1164        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:18:22.0203 1164        mnmdd - ok
00:18:22.0828 1164        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
00:18:23.0015 1164        Modem - ok
00:18:23.0578 1164        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:18:23.0750 1164        Mouclass - ok
00:18:24.0328 1164        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:18:24.0500 1164        mouhid - ok
00:18:25.0031 1164        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:18:25.0187 1164        MountMgr - ok
00:18:25.0703 1164        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:18:25.0890 1164        mraid35x - ok
00:18:26.0515 1164        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:18:26.0734 1164        MRxDAV - ok
00:18:27.0234 1164        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:18:27.0468 1164        Msfs - ok
00:18:27.0984 1164        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:18:28.0140 1164        MSKSSRV - ok
00:18:28.0734 1164        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:18:28.0968 1164        MSPCLOCK - ok
00:18:29.0453 1164        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:18:29.0640 1164        MSPQM - ok
00:18:30.0171 1164        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:18:30.0359 1164        mssmbios - ok
00:18:30.0953 1164        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:18:31.0015 1164        Mup - ok
00:18:31.0640 1164        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:18:31.0859 1164        NDIS - ok
00:18:32.0375 1164        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:18:32.0453 1164        NdisTapi - ok
00:18:33.0062 1164        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:18:33.0250 1164        Ndisuio - ok
00:18:33.0843 1164        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:18:34.0000 1164        NdisWan - ok
00:18:34.0546 1164        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:18:34.0625 1164        NDProxy - ok
00:18:35.0109 1164        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:18:35.0296 1164        NetBIOS - ok
00:18:35.0890 1164        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:18:36.0078 1164        NetBT - ok
00:18:36.0734 1164        nmwcd          (c3963d85b721a7f80d8a55f4e2867a3a) C:\WINDOWS\system32\drivers\ccdcmb.sys
00:18:37.0359 1164        nmwcd - ok
00:18:37.0921 1164        nmwcdc          (3859c69a77793180548802dac9f34a38) C:\WINDOWS\system32\drivers\ccdcmbo.sys
00:18:38.0031 1164        nmwcdc - ok
00:18:38.0562 1164        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:18:38.0734 1164        Npfs - ok
00:18:39.0640 1164        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:18:40.0015 1164        Ntfs - ok
00:18:40.0500 1164        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:18:40.0703 1164        Null - ok
00:18:42.0359 1164        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:18:43.0593 1164        nv - ok
00:18:44.0140 1164        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:18:44.0328 1164        NwlnkFlt - ok
00:18:44.0875 1164        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:18:45.0062 1164        NwlnkFwd - ok
00:18:45.0656 1164        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
00:18:45.0843 1164        Parport - ok
00:18:46.0328 1164        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:18:46.0500 1164        PartMgr - ok
00:18:46.0984 1164        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
00:18:47.0156 1164        ParVdm - ok
00:18:47.0718 1164        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
00:18:47.0796 1164        pccsmcfd - ok
00:18:48.0343 1164        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
00:18:48.0531 1164        PCI - ok
00:18:49.0046 1164        PCIDump - ok
00:18:49.0531 1164        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:18:49.0703 1164        PCIIde - ok
00:18:50.0312 1164        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:18:50.0515 1164        Pcmcia - ok
00:18:51.0015 1164        PDCOMP - ok
00:18:51.0468 1164        PDFRAME - ok
00:18:51.0937 1164        PDRELI - ok
00:18:52.0421 1164        PDRFRAME - ok
00:18:52.0937 1164        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:18:53.0156 1164        perc2 - ok
00:18:53.0656 1164        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:18:53.0843 1164        perc2hib - ok
00:18:54.0421 1164        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:18:54.0593 1164        PptpMiniport - ok
00:18:55.0140 1164        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:18:55.0312 1164        PSched - ok
00:18:55.0828 1164        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:18:56.0000 1164        Ptilink - ok
00:18:56.0531 1164        PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:18:56.0562 1164        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:18:56.0562 1164        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:18:57.0156 1164        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:18:57.0328 1164        ql1080 - ok
00:18:57.0828 1164        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:18:58.0062 1164        Ql10wnt - ok
00:18:58.0578 1164        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:18:58.0781 1164        ql12160 - ok
00:18:59.0281 1164        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:18:59.0453 1164        ql1240 - ok
00:18:59.0968 1164        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:19:00.0140 1164        ql1280 - ok
00:19:00.0640 1164        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:19:00.0812 1164        RasAcd - ok
00:19:01.0359 1164        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:19:01.0531 1164        Rasl2tp - ok
00:19:02.0046 1164        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:19:02.0218 1164        RasPppoe - ok
00:19:02.0703 1164        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:19:02.0906 1164        Raspti - ok
00:19:03.0531 1164        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:19:03.0703 1164        Rdbss - ok
00:19:04.0203 1164        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:19:04.0390 1164        RDPCDD - ok
00:19:05.0078 1164        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:19:05.0281 1164        rdpdr - ok
00:19:05.0937 1164        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:19:05.0984 1164        RDPWD - ok
00:19:06.0484 1164        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:19:06.0656 1164        redbook - ok
00:19:07.0250 1164        s116bus        (815445f4676cc96bc9aeec303c727e19) C:\WINDOWS\system32\DRIVERS\s116bus.sys
00:19:07.0265 1164        s116bus - ok
00:19:07.0750 1164        s116mdfl        (333d1e0743e6de1779c3c418ac601c3a) C:\WINDOWS\system32\DRIVERS\s116mdfl.sys
00:19:07.0765 1164        s116mdfl - ok
00:19:08.0375 1164        s116mdm        (50d6e5b021e9ec7553ab8a3553cc1b6b) C:\WINDOWS\system32\DRIVERS\s116mdm.sys
00:19:08.0390 1164        s116mdm - ok
00:19:08.0937 1164        s116mgmt        (1589aa53e43f8d193a7d4d580d3ffa95) C:\WINDOWS\system32\DRIVERS\s116mgmt.sys
00:19:08.0953 1164        s116mgmt - ok
00:19:09.0453 1164        s116nd5        (306f85733671fe507470f0273025e768) C:\WINDOWS\system32\DRIVERS\s116nd5.sys
00:19:09.0468 1164        s116nd5 - ok
00:19:10.0015 1164        s116obex        (ec32601f04a5a5de89315d0f55e73d66) C:\WINDOWS\system32\DRIVERS\s116obex.sys
00:19:10.0031 1164        s116obex - ok
00:19:10.0640 1164        s116unic        (32e3ecb4b2b5887426eaf241a8149cde) C:\WINDOWS\system32\DRIVERS\s116unic.sys
00:19:10.0656 1164        s116unic - ok
00:19:11.0203 1164        SDDMI2          (8edd7b9e4a4b4c16e2dab9188caa861b) C:\WINDOWS\system32\DDMI2.sys
00:19:11.0234 1164        SDDMI2 ( UnsignedFile.Multi.Generic ) - warning
00:19:11.0234 1164        SDDMI2 - detected UnsignedFile.Multi.Generic (1)
00:19:11.0765 1164        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:19:11.0859 1164        Secdrv - ok
00:19:12.0453 1164        seehcri        (e5b56569a9f79b70314fede6c953641e) C:\WINDOWS\system32\DRIVERS\seehcri.sys
00:19:12.0546 1164        seehcri - ok
00:19:13.0109 1164        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:19:13.0296 1164        serenum - ok
00:19:13.0828 1164        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
00:19:14.0046 1164        Serial - ok
00:19:14.0593 1164        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:19:14.0765 1164        Sfloppy - ok
00:19:15.0250 1164        Simbad - ok
00:19:15.0765 1164        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:19:15.0921 1164        sisagp - ok
00:19:16.0453 1164        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:19:16.0546 1164        Sparrow - ok
00:19:17.0062 1164        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:19:17.0234 1164        splitter - ok
00:19:17.0750 1164        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
00:19:17.0843 1164        sr - ok
00:19:18.0593 1164        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:19:18.0812 1164        Srv - ok
00:19:19.0359 1164        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
00:19:19.0375 1164        ssmdrv - ok
00:19:20.0562 1164        STHDA          (3ad78e22210d3fbd9f76de84a8df19b5) C:\WINDOWS\system32\drivers\sthda.sys
00:19:21.0328 1164        STHDA - ok
00:19:21.0859 1164        StillCam        (a2dbcc4c8860449df1ab758ea28b4de0) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:19:22.0093 1164        StillCam - ok
00:19:22.0625 1164        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:19:22.0796 1164        swenum - ok
00:19:23.0343 1164        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:19:23.0531 1164        swmidi - ok
00:19:24.0046 1164        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:19:24.0203 1164        symc810 - ok
00:19:24.0703 1164        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:19:24.0906 1164        symc8xx - ok
00:19:25.0406 1164        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:19:25.0593 1164        sym_hi - ok
00:19:26.0109 1164        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:19:26.0265 1164        sym_u3 - ok
00:19:26.0890 1164        SynTP          (35d5b3632e0bcebe27b391157de05996) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:19:27.0000 1164        SynTP - ok
00:19:27.0562 1164        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:19:27.0750 1164        sysaudio - ok
00:19:28.0312 1164        tap0901        (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
00:19:28.0328 1164        tap0901 ( UnsignedFile.Multi.Generic ) - warning
00:19:28.0328 1164        tap0901 - detected UnsignedFile.Multi.Generic (1)
00:19:29.0062 1164        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:19:29.0390 1164        Tcpip - ok
00:19:31.0203 1164        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:19:31.0390 1164        TDPIPE - ok
00:19:31.0906 1164        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:19:32.0140 1164        TDTCP - ok
00:19:32.0656 1164        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:19:32.0843 1164        TermDD - ok
00:19:33.0421 1164        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
00:19:33.0578 1164        TosIde - ok
00:19:34.0156 1164        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:19:34.0312 1164        Udfs - ok
00:19:34.0906 1164        uigxrdr        (7b1a3a08702bd8b9891ef6066f28647c) C:\WINDOWS\system32\DRIVERS\uigxrdr.sys
00:19:34.0937 1164        uigxrdr ( UnsignedFile.Multi.Generic ) - warning
00:19:34.0937 1164        uigxrdr - detected UnsignedFile.Multi.Generic (1)
00:19:35.0484 1164        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:19:35.0593 1164        ultra - ok
00:19:36.0421 1164        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:19:36.0765 1164        Update - ok
00:19:37.0296 1164        upperdev        (0ccadc7391021376edbb8aa649d04e68) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
00:19:37.0390 1164        upperdev - ok
00:19:37.0953 1164        usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:19:38.0218 1164        usbaudio - ok
00:19:38.0765 1164        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:19:38.0937 1164        usbccgp - ok
00:19:39.0468 1164        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:19:39.0625 1164        usbehci - ok
00:19:40.0171 1164        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:19:40.0375 1164        usbhub - ok
00:19:40.0984 1164        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:19:41.0203 1164        usbprint - ok
00:19:41.0718 1164        usbscan        (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:19:41.0906 1164        usbscan - ok
00:19:42.0421 1164        usbser          (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
00:19:42.0593 1164        usbser - ok
00:19:43.0078 1164        UsbserFilt      (68b4f83cccf70a2ff32ee142c234332a) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
00:19:43.0218 1164        UsbserFilt - ok
00:19:43.0734 1164        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:19:43.0906 1164        USBSTOR - ok
00:19:44.0437 1164        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:19:44.0593 1164        usbuhci - ok
00:19:45.0109 1164        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:19:45.0312 1164        VgaSave - ok
00:19:45.0859 1164        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:19:46.0031 1164        viaagp - ok
00:19:46.0656 1164        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:19:46.0859 1164        ViaIde - ok
00:19:47.0406 1164        VNUSB          (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys
00:19:47.0437 1164        VNUSB ( UnsignedFile.Multi.Generic ) - warning
00:19:47.0453 1164        VNUSB - detected UnsignedFile.Multi.Generic (1)
00:19:47.0953 1164        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
00:19:48.0125 1164        VolSnap - ok
00:19:48.0687 1164        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:19:48.0859 1164        Wanarp - ok
00:19:49.0625 1164        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:19:49.0812 1164        Wdf01000 - ok
00:19:50.0281 1164        WDICA - ok
00:19:50.0843 1164        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:19:51.0031 1164        wdmaud - ok
00:19:52.0156 1164        winachsf        (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
00:19:52.0515 1164        winachsf - ok
00:19:53.0046 1164        WN4501HLFZZ - ok
00:19:53.0593 1164        WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
00:19:53.0781 1164        WpdUsb - ok
00:19:54.0375 1164        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:19:54.0625 1164        WS2IFSL - ok
00:19:55.0187 1164        WudfPf          (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:19:55.0265 1164        WudfPf - ok
00:19:55.0812 1164        WudfRd          (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:19:55.0859 1164        WudfRd - ok
00:19:56.0343 1164        ZDPSp50 - ok
00:19:56.0437 1164        MBR (0x1B8)    (5cb90281d1a59b251f6603134774eec3) \Device\Harddisk0\DR0
00:19:56.0750 1164        \Device\Harddisk0\DR0 - ok
00:19:56.0781 1164        Boot (0x1200)  (bc5c996713b21ab9a9c28d9acce6b3ed) \Device\Harddisk0\DR0\Partition0
00:19:56.0781 1164        \Device\Harddisk0\DR0\Partition0 - ok
00:19:56.0796 1164        ============================================================
00:19:56.0796 1164        Scan finished
00:19:56.0796 1164        ============================================================
00:19:56.0921 3012        Detected object count: 19
00:19:56.0921 3012        Actual detected object count: 19
00:20:45.0562 3012        APPDRV ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        APPDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        BCMWLNPF ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        BCMWLNPF ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0562 3012        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0562 3012        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        MASPINT ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        MASPINT ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0578 3012        SDDMI2 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0578 3012        SDDMI2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0593 3012        tap0901 ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012        tap0901 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0593 3012        uigxrdr ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012        uigxrdr ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:20:45.0593 3012        VNUSB ( UnsignedFile.Multi.Generic ) - skipped by user
00:20:45.0593 3012        VNUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip

Swillswissen 19.03.2012 02:01
Hier das Ergebnis von osam:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 01:55:59 on 19.03.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"RealUpgradeLogonTaskS-1-5-21-413376109-1747680547-2295601255-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe
"RealUpgradeScheduledTaskS-1-5-21-413376109-1747680547-2295601255-1006.job" - "RealNetworks, Inc." - C:\Programme\Real\RealUpgrade\realupgrade.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"BCMWLCPL.CPL" - "Dell Inc." - C:\WINDOWS\system32\BCMWLCPL.CPL
"cmdvdpak.cpl" - "Sonic Solutions" - C:\WINDOWS\system32\cmdvdpak.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"NicConfigSvc.cpl" - "Dell Inc." - C:\WINDOWS\system32\NicConfigSvc.cpl
"STacGUI.cpl" - "SigmaTel, Inc." - C:\WINDOWS\system32\STacGUI.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Avira AntiVir PersonalEdition Classic" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"802.11g Wireless USB Adapter" (WN4501HLFZZ) - ? - C:\WINDOWS\System32\DRIVERS\O4501U.sys  (File not found)
"APPDRV" (APPDRV) - "Dell Inc" - C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"Broadcom Netgroup Packet Filter" (BCMWLNPF) - "CACE Technologies" - C:\WINDOWS\System32\drivers\bcmwlnpf.sys
"catchme" (catchme) - ? - C:\DOKUME~1\admin\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"GEAR ASPI Filter Driver" (GEARAspiWDM) - ? - C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MASPINT" (MASPINT) - "MicroStaff Co.,Ltd." - C:\WINDOWS\system32\drivers\MASPINT.sys
"MBAMSwissArmy" (MBAMSwissArmy) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbamswissarmy.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"SDDMI2" (SDDMI2) - "Gteko Ltd." - C:\WINDOWS\system32\DDMI2.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"TAP-Win32 Adapter V9" (tap0901) - "The OpenVPN Project" - C:\WINDOWS\System32\DRIVERS\tap0901.sys
"uigxrdr" (uigxrdr) - "1&1 Mail & Media GmbH" - C:\WINDOWS\System32\DRIVERS\uigxrdr.sys
"VN Series Device" (VNUSB) - "OLYMPUS IMAGING CORP." - C:\WINDOWS\System32\DRIVERS\VNUSB.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - ? - C:\WINDOWS\System32\Drivers\ZDPSp50.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{D6613619-EDAA-451e-AA0C-671737CF6022} "ShellContextMenuHandler Class" - "1&1 Mail & Media GmbH" - C:\Programme\GMX\GMX Upload-Manager\SHNDLERS.DLL
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - ? -  (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Yahoo! Toolbar" - ? -  (File not found | COM-object registry key not found)
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
<binary data> "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
<binary data> "{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A3256902-51FA-45A0-8A97-FC1143C169D9} "Diagnostics ActiveX WebControl" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\DiagWAPI.dll / hxxp://support.microsoft.com/mats/DiagWebControl.cab
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} "EPSON Web Printer-SelfTest Control Class" - ? - C:\WINDOWS\system32\Epson\EST\ESTPTest\ESTPTest.ocx / hxxp://esupport.epson-europe.com/selftest/de/Prg/ESTPTest.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\WINDOWS\Downloaded Program Files\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://static.ak.studivz.net/photouploader/ImageUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{A8F2B9BD-A6A0-486A-9744-18920D898429} "ScorchPlugin Class" - "Sibelius Software, a division of Avid Technology, Inc. and its licensors." - C:\Programme\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll / hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11f.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{49232000-16E4-426C-A231-62846947304B} "SysData Class" - "Hewlett-Packard" - C:\WINDOWS\DOWNLO~1\SysInfo.dll / hxxp://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} "{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}" - ? -  (File not found | COM-object registry key not found) / hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? -  (File not found | COM-object registry key not found)
<binary data> "SweetPacks Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetPacks Browser Helper" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} "ZoneAlarm Toolbar" - "Conduit Ltd." - C:\Programme\ZoneAlarm\prxtbZon0.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\WINDOWS\system32\WLTRAY.exe
"Dell QuickSet" - "Dell Inc" - C:\Programme\Dell\QuickSet\quickset.exe
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"NokiaMServer" - "Nokia" - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer /watchfiles startup
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Messenger\SweetIM.exe
"Sweetpacks Communicator" - "SweetIM Technologies Ltd." - C:\Programme\SweetIM\Communicator\SweetPacksUpdateManager.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\program files\real\realplayer\update\realsched.exe"  -osboot

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\WINDOWS\System32\BCMLogon.dll
"GMX MediaCenter" - "1&1 Mail & Media GmbH" - C:\WINDOWS\System32\uigxnp.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"EPSON V6 2KMonitor" - "SEIKO EPSON CORPORATION" - C:\WINDOWS\system32\EBPMON24.DLL
"HP Standard TCP/IP Port" - "Hewlett Packard" - C:\WINDOWS\system32\hptcpmon.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - "internet-support foehr.com" - C:\WINDOWS\system32\pdfcmnnt.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"A016mdfl" (IBMTPCHK) - ? - C:\WINDOWS\system32\ctxcpuusync.dll  (File not found)
"Acmservice" (SE2Cbus) - ? - C:\WINDOWS\system32\aolavupd.dll  (File not found)
"Anbmservice" (DCamUSBMke) - ? - C:\WINDOWS\system32\ESMCR.dll  (File not found)
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avgems" (ARSVC) - ? - C:\WINDOWS\system32\advservice.dll  (File not found)
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"BcmSqlStartupSvc" (armoucfltr) - ? - C:\WINDOWS\system32\jobserver_report.dll  (File not found)
"Bmwebcfg" (LXARScan) - ? - C:\WINDOWS\system32\pid_0928.dll  (File not found)
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"Btaudio" (keriomailserver) - ? - C:\WINDOWS\system32\eskerlicensecontrol.dll  (File not found)
"CBN" (o2flash) - ? - C:\WINDOWS\system32\naveng.dll  (File not found)
"Ccs" (WDM_YAMAHAAC97) - ? - C:\WINDOWS\system32\zppinger.dll  (File not found)
"Cfosspeeds" (PGPwded) - ? - C:\WINDOWS\system32\tnidriver.dll  (File not found)
"Ctprxy2k" (tvtpktfilter) - ? - C:\WINDOWS\system32\mdc8021x.dll  (File not found)
"CTSBLFX.DLL" (epfw) - ? - C:\WINDOWS\system32\P17xfi.dll  (File not found)
"Cusrvc" (pop3d32) - ? - C:\WINDOWS\system32\kwatchsvc.dll  (File not found)
"Db2jds" (btwusb) - ? - C:\WINDOWS\system32\SNP2STD.dll  (File not found)
"DCamUSBDXGTech" (TuneUp.ProgramStatisticsSvc) - ? - C:\WINDOWS\system32\adihdaudaddservice.dll  (File not found)
"DcPTP" (mfcom) - ? - C:\WINDOWS\system32\lxcf_device.dll  (File not found)
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\WINDOWS\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"DELL_A02" (ProcObsrv) - ? - C:\WINDOWS\system32\inotask.dll  (File not found)
"DevUpper" (NOWMEMDF) - ? - C:\WINDOWS\system32\backupexecdevicemediaservice.dll  (File not found)
"DFUBTUSB" (vetmonnt) - ? - C:\WINDOWS\system32\ialm.dll  (File not found)
"Dlpwd" (x10nets) - ? - C:\WINDOWS\system32\stac97.dll  (File not found)
"Dot4ufd" (CAMCAUD) - ? - C:\WINDOWS\system32\MTDVC2_ENUM.dll  (File not found)
"Dptrackerd" (eskerlicensecontrol) - ? - C:\WINDOWS\system32\CTERFXFX.DLL.dll  (File not found)
"Driverhardwarev2" (se45obex) - ? - C:\WINDOWS\system32\procexp100.dll  (File not found)
"DsNcAdpt" (issimon) - ? - C:\WINDOWS\system32\netw4x32.dll  (File not found)
"Ehstart" (EPSON_EB_RPCV4_01) - ? - C:\WINDOWS\system32\pdlnepkt.dll  (File not found)
"ELkbd" (caili) - ? - C:\WINDOWS\system32\scan.dll  (File not found)
"Elockservice" (qbreminderflash) - ? - C:\WINDOWS\system32\sr.dll  (File not found)
"EmAudio" (SE2Dobex) - ? - C:\WINDOWS\system32\tsp.dll  (File not found)
"Emma Device Management" (EmmaDevMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaDeviceMgmt.exe
"Emma Update Management" (EmmaUpdMgmtSvc) - "Sony Ericsson Mobile Communications" - C:\Programme\Gemeinsame Dateien\Sony Ericsson\Emma Core\Services\EmmaUpdateMgmt.exe
"Enum1394" (zpnodecollector) - ? - C:\WINDOWS\system32\stunnel.dll  (File not found)
"Fetnd5bv" (pav_security) - ? - C:\WINDOWS\system32\NVXBAR.dll  (File not found)
"Flutilssvc" (tpkmpsvc) - ? - C:\WINDOWS\system32\secdrv.dll  (File not found)
"Gagp30kx" (s125mdm) - ? - C:\WINDOWS\system32\regservice.dll  (File not found)
"GcKernel" (backupexecagentaccelerator) - ? - C:\WINDOWS\system32\ncupdatesvc.dll  (File not found)
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"GTF32BUS" (hpt3xx) - ? - C:\WINDOWS\system32\alcxwdm.dll  (File not found)
"Gusvc" (clmtomcatstartersvc) - ? - C:\WINDOWS\system32\pae_1394.dll  (File not found)
"Hcmon" (ptbsync) - ? - C:\WINDOWS\system32\pcradminserver.dll  (File not found)
"Hpzipr12" (cvspydr2) - ? - C:\WINDOWS\system32\ssfs0509.dll  (File not found)
"Ikfilesec" (se45mgmt) - ? - C:\WINDOWS\system32\mssql$microsoftsmlbiz.dll  (File not found)
"Ino_fltr" (igateway) - ? - C:\WINDOWS\system32\UxTuneUp.dll  (File not found)
"Inport" (alcaudsl) - ? - C:\WINDOWS\system32\SGIR.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"InterBaseServer" (CSDriver) - ? - C:\WINDOWS\system32\omniusb.dll  (File not found)
"Ipssvc" (svcwrsssdk) - ? - C:\WINDOWS\system32\WINUSB.dll  (File not found)
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Jobserver_report" (hwpsgt) - ? - C:\WINDOWS\system32\enecbpth.dll  (File not found)
"Kerbkey" (USBVCD) - ? - C:\WINDOWS\system32\p3.dll  (File not found)
"Keriomailserver" (stac97) - ? - C:\WINDOWS\system32\p2k.dll  (File not found)
"KS0108" (avidsdmservice) - ? - C:\WINDOWS\system32\s7oppitx.dll  (File not found)
"Kwatchsvc" (df5serv) - ? - C:\WINDOWS\system32\EU3_USB.dll  (File not found)
"Ldlcserv" (hsf_msft) - ? - C:\WINDOWS\system32\aha154x.dll  (File not found)
"LEX_AS_NIC_SERVICE_YNOS" (sony_ssm.sys) - ? - C:\WINDOWS\system32\soma.dll  (File not found)
"Lgsnd_filter" (WmBEnum) - ? - C:\WINDOWS\system32\s24eventmonitor.dll  (File not found)
"LPCFilter" (WimFltr) - ? - C:\WINDOWS\system32\sbpci.dll  (File not found)
"Lsdiorw" (streamip) - ? - C:\WINDOWS\system32\ibmfilter.dll  (File not found)
"Lvusbsta" (HPSLPSVC) - ? - C:\WINDOWS\system32\WmHidLo.dll  (File not found)
"Lxcf_device" (EPOWER) - ? - C:\WINDOWS\system32\JRAID.dll  (File not found)
"Mbr" (PCTINDIS5) - ? - C:\WINDOWS\system32\bdfsfltr.dll  (File not found)
"Mcstrm" (fsma) - ? - C:\WINDOWS\system32\usbhub.dll  (File not found)
"Mctaskmanager" (cdralw2k) - ? - C:\WINDOWS\system32\cachemanxp.dll  (File not found)
"MMRTKRNL" (raysat3_4_6_18server) - ? - C:\WINDOWS\system32\fsbwsys.dll  (File not found)
"Modemcsa" (mcshield) - ? - C:\WINDOWS\system32\rt2500usb.dll  (File not found)
"MREMPR5" (mksvirmonsvc) - ? - C:\WINDOWS\system32\imagedrv.dll  (File not found)
"MSCamSvc" (SeratoUsb) - ? - C:\WINDOWS\system32\advantage.dll  (File not found)
"Msftpsvc" (AtiHdmiService) - ? - C:\WINDOWS\system32\bdrsdrv.dll  (File not found)
"Mssqlserveradhelper" (mclserviceatl) - ? - C:\WINDOWS\system32\nnsvc.dll  (File not found)
"Mvc25U870_VID_1262&PID_25FD" (imagedrv) - ? - C:\WINDOWS\system32\zd1211u(zydas).dll  (File not found)
"Mwagent" (websenseusagemonitor) - ? - C:\WINDOWS\system32\pavagente.dll  (File not found)
"NICCONFIGSVC" (NICCONFIGSVC) - "Dell Inc." - C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
"Nocashio" (PPPoEWin) - ? - C:\WINDOWS\system32\SE26bus.dll  (File not found)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Ooclevercacheagent" (se2Bnd5) - ? - C:\WINDOWS\system32\roxupnprenderer.dll  (File not found)
"OpenVPN Service" (OpenVPNService) - ? - C:\Programme\OpenVPN\bin\openvpnserv.exe  (File found, but it contains no detailed information)
"PBADRV" (aiclient) - ? - C:\WINDOWS\system32\scsk4.dll  (File not found)
"Pdlndldl" (backupexecalertserver) - ? - C:\WINDOWS\system32\MTsensor.dll  (File not found)
"Pinnaclesys.mediaserver" (AF15BDA) - ? - C:\WINDOWS\system32\vhidmini.dll  (File not found)
"Plscsi" (nvraid) - ? - C:\WINDOWS\system32\symids.dll  (File not found)
"Pml Driver HPZ12" (Pml Driver HPZ12) - "HP" - C:\WINDOWS\system32\HPZipm12.exe
"PQNTDrv" (dcsloader) - ? - C:\WINDOWS\system32\avgclean.dll  (File not found)
"Procexp100" (vmparport) - ? - C:\WINDOWS\system32\GTF32BUS.dll  (File not found)
"Procmon10" (w550bus) - ? - C:\WINDOWS\system32\lanmanworkstation.dll  (File not found)
"Protectionservice" (dklogger) - ? - C:\WINDOWS\system32\idsvc.dll  (File not found)
"PSSdk23" (lp6nds35) - ? - C:\WINDOWS\system32\mldserv.dll  (File not found)
"Remoteregistry" (tcsd_win32.exe) - ? - C:\WINDOWS\system32\LVCap138.dll  (File not found)
"RivaTuner32" (iwebmsg) - ? - C:\WINDOWS\system32\spbbcsvc.dll  (File not found)
"Rootmodem" (F700isw) - ? - C:\WINDOWS\system32\tosrfnds.dll  (File not found)
"S24trans" (Rawwan) - ? - C:\WINDOWS\system32\tossmbnt.dll  (File not found)
"S616obex" (pdlncbas) - ? - C:\WINDOWS\system32\avg7rsxp.dll  (File not found)
"SaiNtSub" (BsHelpCS) - ? - C:\WINDOWS\system32\cavasm.dll  (File not found)
"ScFBPNT3" (nsvclog) - ? - C:\WINDOWS\system32\MSW_USB.dll  (File not found)
"Sdbus" (AlteraByteBlaster) - ? - C:\WINDOWS\system32\mvserver.dll  (File not found)
"Sermouse" (tfsndrct) - ? - C:\WINDOWS\system32\cqcpu.dll  (File not found)
"SerTVOutCtlr" (HpqRemHid) - ? - C:\WINDOWS\system32\rchost.dll  (File not found)
"Service1" (sandradatasrv) - ? - C:\WINDOWS\system32\TryAndDecideService.dll  (File not found)
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
"SiS7018" (wsearch) - ? - C:\WINDOWS\system32\sfloppy.dll  (File not found)
"Smartscaps" (roxmediadb) - ? - C:\WINDOWS\system32\tifm.dll  (File not found)
"Snpstd2" (sisnic) - ? - C:\WINDOWS\system32\tphkdrv.dll  (File not found)
"Sony Ericsson OMSI download service" (OMSI download service) - ? - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe  (File found, but it contains no detailed information)
"SrvcEPIOMngr" (tifm) - ? - C:\WINDOWS\system32\bdftdif.dll  (File not found)
"Subsonic" (tvtnetwk) - ? - C:\WINDOWS\system32\alcxsens.dll  (File not found)
"Tosrfhid" (smartwiservice) - ? - C:\WINDOWS\system32\adfs.dll  (File not found)
"Tosrfusb" (vmnetadapter) - ? - C:\WINDOWS\system32\ftpds.dll  (File not found)
"Tsircsrv" (adiusbaw) - ? - C:\WINDOWS\system32\3combootp.dll  (File not found)
"Tvald" (ndassvc) - ? - C:\WINDOWS\system32\EPSON_EB_RPCV4_01.dll  (File not found)
"Umwdf" (wg5n) - ? - C:\WINDOWS\system32\caisafe.dll  (File not found)
"UsbDiag" (dbmang) - ? - C:\WINDOWS\system32\aexnsclient.dll  (File not found)
"Vpcnets2" (vmusb) - ? - C:\WINDOWS\system32\sysenforce.dll  (File not found)
"Vpctcom" (navap) - ? - C:\WINDOWS\system32\dac960nt.dll  (File not found)
"W8335XP" (kservice) - ? - C:\WINDOWS\system32\Wuser32.dll  (File not found)
"Wacomvhid" (upnp) - ? - C:\WINDOWS\system32\pcidump.dll  (File not found)
"Webdriveservice" (Maplom) - ? - C:\WINDOWS\system32\filemon701.dll  (File not found)
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"WinDriver6" (bridgemp) - ? - C:\WINDOWS\system32\w300mdm.dll  (File not found)
"Wmconnectcds" (CcmExec) - ? - C:\WINDOWS\system32\dtsrvc.dll  (File not found)
"XBCD" (lvckap) - ? - C:\WINDOWS\system32\NVR0FLASHDev.dll  (File not found)

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Swillswissen 19.03.2012 02:57
Hi,

hier die Logs von aswMBR und Prevx. Dort hat es am Schluss geheißen "Systemstatus clean".

Lg S

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 02:07:32
-----------------------------
02:07:32.375    OS Version: Windows 5.1.2600 Service Pack 3
02:07:32.375    Number of processors: 1 586 0xD08
02:07:32.375    ComputerName: D614P62J  UserName: admin
02:07:34.812    Initialize success
02:08:11.734    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
02:08:11.734    Disk 0 Vendor: Hitachi_HTS541040G9AT00 MB2OA61A Size: 38154MB BusType: 3
02:08:11.765    Disk 0 MBR read successfully
02:08:11.765    Disk 0 MBR scan
02:08:11.765    Disk 0 unknown MBR code
02:08:11.765    Disk 0 Partition 1 00    DE Dell Utility Dell 8.0      78 MB offset 63
02:08:11.781    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        34993 MB offset 160650
02:08:11.796    Disk 0 Partition 3 00    DB  CP/M / CTOS Dell 8.0    3074 MB offset 71826615
02:08:11.812    Disk 0 scanning sectors +78124095
02:08:11.968    Disk 0 scanning C:\WINDOWS\system32\drivers
02:08:49.015    Service scanning
02:09:34.296    Modules scanning
02:09:50.734    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
02:09:54.671    Disk 0 trace - called modules:
02:09:55.187    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
02:09:55.187    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82d96030]
02:09:55.187    3 CLASSPNP.SYS[f84f2fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82de6030]
02:09:55.187    Scan finished successfully
02:10:32.421    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat"
02:10:32.453    The log file has been saved successfully to "C:\Dokumente und Einstellungen\admin\Desktop\aswMBR.txt"

Code:
Prevx Scan Log - Version v3.0.5.220
Log Generated: 19/3/2012 02:49, Type: 0,1
Windows XP Home Service Pack 3 (Build 2600) 32bit|1031
Hostname: D614P62J
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Mon 2012-03-19 02:46:51 Westeuropäische Normalzeit. Number of Scans: 1. Last Scan Duration: 34 minutes 18 seconds.
[U] (ACTIVE) c:\windows\system32\tsappcmp.dll        [PX5: 363C648000FE003ACC9400AEF73A0800EED8D05A]
[U] (ACTIVE) c:\windows\system32\riched32.dll        [PX5: 1C64DF6300CCABC30E6900044BCB3C00B79BCD14]
[U] (ACTIVE) c:\windows\system32\utildll.dll        [PX5: 3B9A0E3C00DCBAFF662200BA33A38B008D5A8FAC]
[U] (ACTIVE) c:\windows\system32\msacm32.drv        [PX5: 9617902F00A2596F522700876A3BC900E9999C01]
[U] (ACTIVE) c:\windows\system32\traffic.dll        [PX5: AE0C2A5200F668ED7A56003B43DDFF00546F45E7]
[U] (ACTIVE) c:\windows\system32\mfc42loc.dll        [PX5: E9D5BE22008DB9C1E03400AE9962B100B69221B3]
[U] (ACTIVE) c:\windows\system32\mprui.dll        [PX5: 62ABBE9600CE2AF7BCB10027822CE400AB8201A8]
[U] (ACTIVE) c:\windows\system32\netmsg.dll        [PX5: F6286C7B000D820F0CC0033D73FE0D00BB4C9655]
[U] (ACTIVE) c:\windows\system32\netui2.dll        [PX5: FF0E1C9200DE6A63C46E04678272C300D169A839]
[U] (ACTIVE) c:\windows\system32\ntlsapi.dll        [PX5: 1E16247D006C52E520B8003B3C2E07009CDD41E6]
[U] c:\windows\system32\timer.drv        [PX5: 02AC84D6D0483D2F0F9400A4426B8E001D5BAD12]
[U] c:\windows\system32\sound.drv        [PX5: E70CAE91D00DCE52067C00647C846400B79BCD14]
[U] c:\windows\system32\vga.drv        [PX5: 8D38D13480CC42FA089200F6F3895F00B79BCD14]
[U] c:\windows\system32\mouse.drv        [PX5: D9EA0CB2F0FB384407BE00D28D0C0C00B79BCD14]
[U] c:\windows\system32\keyboard.drv        [PX5: 159F7A82D0C5E0D3077700FE801B1000B79BCD14]
[U] c:\windows\system32\system.drv        [PX5: D4BD27742043BEDB0DB0000478EA5C00B79BCD14]
[U] c:\windows\system32\drivers\dpti2o.sys        [PX5: 1646100FE09545F24E5D003D74376C00785BB51E]
[U] c:\windows\system32\wfwnet.drv        [PX5: E9641F0220200734353000D28FC59A003BEC664C]
[U] c:\windows\system32\shell.dll        [PX5: CE2E2C35000BF1E3147B0046192BB900FA35E49E]
[U] c:\windows\system32\comm.drv        [PX5: 0D8B262B3068553F296F004B25B4F300F3172575]
[U] c:\programme\adobe\reader 9.0\reader\a3dutility.exe        [PX5: 5A0C56C2A0746CAED576037130215200F94D4371]
[U] c:\programme\microsoft silverlight\4.1.10111.0\mscorlib.dll        [PX5: A5F08D9600F31A80402318245F34E000595BC512]
[U] c:\programme\microsoft silverlight\4.1.10111.0\npctrl.dll        [PX5: 2745DC6F48DAD7DBA79D0F716B586B0050CFD432]
[U] c:\windows\system32\drivers\mraid35x.sys        [PX5: C698A15680F72A6A43410027AE857800E03AD3D3]
[U] c:\windows\system32\drivers\cmdide.sys        [PX5: 1090D35F00826C091A0300BA9B616000BE7EEBCD]
[U] c:\windows\system32\drivers\toside.sys        [PX5: 660069178081BD481391002BE0F15100881381FD]
[U] c:\windows\system32\drivers\aliide.sys        [PX5: BC6DDD5E808533E01498005CD48AF0000F761377]
[U] c:\windows\system32\drivers\amsint.sys        [PX5: 983BFBAD005D94832FCE00E56154ED006EF2904F]
[U] c:\windows\system32\drivers\perc2hib.sys        [PX5: 280C41CF809F7F2E153800F3159B7600EC8E5F7E]
[U] c:\windows\system32\drivers\cd20xrnt.sys        [PX5: 585C4579008238981E0B00FA57DBFC004069176C]
[U] c:\windows\system32\drivers\perc2.sys        [PX5: A43AD585A01480D56AE700F494050400D8326688]
[U] c:\programme\internet explorer\connection wizard\trialoc.dll        [PX5: A82D277A0028173CA0B500999E2EBB00CB176165]
[U] c:\windows\system32\drivers\asc.sys        [PX5: 57B586F580FE82A86794006034353E00FFEDC97A]
[U] c:\windows\system32\drivers\dmload.sys        [PX5: FC216AA0003B46A9171D00359F9C1600E909FEB4]
[U] c:\windows\system32\drivers\hpn.sys        [PX5: E3E88DDE608451A865E100EA998B2E0037855B2B]
[U] c:\windows\system32\drivers\asc3350p.sys        [PX5: AD3D9E1A803A53B9579300764BBA6D0023C757B9]
[U] c:\windows\system32\drivers\symc8xx.sys        [PX5: A176C643801C41297FB00031AC7E6200A76AF5F8]
[U] c:\windows\system32\winsock.dll        [PX5: FCF9BBDC30E28D0D0BF200D9F4D9CD00B79BCD14]
[U] c:\windows\system32\drivers\sym_hi.sys        [PX5: 71BB2597E0A078A96ED200558FFED400800CEC2F]
[U] c:\windows\system32\drivers\cpqarray.sys        [PX5: 83BD9FEC80CF65303A83008B3639D70054F0FDB8]
[U] c:\windows\system32\drivers\symc810.sys        [PX5: 726B03B580033B4F3FF70050993647004EA53D5F]
[U] c:\windows\system32\drivers\aha154x.sys        [PX5: B5CCD41400024B8C3232007262F16400589648E4]
[U] c:\windows\system32\drivers\asc3550.sys        [PX5: F329E1C6001CB2953AAF005BD8D557009377D482]
[U] c:\windows\system32\drivers\dac960nt.sys        [PX5: 4A76D57C80C85C4939AF009F3428130045C96C9B]
[U] c:\windows\system32\drivers\cbidf2k.sys        [PX5: 7B8DA5F780B7DA7536FE00ABA71B6C00B12776D7]
[U] c:\windows\system32\drivers\ini910u.sys        [PX5: C7702821802D11853E090094CBC4E400E259EFF7]
[U] c:\windows\system32\drivers\nwlnkflt.sys        [PX5: A826BA3A803B83AE30C000488911C200DC3CA878]
[U] c:\windows\system32\drivers\abp480n5.sys        [PX5: C1BD84230067F4EA5CEF003B6C801800F0A16602]
[U] c:\windows\system32\drivers\sparrow.sys        [PX5: 34EF085980E9566F4AC800ACA767DA00AD03B518]
[U] c:\windows\system32\drivers\sym_u3.sys        [PX5: F7063075E0AC6E5A777A00060D477100337B9826]
[U] c:\windows\system32\drivers\nwlnkfwd.sys        [PX5: B9B73139006979BB7FBC0031EA7E320032D237D0]
[U] c:\windows\system32\drivers\atmuni.sys        [PX5: 92E7BF650082565E607E05AD216E0900953642D5]
[U] c:\windows\system32\drivers\ultra.sys        [PX5: 41CE68A780B045778F98006DDDA3600052A1B522]
[U] c:\windows\system32\drivers\ql1080.sys        [PX5: A82C642380AE2BE59DA700943B27FD00DC447A6B]
[U] c:\windows\system32\drivers\ql10wnt.sys        [PX5: 7595631F80DF50C381F200FF279FAF00F5EF7B24]
[U] c:\windows\system32\drivers\ql1240.sys        [PX5: F2BAC8600017931F9E4B00F553CCA000C43C7732]
[U] c:\windows\system32\hticons.dll        [PX5: 972AB3460053F819AE270059C500DC000BC6A5DC]
[U] c:\programme\microsoft silverlight\4.1.10111.0\agcore.dll        [PX5: F6A6275348C857AC13B85B98645A3E005CF59AA3]
[U] c:\programme\adobe\reader 9.0\reader\pdfprevhndlr.dll        [PX5: FAFF30A5B04F5B94356F017DF1CDBD00B9560F61]
[U] c:\windows\system32\g711codc.ax        [PX5: 865254DE00B6225BA232008DFCBD600012B22CEF]
[U] c:\windows\system32\drivers\aic78xx.sys        [PX5: 645E88DA8053B973DE9500E552F9DF00FDCB4867]
[U] c:\windows\system32\drivers\ql12160.sys        [PX5: 36C6F79E008C7970B15D0042B56E550063C1516E]
[U] c:\windows\system32\drivers\ql1280.sys        [PX5: 0A6F8C92806C6174BFD3001253C5130062859538]
[U] c:\windows\system32\fxssend.exe        [PX5: CC192E2000DDFC9F2CA600A8A5268D000A0AA611]
[U] c:\programme\adobe\reader 9.0\reader\viewerps.dll        [PX5: FFA172F2C08D7D984175004DDB354A0064180613]
[U] c:\programme\microsoft office\office11\mspub.exe        [PX5: 7ACEB0BB5075F5966113656A2E6DCB00046E4779]
[U] c:\windows\system32\deskadp.dll        [PX5: 7A38AB6600182B994245005EACC722004D7AB589]
[U] c:\windows\system32\deskmon.dll        [PX5: 5CC3956000B491F042CF002CF37E350020F75D1D]
[U] c:\windows\system32\drivers\ipfltdrv.sys        [PX5: E130718C809C039180F700DA0AC8EE00F2B31814]
[U] c:\windows\system32\ialmcoin_v4410.dll        [PX5: 7EBDEEC9007165A7F04200457ACC4400A6F90235]
[U] c:\windows\system32\drivers\aic78u2.sys        [PX5: 841F37AC80EF3F36D7BD000A10720200E4552005]
[U] c:\windows\system32\wupdmgr.exe        [PX5: 2DBB84FC007ACE3C7EB800E67887040034897091]
[U] c:\windows\system32\drivers\fsvga.sys        [PX5: 78ACD409008333CF30C90046F776F800DD6B1647]
[U] c:\windows\setpwrcg.exe        [PX5: F1B2109F004D5D5FC07900FAB4836500FE5754E9]
[U] c:\programme\microsoft silverlight\4.1.10111.0\coreclr.dll        [PX5: A03152C900CC4744B4553504255D840080CBA182]
[U] c:\windows\system32\rsvp.exe        [PX5: 708EE76900E163D906880231F30F2D00092EA184]
[U] c:\windows\system32\winoldap.mod        [PX5: E19A53B2202676D208C7002132DA8800B79BCD14]
[U] c:\windows\system32\ole2disp.dll        [PX5: 3E66404830EBCC7296B902E3361C6400BE12EFF7]
[U] c:\windows\system32\ddeml.dll        [PX5: 87F926CB00F2CB349A1200182C741300BAE396F9]
[U] c:\windows\system32\win87em.dll        [PX5: 22C03F9D0005E87A34B40075B0F00E00517D625F]
[U] c:\windows\system32\msacm.dll        [PX5: 9509859960B48961EF3C0048E192C7001E1E2D02]
[U] c:\windows\system32\toolhelp.dll        [PX5: 87219368400265353643009B30E21C003936EBD7]
[U] c:\windows\system32\commdlg.dll        [PX5: B3E50C8AD0643BD6833B00504A812E004DACF602]
[U] c:\windows\system32\wbem\wmitimep.dll        [PX5: B26F4213007C0CFACC5C0032B8CB26000F4AA902]
[U] c:\programme\gemeinsame dateien\microsoft shared\msinfo\msinfo32.exe        [PX5: DCC20BBB0036A3BB9EFA00953DF8F2002A7A563C]
[U] c:\windows\system32\ole2.dll        [PX5: F2FC4A2A40B7B6B59BDF00629364AB00A54AED31]
[U] c:\windows\system32\mmsystem.dll        [PX5: B5997EF700CA605710E601C8EB6DD70066F2F55A]
[U] c:\windows\fonts\vgaoem.fon        [PX5: 6CA95C4D3080777B140100C1C8350800A078F465]
[U] c:\windows\system32\drivers\parvdm.sys        [PX5: D78233F280E873FD1B40001BF0D2FD00BACAF8B2]
[U] c:\windows\system32\wbem\wmimsg.dll        [PX5: 17DE9138001AC6F9F02A008F3DD1CA00E639D17F]
[U] c:\windows\system32\drivers\atmepvc.sys        [PX5: 7363E81E80EDA4EC7A0200CE34E22400450A279B]
[U] c:\windows\system32\drivers\cpqdap01.sys        [PX5: C60D75F500CE16D02E4100D9B4337E008A228DE3]
[U] c:\windows\system32\ctl3dv2.dll        [PX5: C84734B440655DC66A4D00304EF8AC0014627D07]
[U] c:\windows\system32\d3dxof.dll        [PX5: 00C7E90800D9429BBA1500D688EACF00C87DB2F0]
[U] c:\windows\system32\deskperf.dll        [PX5: B2508B8100733CAC4876006C35B4E700DCAEC44A]
[U] c:\windows\system32\diskcomp.com        [PX5: FD83E24A00E33AB824A100536EC85C00ACA1D94F]
[U] c:\windows\system32\diskcopy.com        [PX5: 9F11BE870016CEF71C05003B3C2E0700C99A33B9]
[U] c:\windows\system32\wbem\trnsprov.dll        [PX5: 205096BD00E4DAC5EA3B00F3D53775004A2DEFF4]
[U] c:\windows\system32\dmintf.dll        [PX5: E4745039007203144863003B3C2E07008C657EC2]
[U] c:\windows\system32\wbem\tmplprov.dll        [PX5: E5D3A89900B1AD33F2F60025BBC01E00A5392763]
[U] c:\windows\system32\wbem\smtpcons.dll        [PX5: AC40A7EB00E23DA9A09200E597F3D600FDB2B9EA]
[U] c:\windows\system32\iaspolcy.dll        [PX5: 0B05E4990005B2C7469B0072B5D06600F1AB1FEE]
[U] c:\programme\gemeinsame dateien\microsoft shared\vfp\vfp8r.dll        [PX5: 26837DC0005D2C9BA0E2415B3491FA000E8D2BD8]
[U] c:\windows\system32\ipxrip.dll        [PX5: CD9AADBA00C352F754B30034163CEA000C139306]
[U] c:\windows\system32\ipxrtmgr.dll        [PX5: 5953F71D007462269CAE00DA44218A00935EB80C]
[U] c:\windows\system32\drivers\mcd.sys        [PX5: 874B185900D5916B1EF900C2FE181D00136FAB22]
[U] c:\windows\system32\mdhcp.dll        [PX5: 9CBD2A800009417DC42000396B7FB600D8B1F390]
[U] c:\windows\system32\wbem\wmipicmp.dll        [PX5: BF362AF600101AF32CF901776BE194000C904927]
[U] c:\windows\system32\mode.com        [PX5: 2E93A30400625BBF4CE400E712EA2900571D8A05]
[U] c:\windows\system32\olecli.dll        [PX5: F5FB40F500858B0244DF0121D0BC3200B432085A]
[U] c:\windows\system32\drivers\nikedrv.sys        [PX5: 31AFD82600B7B0E92F3400332F79D6008B90E2A9]
[U] c:\windows\system32\ntlanui2.dll        [PX5: 31B28537003D84B73AA5000A7557EF00D6C5C63D]
[U] c:\windows\system32\olesvr.dll        [PX5: CE221EF60049CF2B5E3B009B247C6A00F018477F]
[U] c:\windows\system32\panmap.dll        [PX5: D5F5A85F0001FBEC28F100714DA259002265767B]
[U] c:\windows\system32\rasrad.dll        [PX5: 9C52DCEB003455235C82002AF9A1AB0080B59E34]
[U] c:\windows\system32\drivers\rawwan.sys        [PX5: 3623B25780ED679386B1006F511AA700A8DBED63]
[U] c:\windows\system32\drivers\rio8drv.sys        [PX5: 689BF8B80051228F2F8000540597A5009049C8B5]
[U] c:\windows\system32\drivers\riodrv.sys        [PX5: 31AFD82600B7B0E92F3400332F79D600DA0E26E7]
[U] c:\windows\system32\drivers\rootmdm.sys        [PX5: F3E7979300A8EEA3177100743639FF0080591A18]
[U] c:\windows\system32\rsmui.exe        [PX5: 16BEDBA400BD61ABC2D300A5320A7F00E4BD8A8D]
[U] c:\windows\system32\drivers\smclib.sys        [PX5: 8A9722BD003AC63939580092009AC20088FC78D8]
[U] c:\windows\system32\storage.dll        [PX5: 60BAD4D270E3252C10B800A49D4C780095AFB292]
[U] c:\windows\system32\drivers\tsbvcap.sys        [PX5: 87882BA880A89CF8537500BE0BB03800CD0425CD]
[U] c:\windows\twunk_16.exe        [PX5: F36A27171006EDD2C23C0094956AFB0056981184]
[U] c:\windows\twunk_32.exe        [PX5: 5D53387700CBFAF764B000A2172748002D7A396C]
[U] c:\windows\system32\drivers\vdmindvd.sys        [PX5: 5DFBB3300012B79DE3E300778EC928004FCDB2AF]
[U] c:\windows\system32\win.com        [PX5: 4E1E179E00A1B00F481B003D92602E007B8F5F12]
[U] c:\windows\system32\winspool.exe        [PX5: F5BB157440E5748C08D600021F9AD300B79BCD14]
[U] c:\windows\system32\wowdeb.exe        [PX5: C1613D5DB0A80A260ABB006471357400B79BCD14]
[U] c:\windows\system32\wbem\updprov.dll        [PX5: BAE85062007E0BB2C685016BA732CF008F5B2F01]
[U] c:\windows\vmmreg32.dll        [PX5: 432FC082006D54B54A9800E9BF6ADE0089453257]
[U] c:\windows\system32\drivers\acpiec.sys        [PX5: F21BE3DC800E8A0A2F3C009238A73C00223D7063]
[U] c:\windows\system32\drivers\oprghdlr.sys        [PX5: 691E96B980EF4DD30D2300DD63265E00B79BCD14]
[U] c:\windows\system32\wbem\fwdprov.dll        [PX5: 97A5100600611BC0D04C0030FF254700DD82D655]
[U] c:\windows\system32\iasads.dll        [PX5: A0854B2800C7DFABA2B200A6634EF8004682F95D]
[U] c:\windows\system32\iasacct.dll        [PX5: 0E6DBB53009CA7055C8B0087E28CD1002E8DF0E5]
[U] c:\windows\system32\wiasf.ax        [PX5: A458AA4100A5B1809E8100A98C255200ADBA2A08]
[U] c:\windows\system32\sdpblb.dll        [PX5: B61081F80002DC69FCF10175B2E85600D4F8161A]
[U] c:\windows\system32\rdpcfgex.dll        [PX5: BC51E2AB00FD6DEA12E800C1F661D90061E914A0]
[U] c:\windows\system32\swprv.dll        [PX5: A806F3920077156D1EC60219CCF44C001AD1E757]
[U] c:\windows\taskman.exe        [PX5: 3F2A394F00E022653EEA00BD2EAB56008E111289]
[U] c:\windows\system32\wbem\unsecapp.exe        [PX5: 037DFB15008CDA1D427F007D3466080093CC78A3]
[U] c:\windows\system32\wbem\wbemads.dll        [PX5: B76EA58700D09400309300120A757300AB6F5350]
[U] c:\windows\system32\dmocx.dll        [PX5: D71C9861008B65584C9B00C043DDC800B935F58D]
[U] c:\windows\system32\mciwave.drv        [PX5: 4D15592B0006473D6E3900034B93AF002C41B6EA]
[U] c:\windows\system32\compobj.dll        [PX5: DA21156DD0BCD8E77562007DCF26A600F4FFDA3F]
[U] c:\windows\system32\drivers\nwlnknb.sys        [PX5: 04BB889700AAB944F73D0096D8122400A0912260]
[U] c:\windows\system32\drivers\nwlnkspx.sys        [PX5: 38D410228045AB3DDA820098A4E752008EA9780C]
[U] c:\programme\msn gaming zone\windows\zclientm.exe        [PX5: 58CE6D5C4901D7FD901900C56DBD8D00307557B5]
[U] c:\windows\pchealth\helpctr\binaries\brpinfo.dll        [PX5: 6B50DA7B0044576A5412005ECAA95900A3CA27F3]
[U] c:\programme\gemeinsame dateien\microsoft shared\grphflt\wpgexp32.flt        [PX5: AD28D8EA00A2E2DE50320171DF11DA00E802450B]
[U] c:\windows\system32\wshnetbs.dll        [PX5: 0B83A119000A99EB1CE9006990E88A003BE97930]
[U] c:\programme\windows nt\hypertrm.exe        [PX5: 9157360300680C046EEE004E48378400C29252C2]
[U] c:\windows\system32\drivers\adpu160m.sys        [PX5: A646098B00C8A7478EF4012AC693E40053E6B855]
[U] c:\windows\system32\drivers\e100b325.sys        [PX5: F259B54600607D05CCFA011F853F80006BB010DA]
[U] c:\windows\system32\drivers\dac2w2k.sys        [PX5: 2988280A8061B19BBDB80278B0C05C0011F9526A]
[U] c:\windows\system32\mprddm.dll        [PX5: 1E87929000E2C2940E20019F10EC7C002A004CC0]
[U] c:\windows\system32\drivers\tosdvd.sys        [PX5: 628D18D7002B7E40CAFC00177DE27100B717B0CE]
[U] c:\windows\system32\ole2nls.dll        [PX5: 09B13294B021FA9E558F026E08072F00900228B5]
[U] c:\windows\system32\iassvcs.dll        [PX5: AD36E36D008E4824F2040090154A0F00E1A7B239]
[U] c:\windows\system32\iasnap.dll        [PX5: D1453BB000CBD1BFF4AF009D662E66007CCC3964]
[U] c:\windows\system32\iashlpr.dll        [PX5: 6A243E5100EDC38D7E9500311E0614001FF1C6DF]
[U] c:\windows\system32\msaatext.dll        [PX5: 7FFB71AF003856EE92B60105381D71008A7FC26D]
[U] c:\windows\system32\ipxsap.dll        [PX5: FAD746B9007BD227043401F58EDD66009BF1A3C3]
[U] c:\windows\system32\lanman.drv        [PX5: 979919E9109F8F89739803C59F91BE005572B13A]
[U] c:\windows\system32\fsusd.dll        [PX5: 970D3E7900099AA2409D01D326861F002D46CA2A]
[U] c:\windows\system32\docprop.dll        [PX5: 5AEBC5B500133D42BA050002FAF14D00FA76FAEE]
[U] c:\windows\system32\dmview.ocx        [PX5: 9B0017BD009C3000F057005D653B2600C11EEFEA]
[U] c:\windows\system32\ntsd.exe        [PX5: 3A2AF65D002D211C7C10004432E9BD00A739BA2A]
[U] c:\windows\system32\acelpdec.ax        [PX5: 838055F100D46D00F28D003FD1167600A973152E]
[U] c:\windows\system32\mciseq.drv        [PX5: 29BE5A79D02501D962B1006D9F644A004DC598FB]
[U] c:\windows\system32\graftabl.com        [PX5: 0FE61FD6007A5D06668800223CE439009567DF04]
[U] c:\windows\system32\msr2c.dll        [PX5: 2ECB083700BDD5DD1027017D93CB5100CF931A54]
[U] c:\programme\msn\msncorefiles\install\msnsusii.exe        [PX5: C7387880D830739EDC810D68D20F5D004263165A]
[U] c:\windows\system32\edit.com        [PX5: B542A12F6E6E0DA415520148D1845800ED9F60B4]
[U] c:\windows\system32\mciavi.drv        [PX5: FD5C7DEA20EEA2C72056011DA830F200A7FFE5D6]
[U] c:\windows\twain.dll        [PX5: F27DC35B50CCD66A72E8010595862C0004CBD1F8]
[U] c:\windows\system32\typelib.dll        [PX5: C0620321C004C14EB60D020DCCE16200701F9AEA]
[U] c:\windows\system32\scardssp.dll        [PX5: 93BA559F00DEC9DCD05F01FDA4A360001BEE7D23]
[U] c:\windows\microsoft.net\framework\v1.1.4322\configwizards.exe        [PX5: 3559A8C600A0D6E7C0DF00B3E52649008AC2F3B9]
[U] c:\windows\system32\rend.dll        [PX5: F2BB8D60009CAACAA4210161D1BEF10066161912]
[U] c:\windows\system32\diactfrm.dll        [PX5: A23D0D7700ED843508550688EE82B000F87F9ADA]
[U] c:\windows\system32\csseqchk.dll        [PX5: EAB49AF700F317E720A5018D38A67400BF01A018]
[U] c:\windows\system32\msvideo.dll        [PX5: 0BB88544806833B9F080012F00509C00B96AD7CE]
[U] c:\windows\system32\wbem\dsprov.dll        [PX5: E528A06400EF828AD64501BEA01D4600627E1E1F]
[U] c:\windows\system32\iassam.dll        [PX5: FB09B63C00B05CA0521D018D07FB20008049487A]
[U] c:\windows\system32\d3drm.dll        [PX5: 6145356E00FF5E9E586805F3BD5BD40054DB6BFF]
[U] c:\programme\gemeinsame dateien\microsoft shared\works shared\aw.dll        [PX5: 4A0DBBED3240B13330B502E5E7AACA008DE84B75]
[U] c:\programme\gemeinsame dateien\speechengines\microsoft\spcommon.dll        [PX5: F0C3BDE90098B4263080017505BEE700A6A0FB15]
[U] c:\windows\system32\langwrbk.dll        [PX5: 122401F7002A749B5E61016B6B783100FC8083F6]
[U] c:\windows\system32\netapi.dll        [PX5: 3B2621E2C04DF3B2A77E0156CAF52A00A1424563]
[U] c:\windows\system32\calc.exe        [PX5: 5BDBC96E001A8363C02501E8D53F0300B3AF85ED]
[U] c:\windows\system32\krnl386.exe        [PX5: 0363E948E0B228E169DC012D6A7C590010AD67B4]
[U] c:\programme\gemeinsame dateien\microsoft shared\msinfo\ieinfo5.ocx        [PX5: 259544D700F216C270E101492127480068E5F589]
[U] c:\windows\system32\avifile.dll        [PX5: 4ED3A0D9C077CED2ABD5016052733100D7A4582F]
[U] c:\windows\system32\wiavusd.dll        [PX5: 9E9208DD007160AC382D02309C295C0094E700F6]
[U] c:\windows\system32\avicap.dll        [PX5: 6D67EC12E084E54E124201FFF5F62900B422894F]
[U] c:\windows\system32\charmap.exe        [PX5: 8A8C595C00117FE93CB201F2CEF5910022E4E9E5]
[U] c:\windows\system32\ciadmin.dll        [PX5: 94E01BF000208BB9881D0244A9D6160077A18E44]
[U] c:\windows\system32\autodisc.dll        [PX5: 2277A428004F7FBF3CEB01CF5AF597002B47B08F]
[U] c:\windows\microsoft.net\framework\v1.1.4322\mscormmc.dll        [PX5: B6FE43C400F17A34002A02E62768D200EC50F2B2]
[U] c:\windows\system32\gcdef.dll        [PX5: B732D89C0058F63532F9015A301A3300C778F8D1]
[U] c:\windows\system32\iasrecst.dll        [PX5: 9B4E04DB0040F75728E9026A12A6540036261797]
[U] c:\windows\system32\xenroll.dll        [PX5: 2CBADB2D78AD36EBB05C02778CBE9B0061E68869]
[U] c:\windows\winhelp.exe        [PX5: CE4758B520A013DAEE33037C5678DA00292EBF99]
[U] c:\programme\gemeinsame dateien\speechengines\microsoft\tts\1033\spttseng.dll        [PX5: 04DD493100ED6548D0500BBAA8D87600F453E6DF]
[U] c:\windows\system32\wbem\msiprov.dll        [PX5: A1FD7CF200819ABB2E3904384A503300E353A81A]
[U] c:\windows\system32\iassdo.dll        [PX5: 4ABC77DD007721DADA3B03A96DA1B00028980870]
[U] c:\windows\system32\avtapi.dll        [PX5: E38D5FF00004FC058E50033723381E008C5DA44C]
[U] c:\programme\sweetim\toolbars\internet explorer\mgtoolbarie.dll        [PX5: 20DECCCA30EBD4BE4D921401DF89EB0032BF86F8]
[U] c:\programme\gemeinsame dateien\mssoap\binaries\mssoap1.dll        [PX5: F109385B00300BC6985C03C37277B800EB0BEC50]
[U] c:\windows\system32\infosoft.dll        [PX5: DD7F838D0071179DE01F06FDC955820033CEFA83]
[U] c:\windows\system32\drivers\cinemst2.sys        [PX5: 7C4B5F6480542F0A010D0467679A3400E2B14447]
[U] c:\programme\gemeinsame dateien\microsoft shared\web server extensions\40\bin\fp4awec.dll        [PX5: A6A73D246D8D1A0AE02106D895FF8C00F6CACDF0]
[U] c:\programme\adobe\reader 9.0\reader\pdfprevhndlrshim.exe        [PX5: 17DAEAC5C88BC887C508013A4F8E7E0071EBAD36]
[U] c:\programme\adobe\reader 9.0\reader\acrordif.dll        [PX5: 97A5C241B080B563D53901938843090003F59A82]
[U] c:\windows\system32\drivers\nv4_mini.sys        [PX5: 917F7FE8C02DB936F3411C8AC739AB0032E68CB2]
[U] c:\programme\adobe\reader 9.0\reader\acrobroker.exe        [PX5: 2876A3C3D88E642F45D104D7C87AF300532D6AB8]
[U] c:\dokumente und einstellungen\admin\lokale einstellungen\anwendungsdaten\zonealarm\tbzon0.dll        [PX5: 53EAE9A328C756371F0343489F58FE00B997C8BA]
[U] c:\programme\wizard101(de)\unins000.exe        [PX5: 5C69A5479B8906F3FBFC117C7CBCAC00EA6F0BFB]
[U] c:\windows\system32\ieframe.dll        [PX5: 1B0B60F90073F12A1A19A98D5EC70600AB3C663E]
[U] c:\windows\system32\mshtml.dll        [PX5: CCD06B7D00208B9C3C285B0187709000B166F9C6]
[U] c:\windows\system32\drivers\wmilib.sys        [PX5: 7A1B707D0098974111DB00C8E2E10C00FCC422B3]
[U] c:\windows\system32\drivers\pciide.sys        [PX5: 826808EE00CFD8500D55002AE8E7E200B79BCD14]
[U] c:\windows\system32\drivers\ftdisk.sys        [PX5: D543638280F1FAF5EDA30154BD3E77000D1BD1CA]
[U] c:\windows\system32\drivers\audstub.sys        [PX5: C910D030000E35B30CDC00441BDEF300B79BCD14]
[U] c:\windows\system32\drivers\null.sys        [PX5: 7047032880E19D2B0B4300F23A496700B79BCD14]
[U] c:\windows\system32\lz32.dll        [PX5: 93670382006E627E0AA70031FB056300B79BCD14]
[U] c:\windows\system32\drivers\dxgthk.sys        [PX5: 0164AB8900598A330DE900E4FEF37900B79BCD14]
[U] c:\windows\system32\drivers\fs_rec.sys        [PX5: 2E3179C900CB71741FBA004F645EEB00865149D3]
[U] c:\windows\system32\drivers\beep.sys        [PX5: F62FA4F780D77A5110B2005CD7507900637E04C1]
[U] c:\windows\system32\drivers\mnmdd.sys        [PX5: 33A41DEC8064684210700001C4EA1400320E2D4F]
[U] c:\windows\system32\drivers\rdpcdd.sys        [PX5: 14FCFAAE80A686EB103300CFAE183900CB624D74]
[U] c:\windows\system32\drivers\ptilink.sys        [PX5: F96F182D805891FA452B007EBD870E004C25BA07]
[U] c:\windows\fonts\vgasys.fon        [PX5: 374F9840707DD0451C8100F3EB938400C3FB24D8]
[U] c:\windows\fonts\vgafix.fon        [PX5: 91E18BC7F0A0037314FB006B55157F001FC9364C]
[U] c:\windows\system32\drivers\raspti.sys        [PX5: 506F10F380FEE57C406900BE351741009F00F0DE]
[U] c:\windows\system32\drivers\rasacd.sys        [PX5: EF519CA180B540A42200002C4F06E3005372DD33]
[U] c:\windows\system32\drivers\cdaudio.sys        [PX5: 7D0D30B9001A5352491B006D9C79D000079079B1]
[U] c:\windows\system32\kbdgr.dll        [PX5: 4DF569E700DDEF701857000515A4BD009E9A507D]
[U] c:\windows\system32\kbdus.dll        [PX5: 1C8DFBD6007B7263161C00B564992B00403FEB69]
[U] c:\windows\system32\drivers\ws2ifsl.sys        [PX5: E3FE23AC0026FAFE2FF10052E88519002DA1A545]
[U] c:\windows\system32\drivers\dxapi.sys        [PX5: D0E069F50027643C29470029619BD400B7B7054A]
[U] c:\windows\system32\vga.dll        [PX5: 9E0179DF80EA0466248000DDC9EF1800597A3AC6]
[U] c:\windows\system32\olesvr32.dll        [PX5: EA7512BF00DA3B5E563800BFD1156A00CA867A4D]
[U] c:\windows\system32\clb.dll        [PX5: 1D451103005872552CF700E4712A4100AC9BD44F]
[U] c:\windows\system32\drivers\bcm4sbxp.sys        [PX5: 83F8B74F0083E78FB10B00DD2ABB38000D9705C7]
[U] c:\windows\system32\olethk32.dll        [PX5: 76AD5B550048466B0EB8015E630C6500D4F248DC]
[U] c:\windows\pchealth\helpctr\binaries\hcappres.dll        [PX5: FD9CC7C2006D19051EFC0012D2480F00A20B7F8D]
[U] c:\windows\system32\control.exe        [PX5: F0C9BB9B00D7FEE920C900E6B3BA7000AAC311FC]
[U] c:\windows\system32\tssoft32.acm        [PX5: 321787E40078F5BA20E000C38B02C600C7705B34]
[U] c:\windows\system32\mpnotify.exe        [PX5: A53FF43500FBCDFB56B7003B7441B3007A16883E]
[U] c:\windows\system32\fxsroute.dll        [PX5: 2664584E007DEC067C6B00C75A8B6C00EF32819A]
[U] c:\windows\system32\msg711.acm        [PX5: 290EEC75004AAB9324510012D62AF30037DC8D77]
[U] c:\windows\system32\wups.dll        [PX5: 04CF6114E0569C2C8A6A0094E0349F00C93E5435]
[U] c:\windows\system32\msgsm32.acm        [PX5: 3B6B5DA400BD651B4E78005CEA8BB800E1579172]
[U] c:\windows\microsoft.net\framework\v1.1.4322\de\aspnet_rc.dll        [PX5: 570D1FB4009618B7B06000CDE68D22008E423309]
[U] c:\windows\system32\pschdprf.dll        [PX5: BDA233CF00383C012A6B003B039D1D00917FAFF1]
[U] c:\windows\system32\rasctrs.dll        [PX5: 7B40074900CC7ADA3009003B3C2E070046B8FF7A]
[U] c:\windows\system32\rsvpperf.dll        [PX5: 751D458900EFCBBC26D2003B3C2E070032CD163F]
[U] c:\windows\system32\netevent.dll        [PX5: 94C699D4006637CDCA1303FC7804750009951F52]
[U] c:\windows\system32\dfrgres.dll        [PX5: 072EC2A00033936AD6EF008633593C006550C317]
[U] c:\windows\system32\tapiperf.dll        [PX5: 0EC337E800BC7520160C0089D5B62C00FD76F1A6]
[U] c:\windows\system32\perfts.dll        [PX5: AE9073F600B211AB30C8004AEAD2430041B25501]
[U] c:\windows\system32\wbem\xml\wmi2xml.dll        [PX5: 105D5884005BBA35B2DE00FA81117100EC1DD379]
[U] c:\windows\system32\mui\0007\hhctrlui.dll        [PX5: 0FCBA7E700D2946E642C01280ED19000EDB9311F]
[U] c:\windows\system32\drwtsn32.exe        [PX5: A6E299D4002B6CDFB8AF005912C34700F1861737]
[U] c:\windows\system32\msg723.acm        [PX5: BF75D8B1003007BCD04701D9AD2CB90025EA44BE]
[U] c:\windows\system32\mapi32.dll        [PX5: 77CE006E002FA354B66F013FF868D7000AA80681]
[U] c:\windows\system32\sndvol32.exe        [PX5: B753B5C9006E7A81222602D8A87144001171B1C7]
[U] c:\windows\system32\ir32_32.dll        [PX5: 48C6FD2800CF7D770AB40340E9EE0B004F741A40]
[U] c:\windows\system32\vss_ps.dll        [PX5: F64501C100BEED26425A0090143FA6004C3A332A]
[U] c:\windows\system32\mycomput.dll        [PX5: DDB834B800263B836280016265067E00D4939874]
[U] c:\windows\system32\icmui.dll        [PX5: C81096D600DADF76D847006AF0AEED0042A28F75]
[U] c:\windows\system32\rsmsink.exe        [PX5: EF51A26E00AFAF5B600200C8B3DD63004F443B56]
[U] c:\windows\system32\chcp.com        [PX5: 62142BAC004172551EE000230CC13000F18FD81F]
[U] c:\windows\system32\pmspl.dll        [PX5: 98CDEBDE0094268EB67200C1C6BF85009014DA93]
[U] c:\windows\system32\drivers\ccdcmb.sys        [PX5: 1CF343CA006D149F47360030765C4700B30363B1]
[U] c:\windows\system32\ddmi2.sys        [PX5: 974F6FD141A700C81BE200244F33EF0087628BB4]
[U] c:\windows\system32\drivers\s116nd5.sys        [PX5: 59A1F11488BBFE3D5A8400D571830800411E336F]
[U] c:\windows\system32\cisvc.exe        [PX5: 5B1FCEE900C604831646004596EDB600A74ED4C6]
[U] c:\windows\system32\mshta.exe.mui        [PX5: 3691C2C600A651B60AD800778E9E2500B79BCD14]
[U] c:\windows\system32\dmserver.dll        [PX5: 041131C900AC1BCB5E89005708E5AC00E51DD398]
[U] c:\windows\system32\drivers\agp440.sys        [PX5: 92796BB0806349F8A56F00F55D76CD005A64789A]
[U] c:\windows\system32\drivers\s116mdfl.sys        [PX5: 25E7EA91080359613BBC008BF973C80099D703A8]
[U] c:\windows\system32\w3ssl.dll        [PX5: 6C3C5B0A003E1F303E1E00FA8E0DA50013697EFD]
[U] c:\windows\system32\ups.exe        [PX5: EB0902AB000750CB4840003FB8388C00F3DC32AA]
[U] c:\windows\system32\sclgntfy.dll        [PX5: B7AE331900B0655F5AC000FE3D9C0B004B0D353F]
[U] c:\windows\system32\drivers\usbser_lowerflt.sys        [PX5: 72905DD900B0840120C1006B47D55A009589B6D8]
[U] c:\windows\system32\drivers\usbser_lowerfltj.sys        [PX5: 53D4BC7E007EDDA2206A0074A154A400AA793159]
[U] c:\windows\system32\mnmsrvc.exe        [PX5: 09A774C800D71BFC80AE005F190EAC002F974098]
[U] c:\windows\system32\drivers\s116wh.sys        [PX5: 57E4D21F88F2A72730140021A2303C00830A46BA]
[U] c:\windows\system32\drivers\s116whnt.sys        [PX5: 57E4D21F88F2A72730140021A2303C00830A46BA]
[U] c:\windows\system32\drivers\s116cm.sys        [PX5: 778183D28813831830E1000EC9D22200CCB83F0E]
[U] c:\windows\system32\drivers\hidbth.sys        [PX5: C468F04A00AB923165CD0019D9EDE70098F4ADD1]
[U] c:\windows\system32\drivers\agpcpq.sys        [PX5: 3C2A452B80CBBE67AF240060110ED70068FEC41D]
[U] c:\windows\system32\drivers\bthprint.sys        [PX5: 15F50C358083D21A8E0C007F137244008C573A12]
[U] c:\windows\system32\slayerxp.dll        [PX5: FAC2ED310070C9AE64380036AB5FCC0089903415]
[U] c:\windows\system32\drivers\crusoe.sys        [PX5: DD5C92A780A171379F24001BB46BB9007EDAD51E]
[U] c:\windows\system32\drivers\stream.sys        [PX5: FDEA7CEA00E734D3C1DE0004BF4241007DE59088]
[U] c:\windows\system32\drivers\tdtcp.sys        [PX5: 8942980688A6EF76558200032BC6D800DD26DD28]
[U] c:\windows\system32\drivers\gagp30kx.sys        [PX5: 642F878C801E7D44B50600016FDC9C0046817CE7]
[U] c:\windows\system32\dssec.dll        [PX5: 082A2FB500F7D81FCC3800C338A20A00EADBD389]
[U] c:\windows\system32\drivers\pccsmcfd.sys        [PX5: E358987780D5A833491F0003530A1700421C3BC7]
[U] c:\windows\system32\drivers\siint5.dll        [PX5: F141B3BE3D6D02440F8A00D5CEF19500B79BCD14]
[U] c:\windows\system32\drivers\uagp35.sys        [PX5: 9D095C07801C22E3AE6600D63D61E600782D745D]
[U] c:\windows\system32\drivers\adv11nt5.dll        [PX5: 7673ED26BF9B09EC0EC100AA8F307F00B79BCD14]
[U] c:\windows\system32\drivers\amdagp.sys        [PX5: E6EB08360057179FA86C00430CC301004CB71E2C]
[U] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe        [PX5: 29E1613918B5437BB4A000056BA30D0085A65364]
[U] c:\windows\system32\drivers\alim1541.sys        [PX5: 9F57E1E200726D99A7A3005976AF0500D3B95DEC]
[U] c:\windows\system32\drivers\usbscan.sys        [PX5: A345B33E004758873B29000DE02C9B00FEA79BC2]
[U] c:\windows\system32\drivers\adv09nt5.dll        [PX5: E173D95F7FF335B60E3300DD69199800B79BCD14]
[U] c:\windows\system32\drivers\pxkbf.sys        [PX5: 2EA3F3ABF0130F2A653300A5265A1E00C6F8D0F4]
[U] c:\windows\system32\drivers\fdc.sys        [PX5: 030113CC009ED3836B77000B64308F00665FD179]
[U] c:\windows\system32\drivers\usbaudio.sys        [PX5: 61FF99838018C997EA650050BC760E009F3DAFF2]
[U] c:\windows\system32\drivers\irenum.sys        [PX5: EFF123FF009559F82C9800EF91504100B6FCDE09]
[U] c:\windows\system32\drivers\adv08nt5.dll        [PX5: FE00241D3F1E00A10CCF000606C17100B79BCD14]
[U] c:\windows\system32\drivers\ati1mdxx.sys        [PX5: 9A0348305FAB82F42D270060B8503E0045CF641B]
[U] c:\windows\system32\drivers\wadv11nt.sys        [PX5: 3270838B9F1CA4BC2ECD00F52065DC007F926E55]
[U] c:\windows\system32\drivers\tdpipe.sys        [PX5: 3FCBC6C1086354332FFD003DE3512D00E0553E49]
[U] c:\windows\system32\drivers\viaide.sys        [PX5: 763F36E3001A65E115B100F2DCFD2A00B7136772]
[U] c:\windows\system32\drivers\mspqm.sys        [PX5: E79874108063B1F513260078C414AC00D0AB678F]
[U] c:\windows\system32\drivers\atv02nt5.dll        [PX5: 2CF903F35FE772BB2CB900906A3B9C00B64531A8]
[U] c:\windows\system32\drivers\mspclock.sys        [PX5: E3D3244C00A7CE72157A001337247B008F8E8497]
[U] c:\windows\system32\drivers\mskssrv.sys        [PX5: 1206502B8070367E1DC0005B0E279D003A9EE63B]
[U] c:\windows\system32\drivers\smbali.sys        [PX5: 12482C94000568C617170054DB39780005417B03]
[U] c:\windows\system32\drivers\tunmp.sys        [PX5: CBD0AEE30035D6A5300B00CF5C41910059532CD5]
[U] c:\windows\system32\drivers\sffdisk.sys        [PX5: BCD0F07C80BDA6002E68000865B1AD002DF173D8]
[U] c:\windows\system32\drivers\atinmdxx.sys        [PX5: F01147EA00BE7AB736CC00E44C302A00BEEA352D]
[U] c:\windows\system32\drivers\vchnt5.dll        [PX5: 0ED594033D76220A2CCA00C298481800F7EE2D11]
[U] c:\windows\system32\drivers\adv01nt5.dll        [PX5: F3CEDD4B9F8B578F10D400C06F170800891B8370]
[U] c:\windows\system32\drivers\diskdump.sys        [PX5: 6D7A5F848072A37B37EB00C342763700A71B4DD2]
[U] c:\windows\system32\drivers\sffp_mmc.sys        [PX5: 0D9613CE000C9FDF284300164391810062DCB727]
[U] c:\windows\system32\dfsshlex.dll        [PX5: 6935BB0F004A750A70830023BC27D6007F3E5BBF]
[U] c:\windows\system32\drivers\adv02nt5.dll        [PX5: 861945D37F6CE6440F3500984FB4FE00B79BCD14]
[U] c:\windows\system32\drivers\recagent.sys        [PX5: 8230DA32D0FF3CCB359200458A49D1005077BCC7]
[U] c:\windows\system32\drivers\s116cmnt.sys        [PX5: 778183D28813831830E1000EC9D22200CCB83F0E]
[U] c:\windows\system32\drivers\slwdmsup.sys        [PX5: 16863D5CB8EACC283314005DED01E500658864AF]
[U] c:\windows\system32\drivers\watv10nt.sys        [PX5: BC7A9CF57F55E4C36384008A4A3A0700A414BF9F]
[U] c:\windows\system32\drivers\s116cr.sys        [PX5: 7343E48E0805FDDD2B8200298604180062BC0B9B]
[U] c:\windows\system32\drivers\sffp_sd.sys        [PX5: 2962F907000470602BFC005958959E005F3F9EDD]
[U] c:\windows\system32\hidserv.dll        [PX5: 041E3559001A199854B000E2F21EE100E401225C]
[U] c:\windows\system32\drivers\usb8023x.sys        [PX5: 3E77E626002C4E4732F6001737A36500BD2ED064]
[U] c:\windows\system32\drivers\adv05nt5.dll        [PX5: 5D753EE01F6F42CF0E95003194A3FE00B79BCD14]
[U] c:\windows\system32\drivers\atinpdxx.sys        [PX5: 56DABC9E00199F9D38D000631CEE050045090A25]
[U] c:\windows\system32\drivers\k750mdfl.sys        [PX5: BBF2C4C3B0B982E01916007DB05AF200A48E60D7]
[U] c:\windows\system32\drivers\wadv09nt.sys        [PX5: 5DB73A5C5FAB7A1D2EB000A4DD02C800BA660E95]
[U] c:\windows\system32\drivers\wadv08nt.sys        [PX5: 4CF103A01F6123B62CFA0037B0C1FD00836A25AA]
[U] c:\windows\system32\drivers\wadv07nt.sys        [PX5: 1E0FE3D21FE339D22E2B008596227200617F8D26]
[U] c:\windows\system32\drivers\mutohpen.sys        [PX5: F0516BDE807DC7ED312D00118D1A3F00F3D76BCF]
[U] c:\windows\system32\drivers\adv07nt5.dll        [PX5: A921A5C03FFE4E930E2D00DEA00D0C00B79BCD14]
[U] c:\windows\system32\drivers\k750cmnt.sys        [PX5: 9139F45700380BB5189900EC482D1100B0CCF94B]
[U] c:\windows\system32\drivers\ati1pdxx.sys        [PX5: E991404B0FFD6FF82F7000461A312B002816CEC0]
[U] c:\windows\system32\drivers\wacompen.sys        [PX5: BD7D24B780B23628379400D942852C00086B47B3]
[U] c:\windows\system32\drivers\tape.sys        [PX5: 1278B1EF80B32A683A3F0096934CD200CD93C3A7]
[U] c:\windows\system32\drivers\k750cm.sys        [PX5: 9139F45700380BB5189900EC482D1100B0CCF94B]
[U] c:\windows\system32\drivers\k750whnt.sys        [PX5: 9B7927F87064610A168100A17F82920047BCBD7B]
[U] c:\windows\system32\drivers\usbintel.sys        [PX5: 46A2709400A8B9863E99007B5ED70B00A3584D07]
[U] c:\windows\system32\drivers\k750wh.sys        [PX5: 9B7927F87064610A168100A17F82920047BCBD7B]
[U] c:\windows\system32\drivers\usb8023.sys        [PX5: 3E77E626002C4E4732F6001737A36500DF1D4C45]
[U] c:\windows\system32\drivers\atinttxx.sys        [PX5: 4D021E9A00CC1BA9364D00987AB05B00A6802140]
[U] c:\windows\system32\drivers\vnusb.sys        [PX5: 8886EE916030A070960100C80C86160041B12F28]
[U] c:\windows\system32\drivers\atv06nt5.dll        [PX5: 366698F63FC80BE037260071F2D88D007996ED68]
[U] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe        [PX5: A1641FCD08C637E48661006025BFA10083500E28]
[U] c:\windows\system32\drivers\usbcamd.sys        [PX5: 2C68E76000C0840A6439007754862A00090E71FE]
[U] c:\windows\system32\sendmail.dll        [PX5: 8088824600394EBAD8B8000ECF53A80050A09EDB]
[U] c:\windows\system32\drivers\i2omp.sys        [PX5: 53DD5A928056D71F48AC00DEF5424100542EC81C]
[U] c:\windows\system32\drivers\ch7xxnt5.dll        [PX5: 9CA6D35A3FDA46E93C6100BF4DDD2A00DCD51233]
[U] c:\windows\system32\drivers\flpydisk.sys        [PX5: 60E1171000EEA79E50BF00391F7EE0003B4C37EA]
[U] c:\windows\system32\drivers\atv10nt5.dll        [PX5: 8814C54C7F821B6843840006D80676002F5F56FB]
[U] c:\windows\system32\drivers\bthenum.sys        [PX5: 67DA124780F37F2D4207001BE7C4FB00803D6E14]
[U] c:\windows\system32\drivers\bthusb.sys        [PX5: 44B073E300227E634AF300C25065D300C03386E0]
[U] c:\windows\system32\drivers\ccdcmbo.sys        [PX5: D4BA82BC00A0F298583800B84ECFBD00E0E8D2A4]
[U] c:\windows\system32\drivers\atv01nt5.dll        [PX5: A94A4696BFCAC54652B100A888619100994DDD6E]
[U] c:\windows\system32\drivers\hidir.sys        [PX5: 385910E500491C2A4B2500B2238855006E25FC7E]
[U] c:\windows\system32\drivers\atv04nt5.dll        [PX5: 3A7C21F37F7A525863F4009E8193B800B057BF4C]
[U] c:\windows\system32\msgsvc.dll        [PX5: 5E02C29800B6B931848C0041CB447100259D104B]
[U] c:\windows\msagent\agentpsh.dll        [PX5: 8176B90900FAAFC85EF900E8D2175300A3725A5E]
[U] c:\windows\system32\drivers\ipinip.sys        [PX5: 9655BFAF8030F62E513A00C352D24800CFB42084]
[U] c:\windows\system32\drivers\secdrv.sys        [PX5: 84A9A7CB006F9ECC508100883E7135006D51A95C]
[U] c:\windows\system32\drivers\atinbtxx.sys        [PX5: 734A4454007FFA55E29F00FF52B7680047F5F3B1]
[U] c:\windows\system32\drivers\sonydcam.sys        [PX5: 7C98490200F27A6F636900C11EF4E300DD4774BE]
[U] c:\windows\system32\drivers\watv06nt.sys        [PX5: D04CA646FF640CF256F2007383ABD9003A191E15]
[U] c:\windows\system32\drivers\atinsnxx.sys        [PX5: B12DD4A0005F1C4B7090009378B5920090FEE997]
[U] c:\windows\system32\drivers\ati1ttxx.sys        [PX5: 9031E7695FDBA0F15365004FF9F694004110881D]
[U] c:\programme\outlook express\wabfind.dll        [PX5: 0442061800C19A9380580042741F6000B701FBE7]
[U] c:\windows\system32\drivers\rndismpx.sys        [PX5: 120F9F0E8086D832779500950845710052090A7D]
[U] c:\windows\system32\drivers\usbser.sys        [PX5: D16270FE00394187664D00DB9E478000E807D02B]
[U] c:\windows\system32\drivers\rndismp.sys        [PX5: 120F9F0E8086D8327795009508457100EA4A9887]
[U] c:\windows\system32\drivers\usbccgp.sys        [PX5: D222D7908042C86E7D3300BF92539B00369250E9]
[U] c:\windows\system32\mspmsnsv.dll        [PX5: F82E387E009585B66A440052C05A4E0090AF0C84]
[U] c:\windows\system32\drivers\ati1raxx.sys        [PX5: D7E83838CFFBCC21778E006C6ECA69008610B277]
[U] c:\windows\system32\drivers\usbcamd2.sys        [PX5: 2C68E76080C0840A6439007754862A00AB77FF15]
[U] c:\windows\system32\drivers\ati1snxx.sys        [PX5: B555A9DCFFB1FA6F666D00BC1653D600EE3B9E3F]
[U] c:\windows\system32\drivers\atinxbxx.sys        [PX5: D3D6841600E9C8A17C9D00EE54392C008BFD8C61]
[U] c:\windows\system32\drivers\ati1xbxx.sys        [PX5: 50BEFAA40FC66AE3731C0014DEE71F00327B8872]
[U] c:\windows\system32\docprop2.dll        [PX5: 8E82DE1F00AADC85BEE4005581292C00CECF402D]
[U] c:\windows\system32\wuaueng.dll.mui        [PX5: A939C756E0188A71460400808DAB9400F5F0CD2B]
[U] c:\program files\real\realplayer\ierjplug.dll        [PX5: CDFA890900A7B8DEB05A00892233CD007834141E]
[U] c:\windows\system32\drivers\mbam.sys        [PX5: F8A3B686F06C84414FE90001E9285400D57A4C2C]
[U] c:\windows\system32\drivers\ati1btxx.sys        [PX5: 9CA86B132F837EAADD9A003E210F24004C5E2C40]
[U] c:\windows\system32\clipsrv.exe        [PX5: AA6A22C300FC51CC827400A5E8550500B195D2BB]
[U] c:\windows\system32\drivers\ip6fw.sys        [PX5: 93047826004370A18F5A0004B987DC008A8F55C7]
[U] c:\windows\system32\drivers\bthmodem.sys        [PX5: C7B309490098C8E694F000B44D666B00097E910F]
[U] c:\windows\system32\drivers\sisagp.sys        [PX5: 67D98FA600CA352AA02400A357FF240007CD1A59]
[U] c:\windows\system32\drivers\k750mdm.sys        [PX5: 6B0CE06B10DE63295FD70178895A3000E9483DA3]
[U] c:\windows\system32\eapsvc.dll        [PX5: 55C4B6D70041A858842400698E9354000D94173B]
[U] c:\windows\system32\rshx32.dll        [PX5: 8B7909D5006C06E99ECF006D2B1208006987F845]
[U] c:\programme\microsoft office\office11\mlshext.dll        [PX5: C5F0198D80B4208C8130009CCA6500004C5E174F]
[U] c:\windows\system32\drivers\amdk6.sys        [PX5: D629DD7000980835A20200E8789C9F00FF9CB74E]
[U] c:\windows\system32\drivers\amdk7.sys        [PX5: 0601E31D804CB085A3E4003936D92B0047400BB9]
[U] c:\windows\system32\drivers\atmlane.sys        [PX5: 0680DC6000035655DA6F006BFFA72D00CBE1BD17]
[U] c:\windows\system32\drivers\nmnt.sys        [PX5: 4F6E51DE803D5E299DD30090E390240049FFAF2D]
[U] c:\windows\system32\drivers\arp1394.sys        [PX5: 7E81EB6A803135EBEDB20074BBAF54000B42EB7B]
[U] c:\windows\system32\drivers\rfcomm.sys        [PX5: 0E12D86100621870E7AC00D7154E22001793DABF]
[U] c:\windows\system32\drivers\k750bus.sys        [PX5: 6BFCEED2B0028BB6D7CF006A5C59DB000C722216]
[U] c:\windows\system32\drivers\p3.sys        [PX5: BBAD548C00B89633B7F100DD557C7000FCC8487D]
[U] c:\windows\system32\drivers\atinraxx.sys        [PX5: FEA5AA1600EC2AE1CC0900185C854A00422223CC]
[U] c:\programme\internet explorer\connection wizard\icwconn1.exe        [PX5: 095F1FE6001F453456AC035051E85C000746D66F]
[U] c:\windows\system32\icardie.dll        [PX5: 0BDFD59900EDAA7EEA9800829356CF001CD3BCF1]
[U] c:\windows\system32\drivers\k750obex.sys        [PX5: DCE30E8E8072B24736EE01D8D8566A00813BE051]
[U] c:\windows\system32\kmsvc.dll        [PX5: CFEAD4E800AE0D31F0AF0051E9ED7D00E7DF66B8]
[U] c:\windows\system32\mmcshext.dll        [PX5: 5948CFBE0081997CF09A00154A627D0075954BB2]
[U] c:\windows\system32\drivers\ati1xsxx.sys        [PX5: 725DA013AF89D09387CF00DFF7253B006BDDF179]
[U] c:\windows\system32\rasauto.dll        [PX5: 11EB74EB00C81E315A980140CAE22100E577557B]
[U] c:\windows\system32\mprdim.dll        [PX5: 9A6C9B7E00FD4834D0D2009663D73D00F21E858F]
[U] c:\windows\system32\drivers\viaagp.sys        [PX5: D6E79603001AC593A55800BA66876F00A4E86821]
[U] c:\windows\system32\drivers\atmarpc.sys        [PX5: C41A09F600246E0AEA81009B2DE4BF0010DB722C]
[U] c:\windows\system32\drivers\k750mgmt.sys        [PX5: 1AD5738240C556CE3F6601EA12298D002BFC5891]
[UP] c:\frndial\sxuninst.exe        [PX5: E972F3FCAF0690C3AE7900CBC9892B00DA00675B]
[U] c:\programme\alicehilfe\uninst_d.exe        [PX5: 7D164AD140419C2BD53800A2804843002F4AB9A5]
[U] c:\windows\system32\shscrap.dll        [PX5: 03DBCB6C003C209D6E710057E4BF38005981B31E]
[U] c:\windows\system32\drivers\processr.sys        [PX5: BB2A3C640003321C9C3A006C7B5F3B00A7B85A69]
[U] c:\programme\gemeinsame dateien\microsoft shared\office11\msoxev.dll        [PX5: AECA73E4603F0877B1F800B7D3275E006B704F35]
[U] c:\windows\system32\drivers\s3gnbm.sys        [PX5: 61E69E1D00FCADE18C3D02DB5DBD000075CEE0EF]
[U] c:\windows\system32\drivers\ati1tuxx.sys        [PX5: 6F56F7AF6FA57A868E0B00B0DBF03B006604A40C]
[U] c:\windows\system32\drivers\wdfldr.sys        [PX5: 609814E1E8C0784592C4006E5C43C0000C925145]
[U] c:\windows\system32\drivers\wpdusb.sys        [PX5: E04E67C68020394F960F004FBC02B000DC6FED3C]
[U] c:\windows\system32\sessmgr.exe        [PX5: 477E55D70018B69A304A02603F6C7D00EA5BF613]
[U] c:\windows\system32\msrating.dll.mui        [PX5: F4B625BC0016FDB2E03F00D35198AE0031FA8C73]
[U] c:\programme\java\jre6\bin\jp2ssv.dll        [PX5: 6A8571862001183AA504008DF8156600E8091E2C]
[U] c:\programme\openvpn\bin\openvpnserv.exe        [PX5: 5F9F7482003CCE058EBC000AE05C1500FEAD4454]
[U] c:\windows\system32\wmdmps.dll        [PX5: 6F96AB06004CDB19923B00F08B25BA002D92BA73]
[U] c:\windows\system32\smlogsvc.exe        [PX5: 0063828A000D248270C601BE77827C00A2194108]
[U] c:\windows\system32\locator.exe        [PX5: C098618900F74D3F26E60100761A4300F93DBBB2]
[U] c:\windows\system32\drivers\hsfbs2s2.sys        [PX5: AF892C8C80AD05195B84032B43A9B8008B0F4B6A]
[U] c:\programme\java\jre6\bin\wsdetect.dll        [PX5: 3636A2A420DD683AB7F501961ACAAB0089833EE8]
[U] c:\programme\quicktime\qtsystem\quicktimecheck.ocx        [PX5: 861E8A00301FEA61150902653012D6001CDCCBC3]
[U] c:\programme\java\jre6\bin\jp2iexp.dll        [PX5: C450FB0B205EFE69A705013DE13860000132AFCE]
[U] c:\programme\internet explorer\jsdebuggeride.dll        [PX5: 23C8A94B00CAB1CBDA3601D1A21F180044688094]
[U] c:\windows\system32\drivers\pxrts.sys        [PX5: 3292A303987DA0BD2BDF019B79D5390051CB999B]
[U] c:\programme\sweetim\messenger\mgmediaplayer.dll        [PX5: 4E40BBA230C0790741860144762E2700E089C154]
[U] c:\windows\system32\msxml3a.dll        [PX5: 3EE57A0E0011B273603E00398E1D6B008B4E272C]
[U] c:\programme\internet explorer\jsprofilercore.dll        [PX5: 2DADF8B600CB7446CE8C01A2A832480034E2E958]
[U] c:\windows\system32\pxsecure.dll        [PX5: D0708F7CC8F0DCDF18D9017F950711002B8F0CAE]
[U] c:\windows\system32\cryptext.dll        [PX5: 2D486C1500171D51D61500F532FE7C00678D22EB]
[U] c:\programme\java\jre6\bin\npjpi160_29.dll        [PX5: 9F991D9620127851277D021753348A005504FED0]
[U] c:\programme\microsoft office\office11\addrpars.dll        [PX5: 22602E5260FEB0E365FE018A28FE2C00923A2B3C]
[U] c:\windows\system32\msdtcuiu.dll        [PX5: A3F340F8006D7EAC78EE028F92F1AB001C5E2DCF]
[U] c:\windows\system32\drivers\atinrvxx.sys        [PX5: B2CFA5AF0036DB7A9A1C01285BA8AA00C6DEC091]
[U] c:\windows\system32\scardsvr.exe        [PX5: FC928F5F002A2A51864701B248357200E5086AFB]
[U] c:\windows\system32\setup\fxsocm.dll        [PX5: E54BD76600684BD5062702C24F2051006B249D71]
[U] c:\program files\real\realplayer\rcaplugins\rpshellextension.dll        [PX5: 318F9DD9009514F6E4A001C32BC3D5000D812B4D]
[U] c:\programme\pc connectivity solution\servicelayer.exe        [PX5: 0F2E7E6500C4858E6630093B8472B1004C033D3C]
[U] c:\windows\system32\msctf.dll        [PX5: 9D20B65B00A516738C610420E8ED5800461CFF33]
[U] c:\programme\avira\antivir desktop\ccupdw.dll        [PX5: 4F633040D0AA655F4A5203AAF83F0600917D4137]
[U] c:\programme\avira\antivir desktop\rctext.dll        [PX5: 7D4ECF91D087D3A480E3011E9EBFD10061876868]
[U] c:\programme\java\jre6\bin\awt.dll        [PX5: B1FB86530069CA1490F612ACB7ADFA007B216110]
[U] c:\programme\java\jre6\bin\client\jvm.dll        [PX5: F03ECAC00030A4BDB0C7299C5696020028F65FAD]
[U] c:\programme\java\jre6\bin\dcpr.dll        [PX5: A24874200077B1DC30D80284F61DE0007F8CA524]
[U] c:\programme\java\jre6\bin\deploy.dll        [PX5: E77137B2006B41443030012E8AD1E900132E945D]
[U] c:\programme\java\jre6\bin\fontmanager.dll        [PX5: 64C381D20039204BF015040CFAEF3E0032F243BD]
[U] c:\programme\java\jre6\bin\hpi.dll        [PX5: E7FAC31B00D3D1A842290071E8F0D1003CE4EAF5]
[U] c:\programme\java\jre6\bin\java.dll        [PX5: 01DD5733004F4257F0C4017DA0D9DA00A259D6EE]
[U] c:\programme\java\jre6\bin\javaw.exe        [PX5: B10A3179201AF98A379902B0B9B6EA006B7FC19A]
[U] c:\programme\java\jre6\bin\jp2native.dll        [PX5: CD86541C00D2BE6820DD00A71A56C700AD82CD2F]
[U] c:\programme\java\jre6\bin\jpeg.dll        [PX5: AF11DC8C005E013D503F02965066BD00C383ACF7]
[U] c:\programme\java\jre6\bin\net.dll        [PX5: B6EE0FC70079532E30FB010631A48E009A6BF979]
[U] c:\programme\java\jre6\bin\nio.dll        [PX5: DDBA1CEE00AD93854EE70089F1394500F4E6AE8F]
[U] c:\programme\java\jre6\bin\regutils.dll        [PX5: BFA64F2B002BC8B4409F042E96BAB800719A9CB5]
[U] c:\programme\java\jre6\bin\verify.dll        [PX5: AEBB505000A1E06E7CD6009BF72EBC00D9AD7FA7]
[U] c:\programme\java\jre6\bin\zip.dll        [PX5: 25E2A7ED00905AA1B64800CE76510A008008D534]
[U] c:\windows\system32\msimtf.dll        [PX5: 89BC7CA5006574716E050203B3100E00485C8BA5]
[U] c:\windows\system32\clbcatq.dll        [PX5: CF1F95BE004402F39C04073EB1C251003EA1BE05]
[U] c:\windows\system32\comres.dll        [PX5: 98DADC0600EB0B1EECB90C7CE8FD78003B24F2AC]
[U] c:\windows\system32\cscui.dll        [PX5: C45B2A420054D6DF1CE505FB897263007DF47C7A]
[U] c:\windows\system32\cscdll.dll        [PX5: B055F3B8004D4CE292C901E605CCB70009C8A5DF]
[U] c:\windows\system32\browseui.dll        [PX5: C773CBCA0000412DA44A0F9F1F568600A46B1A60]
[U] c:\windows\system32\ntshrui.dll        [PX5: F625A02F00C2B99B3A80022B6D036C00DA389D52]
[U] c:\windows\system32\atl.dll        [PX5: 794900AB00E373B2E67200EAE027E0002DD7EA09]
[U] c:\windows\system32\linkinfo.dll        [PX5: 539681F400FCDCEB4E6600F551963000F272EF09]
[U] c:\windows\system32\shdocvw.dll        [PX5: 6685A3F4008C4BAFE0D616AF3E9B7500E8BF51F3]
[U] c:\windows\system32\cryptui.dll        [PX5: 5CBB9AE4002726441AB6089E6BE11100E8A81786]
[U] c:\windows\system32\riched20.dll        [PX5: 4D7BE6290079D2DA9EAF06B0AF8C64007AF881A9]
[U] c:\windows\system32\xpsp2res.dll        [PX5: 8567541700904EB980392D6118710400AB65737C]
[U] c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.dll        [PX5: 2C7B457098732A52C59C05784358AC005D154724]
[U] c:\programme\gemeinsame dateien\adobe\acrobat\activex\pdfshell.deu        [PX5: 1537A9940051193AC0740435448334000A7DF498]
[U] c:\programme\dell\quickset\dadkeyb.dll        [PX5: 64FED1770087D94E805301ACA3153E0059CD0189]
[U] c:\windows\system32\uigxnp.dll        [PX5: C5A5AD920061851C1EB100BBE3AAE400E5F502BA]
[U] c:\windows\system32\drprov.dll        [PX5: ECFB8E7F00FF7DB3380D00F1008EDD00B7BA4629]
[U] c:\windows\system32\ntlanman.dll        [PX5: 31A75778008AA2B7ACCF00C188BD500081D4B620]
[U] c:\windows\system32\netui0.dll        [PX5: AC7B8BD900170E0D405501B8EB643B00994E9ED1]
[U] c:\windows\system32\netui1.dll        [PX5: 51414B620008B511C00603D770750A0085F5E4AA]
[U] c:\windows\system32\netrap.dll        [PX5: 7BD47931004396CE2EEE00654B7F8500B8D88AD5]
[U] c:\windows\system32\davclnt.dll        [PX5: E78990D400F98A4F64DC00655BF9DD00D6D84DD5]
[U] c:\windows\system32\wpdshext.dll        [PX5: 260936F700D6CD55B83A276215529800C0FDB145]
[U] c:\windows\system32\winmm.dll        [PX5: 8B53F271005B9A1AB83E02C6E6BEAC0004F7F8DD]
[U] c:\windows\system32\portabledeviceapi.dll        [PX5: 413BE4C6002C530256CD0467F46CFA0079ACDAE6]
[U] c:\windows\system32\shgina.dll        [PX5: AC4A7B6200677A350AE801640B36DA001516A570]
[U] c:\windows\system32\msgina.dll        [PX5: 5B6B1E6B0014E05B58060FEF3CD38900E70C5DDE]
[U] c:\windows\system32\odbc32.dll        [PX5: 28E52433007652DFD04403597D9C0B00DC59825C]
[U] c:\windows\system32\odbcint.dll        [PX5: 59E430A700DD1ACE905301F2FE4B8E00ADAFCBAA]
[U] c:\windows\system32\audiodev.dll        [PX5: 4BE217500087C5F13A360430E7958900806DA483]
[U] c:\windows\system32\wmvcore.dll        [PX5: 7EC854F3009BBB4894EE25EFEC0F62006830F0CA]
[U] c:\windows\system32\wmasf.dll        [PX5: 3D36799C0034542F6690031EC75D2100FDEBB35E]
[U] c:\windows\system32\wiashext.dll        [PX5: E71ECCFF0016D3870CE6094A5005CD00847A4A6D]
[U] c:\windows\system32\winlogon.exe        [PX5: AA387905009EAAB8D41307D21BFA85009C7E313C]
[U] c:\windows\system32\sti.dll        [PX5: 7C2516050056575F0CDD01BE167FE4000057E289]
[U] c:\windows\system32\cfgmgr32.dll        [PX5: 272F02CA00E3AFF442630050939AA3002C4BA733]


End of Prevx Scan Log - hxxp://www.prevx.com

Chris4You 19.03.2012 08:31
Hi,

DLADResN.SYS gehört zu sonic (da sind ja einige Treiber von drauf);
Prevx hat nichts gefunden, oder (Log kommt mir etwas kurz vor)?

Sehr viele Treiber werden nicht gefunden scheinen wohl generisch zu sein...

Solltest mal etwas aufräumen...

CCleaner:
Anleitung & Download: http://www.trojaner-board.de/51464-a...-ccleaner.html

Lass den MBR bei virustotal.com scannen:
C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat
und poste die Ergebnisse...

chris

Swillswissen 19.03.2012 17:42
Hi,

ja, Prevx hat nichts gefunden.

Den CCleaner kann man immer mal wieder laufen lassen um "aufzuräumen", oder? Also auch wenn man keinen Virus/Trojaner hat?

Du hattest geschrieben, dass man den Rechner neu aufsetzen muss - denkst du dass noch immer? Muss man die Trojaner trotzdem erstmal weg bekommen?


Hier die Ergebnisse von virustotal:

Code:
StartCommunityStatisticsDokumentationFAQAboutJoin our community
 Sign in
 
SHA256: 2ef7a2696d7978ce8689e40bff87cefda5b4bb47cff551a0a603f20b76c49048
SHA1: 51e4619e6c1ca2cd5753fde8ce2d250b435f1026
MD5: ad0f5594a9cc193f249bff6c4fe4f05d
File size: 512 Bytes ( 512 bytes ) 
File name: C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat
File type: unknown
Detection ratio: 0 / 42
Analysis date: 2012-03-19 16:29:23 UTC ( 2 Minuten ago ) 

 00Antivirus Result Update
ViRobot - 20120319
VIPRE - 20120319
VBA32 - 20120319
TrendMicro-HouseCall - 20120319
TrendMicro - 20120319
TheHacker - 20120318
Symantec - 20120319
SUPERAntiSpyware - 20120317
Sophos - 20120319
Rising - 20120319
Prevx - 20120319
PCTools - 20120314
Panda - 20120319
nProtect - 20120319
Norman - 20120319
NOD32 - 20120319
Microsoft - 20120319
McAfee-GW-Edition - 20120319
McAfee - 20120319
Kaspersky - 20120319
K7AntiVirus - 20120316
Jiangmin - 20120319
Ikarus - 20120319
GData - 20120319
Fortinet - 20120319
F-Secure - 20120319
F-Prot - 20120319
eTrust-Vet - 20120319
eSafe - 20120315
Emsisoft - 20120319
DrWeb - 20120319
Comodo - 20120318
Commtouch - 20120319
ClamAV - 20120319
CAT-QuickHeal - 20120319
ByteHero - 20120319
BitDefender - 20120319
AVG - 20120319
Avast - 20120317
Antiy-AVL - 20120319
AntiVir - 20120319
AhnLab-V3 - 20120318

Comments
 Additional information
 No comments

More comments
Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y)  StylesStyles ▼
  Remove Formatting 
 
 
 Post comment
You have not signed in. Only registered users can leave comments, sign in and have a voice!

Sign in Join the community  An error occurred ssdeep12:xsO9iJ9AhxTfouAQ/zUZJrFCWeUdS/WKiVcgECSj6I/tS:e9gfouvITFVeUjI/tS 
TrIDUnknown!
 
First seen by VirusTotal2012-03-19 16:29:23 UTC ( 2 Minuten ago ) 
Last seen by VirusTotal2012-03-19 16:29:23 UTC ( 2 Minuten ago ) 
File names (max. 25)C:\Dokumente und Einstellungen\admin\Desktop\MBR.dat 
Blog | Twitter | contact@virustotal.com| Google groups | TOS & Privacy Policy × Join VirusTotal CommunityInteract with other VirusTotal users and have an active voice when fighting today's Internet threats. Find out more about VirusTotal Community.
First name  Last name  Benutzername  * Email  * Passwort  * At least 8 characters long Confirm password  * Password confirmation, must match previous field * Required field  Sign up Cancel
× Sign inUsername or email  Passwort  Forgot your password?  Sign in Cancel
× Recover your passwordEnter the email address associated to your VirusTotal Community account and we'll send you a message so you can setup a new password.
Email:    Recover password Cancel

Chris4You 19.03.2012 21:13
Hi,

wir wären dann soweit erstmal durch.
Das Problem bei Backdoors etc. sind ev. vorgenommene Änderungen am Systeme wie z.B. geöffnete Ports, geänderte Einstellungen etc. im endeffekt war ja ein "anderer" auf Deinem Rechner... Um wieder absolut "sauber" zu sein, ist in so einem Fall Neuaufsetzen angesagt...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:08 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131