Trojaner-Board - Eine Art Bundespolizei-Trojaner?

Wenn man nach dem Scan nicht für alle Ergebnisse 'Skip' auswählt, erledigt das Programm beim nächsten Neustart die Arbeit anscheinend von selbst: Das hatte ich nicht kapiert :-(. Na ja- hier die neue Log- Datei:

Code:

17:58:05.0421 0548        TDSS rootkit removing tool 2.7.27.0 Apr  9 2012 09:53:37

17:58:05.0625 0548        ============================================================

17:58:05.0625 0548        Current date / time: 2012/04/09 17:58:05.0625

17:58:05.0625 0548        SystemInfo:

17:58:05.0625 0548        

17:58:05.0625 0548        OS Version: 5.1.2600 ServicePack: 3.0

17:58:05.0625 0548        Product type: Workstation

17:58:05.0625 0548        ComputerName: ***

17:58:05.0625 0548        UserName: ***

17:58:05.0625 0548        Windows directory: C:\WINDOWS

17:58:05.0625 0548        System windows directory: C:\WINDOWS

17:58:05.0625 0548        Processor architecture: Intel x86

17:58:05.0625 0548        Number of processors: 2

17:58:05.0625 0548        Page size: 0x1000

17:58:05.0625 0548        Boot type: Normal boot

17:58:05.0625 0548        ============================================================

17:58:06.0328 0548        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058

17:58:06.0328 0548        Drive \Device\Harddisk1\DR3 - Size: 0x7AF00000 (1.92 Gb), SectorSize: 0x200, Cylinders: 0xFA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:58:06.0328 0548        Drive \Device\Harddisk2\DR4 - Size: 0xFB000000 (3.92 Gb), SectorSize: 0x200, Cylinders: 0x1FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

17:58:06.0328 0548        \Device\Harddisk0\DR0:

17:58:06.0328 0548        MBR used

17:58:06.0328 0548        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xAFC6752

17:58:06.0328 0548        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xAFC6800, BlocksNum 0x121FEDD5

17:58:06.0328 0548        \Device\Harddisk1\DR3:

17:58:06.0328 0548        MBR used

17:58:06.0328 0548        \Device\Harddisk1\DR3\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3D77E0

17:58:06.0328 0548        \Device\Harddisk2\DR4:

17:58:06.0328 0548        MBR used

17:58:06.0421 0548        Initialize success

17:58:06.0421 0548        ============================================================

17:58:14.0062 3780        ============================================================

17:58:14.0062 3780        Scan started

17:58:14.0062 3780        Mode: Manual; SigCheck; TDLFS; 

17:58:14.0062 3780        ============================================================

17:58:14.0265 3780        Abiosdsk - ok

17:58:14.0265 3780        abp480n5 - ok

17:58:14.0328 3780        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

17:58:15.0140 3780        ACPI - ok

17:58:15.0265 3780        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

17:58:15.0375 3780        ACPIEC - ok

17:58:15.0437 3780        Adobe LM Service (6ef096317e127aecf4cb61081d88ad0b) C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

17:58:15.0468 3780        Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning

17:58:15.0468 3780        Adobe LM Service - detected UnsignedFile.Multi.Generic (1)

17:58:15.0562 3780        AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

17:58:15.0578 3780        AdobeFlashPlayerUpdateSvc - ok

17:58:15.0640 3780        adpu160m - ok

17:58:15.0703 3780        aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

17:58:15.0796 3780        aec - ok

17:58:15.0843 3780        AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys

17:58:15.0890 3780        AFD - ok

17:58:15.0968 3780        Aha154x - ok

17:58:15.0968 3780        aic78u2 - ok

17:58:15.0984 3780        aic78xx - ok

17:58:16.0015 3780        Alerter         (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll

17:58:16.0125 3780        Alerter - ok

17:58:16.0156 3780        ALG             (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe

17:58:16.0265 3780        ALG - ok

17:58:16.0265 3780        AliIde - ok

17:58:16.0296 3780        AmdK8           (58be3c2f1aa041ea56f7305a6463035c) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

17:58:16.0343 3780        AmdK8 - ok

17:58:16.0421 3780        amsint - ok

17:58:16.0562 3780        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe

17:58:16.0562 3780        AntiVirSchedulerService - ok

17:58:16.0609 3780        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe

17:58:16.0625 3780        AntiVirService - ok

17:58:16.0687 3780        AppMgmt - ok

17:58:16.0750 3780        Asapi           (1e0eeb62964513f4f1e18fee3c69c43d) C:\WINDOWS\system32\drivers\Asapi.sys

17:58:16.0750 3780        Asapi ( UnsignedFile.Multi.Generic ) - warning

17:58:16.0750 3780        Asapi - detected UnsignedFile.Multi.Generic (1)

17:58:16.0765 3780        asc - ok

17:58:16.0765 3780        asc3350p - ok

17:58:16.0781 3780        asc3550 - ok

17:58:16.0875 3780        aspnet_state    (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

17:58:16.0890 3780        aspnet_state - ok

17:58:16.0984 3780        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

17:58:17.0093 3780        AsyncMac - ok

17:58:17.0109 3780        atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

17:58:17.0203 3780        atapi - ok

17:58:17.0203 3780        Atdisk - ok

17:58:17.0250 3780        Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

17:58:17.0343 3780        Atmarpc - ok

17:58:17.0437 3780        AudioSrv        (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll

17:58:17.0546 3780        AudioSrv - ok

17:58:17.0625 3780        audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

17:58:17.0718 3780        audstub - ok

17:58:17.0859 3780        avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys

17:58:17.0859 3780        avgio - ok

17:58:17.0937 3780        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

17:58:18.0203 3780        avgntflt - ok

17:58:18.0218 3780        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys

17:58:18.0234 3780        avipbb - ok

17:58:18.0281 3780        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

17:58:18.0406 3780        Beep - ok

17:58:18.0484 3780        BITS            (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll

17:58:18.0593 3780        BITS - ok

17:58:18.0640 3780        Browser         (b42057f06bbb98b31876c0b3f2b54e33) C:\WINDOWS\System32\browser.dll

17:58:18.0718 3780        Browser - ok

17:58:18.0906 3780        catchme - ok

17:58:19.0031 3780        cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

17:58:19.0156 3780        cbidf2k - ok

17:58:19.0156 3780        cd20xrnt - ok

17:58:19.0171 3780        Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

17:58:19.0296 3780        Cdaudio - ok

17:58:19.0343 3780        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

17:58:19.0421 3780        Cdfs - ok

17:58:19.0453 3780        Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

17:58:19.0546 3780        Cdrom - ok

17:58:19.0609 3780        Changer - ok

17:58:19.0656 3780        CiSvc           (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe

17:58:19.0750 3780        CiSvc - ok

17:58:19.0750 3780        ClipSrv         (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe

17:58:19.0843 3780        ClipSrv - ok

17:58:19.0921 3780        clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:58:19.0937 3780        clr_optimization_v2.0.50727_32 - ok

17:58:20.0046 3780        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:58:20.0046 3780        clr_optimization_v4.0.30319_32 - ok

17:58:20.0062 3780        CmdIde - ok

17:58:20.0078 3780        COMSysApp - ok

17:58:20.0093 3780        Cpqarray - ok

17:58:20.0140 3780        CryptSvc        (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll

17:58:20.0234 3780        CryptSvc - ok

17:58:20.0234 3780        dac2w2k - ok

17:58:20.0250 3780        dac960nt - ok

17:58:20.0296 3780        DcomLaunch      (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll

17:58:20.0390 3780        DcomLaunch - ok

17:58:20.0500 3780        Dhcp            (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll

17:58:20.0593 3780        Dhcp - ok

17:58:20.0609 3780        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

17:58:20.0703 3780        Disk - ok

17:58:20.0703 3780        dmadmin - ok

17:58:20.0796 3780        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

17:58:20.0921 3780        dmboot - ok

17:58:21.0031 3780        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

17:58:21.0140 3780        dmio - ok

17:58:21.0171 3780        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

17:58:21.0296 3780        dmload - ok

17:58:21.0343 3780        dmserver        (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll

17:58:21.0437 3780        dmserver - ok

17:58:21.0546 3780        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

17:58:21.0640 3780        DMusic - ok

17:58:21.0671 3780        Dnscache        (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll

17:58:21.0750 3780        Dnscache - ok

17:58:21.0890 3780        Dot3svc         (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll

17:58:22.0000 3780        Dot3svc - ok

17:58:22.0031 3780        dpti2o - ok

17:58:22.0078 3780        drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

17:58:22.0171 3780        drmkaud - ok

17:58:22.0296 3780        EapHost         (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll

17:58:22.0375 3780        EapHost - ok

17:58:22.0406 3780        ERSvc           (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll

17:58:22.0500 3780        ERSvc - ok

17:58:22.0546 3780        Eventlog        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:58:22.0578 3780        Eventlog - ok

17:58:22.0703 3780        EventSystem     (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll

17:58:22.0734 3780        EventSystem - ok

17:58:22.0812 3780        Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

17:58:22.0906 3780        Fastfat - ok

17:58:22.0953 3780        FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:58:23.0015 3780        FastUserSwitchingCompatibility - ok

17:58:23.0125 3780        Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

17:58:23.0203 3780        Fdc - ok

17:58:23.0218 3780        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

17:58:23.0296 3780        Fips - ok

17:58:23.0312 3780        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

17:58:23.0390 3780        Flpydisk - ok

17:58:23.0437 3780        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

17:58:23.0515 3780        FltMgr - ok

17:58:23.0671 3780        FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

17:58:23.0671 3780        FontCache3.0.0.0 - ok

17:58:23.0703 3780        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

17:58:23.0828 3780        Fs_Rec - ok

17:58:23.0843 3780        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

17:58:23.0953 3780        Ftdisk - ok

17:58:24.0031 3780        Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

17:58:24.0125 3780        Gpc - ok

17:58:24.0265 3780        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

17:58:24.0265 3780        gupdate - ok

17:58:24.0281 3780        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Programme\Google\Update\GoogleUpdate.exe

17:58:24.0281 3780        gupdatem - ok

17:58:24.0343 3780        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

17:58:24.0437 3780        HDAudBus - ok

17:58:24.0531 3780        helpsvc         (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll

17:58:24.0625 3780        helpsvc - ok

17:58:24.0625 3780        HidServ - ok

17:58:24.0687 3780        hkmsvc          (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll

17:58:24.0765 3780        hkmsvc - ok

17:58:24.0796 3780        hpn - ok

17:58:24.0843 3780        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

17:58:24.0890 3780        HTTP - ok

17:58:24.0968 3780        HTTPFilter      (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll

17:58:25.0062 3780        HTTPFilter - ok

17:58:25.0078 3780        i2omgmt - ok

17:58:25.0093 3780        i2omp - ok

17:58:25.0125 3780        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

17:58:25.0218 3780        i8042prt - ok

17:58:25.0359 3780        idsvc           (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

17:58:25.0390 3780        idsvc - ok

17:58:25.0515 3780        Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

17:58:25.0609 3780        Imapi - ok

17:58:25.0640 3780        ImapiService    (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe

17:58:25.0734 3780        ImapiService - ok

17:58:25.0750 3780        ini910u - ok

17:58:25.0921 3780        IntcAzAudAddService (19d3781892a3794672cd1962f3d8d3b8) C:\WINDOWS\system32\drivers\RtkHDAud.sys

17:58:26.0234 3780        IntcAzAudAddService - ok

17:58:26.0296 3780        IntelIde - ok

17:58:26.0328 3780        Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

17:58:26.0437 3780        Ip6Fw - ok

17:58:26.0453 3780        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

17:58:26.0593 3780        IpFilterDriver - ok

17:58:26.0625 3780        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

17:58:26.0718 3780        IpInIp - ok

17:58:26.0828 3780        IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

17:58:26.0921 3780        IpNat - ok

17:58:26.0937 3780        IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

17:58:27.0031 3780        IPSec - ok

17:58:27.0062 3780        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

17:58:27.0156 3780        IRENUM - ok

17:58:27.0265 3780        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

17:58:27.0359 3780        isapnp - ok

17:58:27.0484 3780        JavaQuickStarterService (381b25dc8e958d905b33130d500bbf29) C:\Programme\Java\jre6\bin\jqs.exe

17:58:27.0500 3780        JavaQuickStarterService - ok

17:58:27.0515 3780        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

17:58:27.0593 3780        Kbdclass - ok

17:58:27.0718 3780        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

17:58:27.0796 3780        kmixer - ok

17:58:27.0859 3780        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

17:58:27.0921 3780        KSecDD - ok

17:58:28.0031 3780        lanmanserver    (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll

17:58:28.0062 3780        lanmanserver - ok

17:58:28.0109 3780        lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll

17:58:28.0156 3780        lanmanworkstation - ok

17:58:28.0187 3780        lbrtfdc - ok

17:58:28.0234 3780        LmHosts         (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll

17:58:28.0328 3780        LmHosts - ok

17:58:28.0359 3780        Messenger       (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll

17:58:28.0453 3780        Messenger - ok

17:58:28.0500 3780        mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

17:58:28.0625 3780        mnmdd - ok

17:58:28.0734 3780        mnmsrvc         (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe

17:58:28.0828 3780        mnmsrvc - ok

17:58:28.0875 3780        Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

17:58:28.0968 3780        Modem - ok

17:58:28.0984 3780        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

17:58:29.0078 3780        Mouclass - ok

17:58:29.0093 3780        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

17:58:29.0171 3780        MountMgr - ok

17:58:29.0187 3780        mraid35x - ok

17:58:29.0203 3780        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

17:58:29.0296 3780        MRxDAV - ok

17:58:29.0359 3780        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

17:58:29.0437 3780        MRxSmb - ok

17:58:29.0546 3780        MSDTC           (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe

17:58:29.0640 3780        MSDTC - ok

17:58:29.0718 3780        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

17:58:29.0796 3780        Msfs - ok

17:58:29.0812 3780        MSIServer - ok

17:58:29.0843 3780        MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

17:58:29.0921 3780        MSKSSRV - ok

17:58:30.0000 3780        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

17:58:30.0093 3780        MSPCLOCK - ok

17:58:30.0125 3780        MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

17:58:30.0234 3780        MSPQM - ok

17:58:30.0281 3780        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

17:58:30.0359 3780        mssmbios - ok

17:58:30.0406 3780        Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

17:58:30.0437 3780        Mup - ok

17:58:30.0546 3780        napagent        (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll

17:58:30.0656 3780        napagent - ok

17:58:30.0718 3780        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

17:58:30.0796 3780        NDIS - ok

17:58:30.0859 3780        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

17:58:30.0890 3780        NdisTapi - ok

17:58:30.0921 3780        Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

17:58:31.0015 3780        Ndisuio - ok

17:58:31.0109 3780        NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

17:58:31.0203 3780        NdisWan - ok

17:58:31.0234 3780        NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

17:58:31.0296 3780        NDProxy - ok

17:58:31.0406 3780        NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

17:58:31.0500 3780        NetBIOS - ok

17:58:31.0531 3780        NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

17:58:31.0609 3780        NetBT - ok

17:58:31.0656 3780        NetDDE          (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:58:31.0750 3780        NetDDE - ok

17:58:31.0765 3780        NetDDEdsdm      (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe

17:58:31.0843 3780        NetDDEdsdm - ok

17:58:31.0953 3780        Netlogon        (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:32.0031 3780        Netlogon - ok

17:58:32.0046 3780        Netman          (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll

17:58:32.0140 3780        Netman - ok

17:58:32.0218 3780        NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:58:32.0234 3780        NetTcpPortSharing - ok

17:58:32.0343 3780        Nla             (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll

17:58:32.0421 3780        Nla - ok

17:58:32.0468 3780        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

17:58:32.0562 3780        Npfs - ok

17:58:32.0578 3780        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

17:58:32.0718 3780        Ntfs - ok

17:58:32.0765 3780        NtLmSsp         (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:32.0859 3780        NtLmSsp - ok

17:58:32.0921 3780        NtmsSvc         (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll

17:58:33.0046 3780        NtmsSvc - ok

17:58:33.0156 3780        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

17:58:33.0281 3780        Null - ok

17:58:33.0484 3780        nv              (8e72e452b9cc1e455d19e3c9fa964d37) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

17:58:33.0843 3780        nv - ok

17:58:33.0953 3780        NVENETFD        (70217a23470f4bb4c8fb4abe06813081) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

17:58:33.0968 3780        NVENETFD - ok

17:58:33.0984 3780        nvgts           (a117466b0acb13288deee4f2e936e67f) C:\WINDOWS\system32\DRIVERS\nvgts.sys

17:58:34.0000 3780        nvgts - ok

17:58:34.0046 3780        nvnetbus        (be8513730653384939a4d2d977c81027) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

17:58:34.0093 3780        nvnetbus - ok

17:58:34.0203 3780        NVSvc           (934833b3cd462a6f8a96f64d024c8b20) C:\WINDOWS\system32\nvsvc32.exe

17:58:34.0218 3780        NVSvc - ok

17:58:34.0281 3780        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

17:58:34.0375 3780        NwlnkFlt - ok

17:58:34.0406 3780        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

17:58:34.0531 3780        NwlnkFwd - ok

17:58:34.0578 3780        Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

17:58:34.0656 3780        Parport - ok

17:58:34.0718 3780        PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

17:58:34.0812 3780        PartMgr - ok

17:58:34.0859 3780        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

17:58:34.0968 3780        ParVdm - ok

17:58:35.0015 3780        PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

17:58:35.0109 3780        PCI - ok

17:58:35.0109 3780        PCIDump - ok

17:58:35.0140 3780        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

17:58:35.0250 3780        PCIIde - ok

17:58:35.0281 3780        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

17:58:35.0390 3780        Pcmcia - ok

17:58:35.0468 3780        PDCOMP - ok

17:58:35.0531 3780        PDDSLADP        (ab6f9ee08b82a46f2b4f0ab909f1fad9) C:\WINDOWS\system32\DRIVERS\PDDSLADP.SYS

17:58:35.0531 3780        PDDSLADP ( UnsignedFile.Multi.Generic ) - warning

17:58:35.0531 3780        PDDSLADP - detected UnsignedFile.Multi.Generic (1)

17:58:35.0562 3780        PDDSLHND        (49e3fa74798f192d4a6b299ee0b8e5f3) C:\WINDOWS\system32\drivers\PDDSLHND.sys

17:58:35.0562 3780        PDDSLHND ( UnsignedFile.Multi.Generic ) - warning

17:58:35.0562 3780        PDDSLHND - detected UnsignedFile.Multi.Generic (1)

17:58:35.0578 3780        PDFRAME - ok

17:58:35.0578 3780        PDRELI - ok

17:58:35.0593 3780        PDRFRAME - ok

17:58:35.0593 3780        perc2 - ok

17:58:35.0609 3780        perc2hib - ok

17:58:35.0687 3780        PlugPlay        (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe

17:58:35.0718 3780        PlugPlay - ok

17:58:35.0812 3780        PolicyAgent     (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:35.0890 3780        PolicyAgent - ok

17:58:35.0968 3780        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

17:58:36.0046 3780        PptpMiniport - ok

17:58:36.0093 3780        Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

17:58:36.0203 3780        Processor - ok

17:58:36.0250 3780        ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:36.0328 3780        ProtectedStorage - ok

17:58:36.0343 3780        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

17:58:36.0453 3780        PSched - ok

17:58:36.0593 3780        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

17:58:36.0609 3780        PSI - ok

17:58:36.0656 3780        Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

17:58:36.0765 3780        Ptilink - ok

17:58:36.0796 3780        PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys

17:58:36.0812 3780        PxHelp20 - ok

17:58:36.0812 3780        ql1080 - ok

17:58:36.0828 3780        Ql10wnt - ok

17:58:36.0828 3780        ql12160 - ok

17:58:36.0843 3780        ql1240 - ok

17:58:36.0859 3780        ql1280 - ok

17:58:36.0890 3780        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

17:58:37.0000 3780        RasAcd - ok

17:58:37.0078 3780        RasAuto         (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll

17:58:37.0187 3780        RasAuto - ok

17:58:37.0265 3780        Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

17:58:37.0359 3780        Rasl2tp - ok

17:58:37.0453 3780        RasMan          (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll

17:58:37.0546 3780        RasMan - ok

17:58:37.0593 3780        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

17:58:37.0687 3780        RasPppoe - ok

17:58:37.0687 3780        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

17:58:37.0796 3780        Raspti - ok

17:58:37.0843 3780        Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

17:58:37.0921 3780        Rdbss - ok

17:58:37.0937 3780        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

17:58:38.0046 3780        RDPCDD - ok

17:58:38.0093 3780        RDPWD           (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys

17:58:38.0125 3780        RDPWD - ok

17:58:38.0218 3780        RDSessMgr       (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe

17:58:38.0328 3780        RDSessMgr - ok

17:58:38.0375 3780        redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

17:58:38.0453 3780        redbook - ok

17:58:38.0515 3780        RemoteAccess    (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll

17:58:38.0609 3780        RemoteAccess - ok

17:58:38.0718 3780        RpcLocator      (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe

17:58:38.0828 3780        RpcLocator - ok

17:58:38.0875 3780        RpcSs           (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\System32\rpcss.dll

17:58:38.0937 3780        RpcSs - ok

17:58:38.0968 3780        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe

17:58:39.0078 3780        RSVP - ok

17:58:39.0171 3780        SamSs           (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe

17:58:39.0250 3780        SamSs - ok

17:58:39.0296 3780        SCardSvr        (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe

17:58:39.0390 3780        SCardSvr - ok

17:58:39.0437 3780        Schedule        (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll

17:58:39.0531 3780        Schedule - ok

17:58:39.0625 3780        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

17:58:39.0703 3780        Secdrv - ok

17:58:39.0734 3780        seclogon        (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll

17:58:39.0828 3780        seclogon - ok

17:58:39.0906 3780        Secunia PSI Agent - ok

17:58:39.0906 3780        Secunia Update Agent - ok

17:58:40.0000 3780        SENS            (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll

17:58:40.0078 3780        SENS - ok

17:58:40.0140 3780        serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

17:58:40.0234 3780        serenum - ok

17:58:40.0234 3780        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

17:58:40.0328 3780        Serial - ok

17:58:40.0406 3780        Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

17:58:40.0500 3780        Sfloppy - ok

17:58:40.0546 3780        SharedAccess    (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll

17:58:40.0671 3780        SharedAccess - ok

17:58:40.0796 3780        ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:58:40.0812 3780        ShellHWDetection - ok

17:58:40.0828 3780        Simbad - ok

17:58:40.0843 3780        Sparrow - ok

17:58:40.0906 3780        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

17:58:40.0984 3780        splitter - ok

17:58:41.0015 3780        Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe

17:58:41.0062 3780        Spooler - ok

17:58:41.0187 3780        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

17:58:41.0281 3780        sr - ok

17:58:41.0328 3780        srservice       (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll

17:58:41.0406 3780        srservice - ok

17:58:41.0453 3780        Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

17:58:41.0515 3780        Srv - ok

17:58:41.0609 3780        SSDPSRV         (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll

17:58:41.0703 3780        SSDPSRV - ok

17:58:41.0765 3780        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

17:58:41.0765 3780        ssmdrv - ok

17:58:41.0796 3780        stisvc          (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll

17:58:41.0921 3780        stisvc - ok

17:58:42.0000 3780        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

17:58:42.0093 3780        swenum - ok

17:58:42.0125 3780        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

17:58:42.0218 3780        swmidi - ok

17:58:42.0234 3780        SwPrv - ok

17:58:42.0234 3780        symc810 - ok

17:58:42.0250 3780        symc8xx - ok

17:58:42.0250 3780        sym_hi - ok

17:58:42.0265 3780        sym_u3 - ok

17:58:42.0281 3780        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

17:58:42.0375 3780        sysaudio - ok

17:58:42.0421 3780        SysmonLog       (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe

17:58:42.0515 3780        SysmonLog - ok

17:58:42.0593 3780        TapiSrv         (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll

17:58:42.0703 3780        TapiSrv - ok

17:58:42.0750 3780        Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

17:58:42.0843 3780        Tcpip - ok

17:58:42.0875 3780        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

17:58:42.0953 3780        TDPIPE - ok

17:58:43.0031 3780        TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

17:58:43.0140 3780        TDTCP - ok

17:58:43.0140 3780        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

17:58:43.0234 3780        TermDD - ok

17:58:43.0296 3780        TermService     (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll

17:58:43.0390 3780        TermService - ok

17:58:43.0453 3780        Themes          (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll

17:58:43.0468 3780        Themes - ok

17:58:43.0468 3780        TosIde - ok

17:58:43.0484 3780        TrkWks          (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll

17:58:43.0609 3780        TrkWks - ok

17:58:43.0656 3780        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

17:58:43.0765 3780        Udfs - ok

17:58:43.0828 3780        ultra - ok

17:58:43.0875 3780        UMWdf           (c81b8635dee0d3ef5f64b3dd643023a5) C:\WINDOWS\system32\wdfmgr.exe

17:58:43.0906 3780        UMWdf - ok

17:58:43.0953 3780        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

17:58:44.0078 3780        Update - ok

17:58:44.0203 3780        upnphost        (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll

17:58:44.0296 3780        upnphost - ok

17:58:44.0328 3780        UPS             (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe

17:58:44.0421 3780        UPS - ok

17:58:44.0484 3780        usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

17:58:44.0593 3780        usbccgp - ok

17:58:44.0687 3780        usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

17:58:44.0781 3780        usbehci - ok

17:58:44.0796 3780        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

17:58:44.0890 3780        usbhub - ok

17:58:44.0937 3780        usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

17:58:45.0015 3780        usbohci - ok

17:58:45.0109 3780        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

17:58:45.0203 3780        usbprint - ok

17:58:45.0218 3780        usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

17:58:45.0296 3780        usbscan - ok

17:58:45.0296 3780        USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

17:58:45.0390 3780        USBSTOR - ok

17:58:45.0406 3780        VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

17:58:45.0500 3780        VgaSave - ok

17:58:45.0500 3780        ViaIde - ok

17:58:45.0562 3780        VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

17:58:45.0640 3780        VolSnap - ok

17:58:45.0765 3780        VSS             (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe

17:58:45.0843 3780        VSS - ok

17:58:45.0875 3780        W32Time         (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll

17:58:45.0968 3780        W32Time - ok

17:58:46.0015 3780        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

17:58:46.0109 3780        Wanarp - ok

17:58:46.0109 3780        WDICA - ok

17:58:46.0140 3780        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

17:58:46.0234 3780        wdmaud - ok

17:58:46.0281 3780        WebClient       (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll

17:58:46.0359 3780        WebClient - ok

17:58:46.0484 3780        winmgmt         (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll

17:58:46.0578 3780        winmgmt - ok

17:58:46.0625 3780        WmdmPmSN        (a477391b7a8b0a0daabadb17cf533a4b) C:\WINDOWS\system32\mspmsnsv.dll

17:58:46.0671 3780        WmdmPmSN - ok

17:58:46.0703 3780        WmiApSrv        (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe

17:58:46.0781 3780        WmiApSrv - ok

17:58:47.0015 3780        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

17:58:47.0031 3780        WPFFontCache_v0400 - ok

17:58:47.0109 3780        wscsvc          (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll

17:58:47.0203 3780        wscsvc - ok

17:58:47.0265 3780        wuauserv        (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll

17:58:47.0359 3780        wuauserv - ok

17:58:47.0421 3780        WZCSVC          (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll

17:58:47.0562 3780        WZCSVC - ok

17:58:47.0640 3780        xmlprov         (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll

17:58:47.0750 3780        xmlprov - ok

17:58:47.0781 3780        MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0

17:58:47.0968 3780        \Device\Harddisk0\DR0 - ok

17:58:47.0984 3780        MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR3

17:58:58.0984 3780        \Device\Harddisk1\DR3 - ok

17:58:58.0984 3780        MBR (0x1B8)     (5f0c182b562b3e23431a346295e19b32) \Device\Harddisk2\DR4

17:58:59.0484 3780        \Device\Harddisk2\DR4 - ok

17:58:59.0500 3780        Boot (0x1200)   (83c2ad04c403d21c5fb18c3a9a6534b9) \Device\Harddisk0\DR0\Partition0

17:58:59.0500 3780        \Device\Harddisk0\DR0\Partition0 - ok

17:58:59.0515 3780        Boot (0x1200)   (63107a0dfc5a95a0a18d33084b699e2c) \Device\Harddisk0\DR0\Partition1

17:58:59.0515 3780        \Device\Harddisk0\DR0\Partition1 - ok

17:58:59.0515 3780        Boot (0x1200)   (575159508634dc095068102423bb2eae) \Device\Harddisk1\DR3\Partition0

17:58:59.0515 3780        \Device\Harddisk1\DR3\Partition0 - ok

17:58:59.0515 3780        ============================================================

17:58:59.0515 3780        Scan finished

17:58:59.0515 3780        ============================================================

17:58:59.0625 3772        Detected object count: 4

17:58:59.0625 3772        Actual detected object count: 4

17:59:22.0234 3772        Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:22.0234 3772        Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:22.0234 3772        Asapi ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:22.0234 3772        Asapi ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:22.0234 3772        PDDSLADP ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:22.0234 3772        PDDSLADP ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:22.0234 3772        PDDSLHND ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:22.0234 3772        PDDSLHND ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:24.0828 2300        Deinitialize success

Gruß,
sandero

Hier zunächst die GMER- Logdatei, OSAM folgt entweder gleich o. morgen:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-04-09 23:11:06

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0 Hitachi_ rev.GM2O

Running: uy58jyzx.exe; Driver: C:\DOKUME~1\***\LOKALE~1\Temp\ugtdipoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            AE72CA6C                                                                    ZwClose

SSDT            AE72CA26                                                                    ZwCreateKey

SSDT            AE72CA76                                                                    ZwCreateSection

SSDT            AE72CA1C                                                                    ZwCreateThread

SSDT            AE72CA2B                                                                    ZwDeleteKey

SSDT            AE72CA35                                                                    ZwDeleteValueKey

SSDT            AE72CA67                                                                    ZwDuplicateObject

SSDT            AE72CA3A                                                                    ZwLoadKey

SSDT            AE72CA08                                                                    ZwOpenProcess

SSDT            AE72CA0D                                                                    ZwOpenThread

SSDT            AE72CA44                                                                    ZwReplaceKey

SSDT            AE72CA3F                                                                    ZwRestoreKey

SSDT            AE72CA7B                                                                    ZwSetContextThread

SSDT            AE72CA30                                                                    ZwSetValueKey

SSDT            AE72CA17                                                                    ZwTerminateProcess
 

Code            \??\C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys                            pIofCallDriver
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                    section is writeable [0xB95B8360, 0x372FAD, 0xE8000020]

?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                  Das System kann die angegebene Datei nicht finden. !

?               C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys                                Das System kann die angegebene Datei nicht finden. !
 

---- Kernel IAT/EAT - GMER 1.0.15 ----
 

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]    [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest]             [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]         [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]        [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]  [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest]               [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]    [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]      [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]           [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]          [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]           [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest]                [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]            [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]       [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]    [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]      [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]           [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]          [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest]               [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]     [BA4BD4FE] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]   [BA4BD52C] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest]              [BA4BD54E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]         [BA4BD20E] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)

IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]          [BA4BD256] PDDSLHND.sys (ProDyne DSL Handler/ProDyne)
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \FileSystem\Fastfat \Fat                                                    fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 

---- Disk sectors - GMER 1.0.15 ----
 

Disk            \Device\Harddisk0\DR0                                                       malicious Win32:MBRoot code @ sector 488396248
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Gruß,
sandero

So, hier kommen OSAM und aswMBR. Beim letzteren habe ich schusseligerweise 30 Sek. zu früh die Logdatei gespeichert, abschließend sicherheitshalber dann nochmal: Deswegen taucht der Eintrag mehrfach auf.
a) OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 23:41:31 on 09.04.2012
 

OS: Windows XP Home Edition Service Pack 3 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl

"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl

"Startup.cpl" - ? - C:\WINDOWS\system32\Startup.cpl  (File found, but it contains no detailed information)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"Adobe Gamma" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma.cpl

"Avira AntiVir Personal" - "Avira GmbH" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Asapi" (Asapi) - "VOB Computersysteme GmbH" - C:\WINDOWS\system32\drivers\Asapi.sys

"avgio" (avgio) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avgio.sys

"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys

"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys

"catchme" (catchme) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)

"mbr" (mbr) - ? - C:\ComboFix\mbr.sys  (Hidden registry entry, rootkit activity | File not found)

"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)

"PDDSLHND" (PDDSLHND) - "ProDyne" - C:\WINDOWS\system32\drivers\PDDSLHND.sys

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)

"ProDyne DSL Adapter" (PDDSLADP) - "ProDyne" - C:\WINDOWS\System32\DRIVERS\PDDSLADP.SYS

"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys

"ugtdipoc" (ugtdipoc) - ? - C:\DOKUME~1\***\LOKALE~1\Temp\ugtdipoc.sys  (Hidden registry entry, rootkit activity | File not found)

"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{9875BFAF-B04D-445E-8A69-BE36838CDE3E} "ChromeProtocol Class" - "Google Inc." - C:\Programme\Google\Chrome Frame\Application\18.0.1025.151\npchrome_frame.dll

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)

{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll

{49BF5420-FA7F-11cf-8011-00A0C90A8F78} "Mobiles Gerät" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Wcesview.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\shlext.dll

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, Inc." - C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll

{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "Create Mobile Favorite" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\INetRepl.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} "ChromeFrame BHO" - "Google Inc." - C:\Programme\Google\Chrome Frame\Application\18.0.1025.151\npchrome_frame.dll

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"Adobe Gamma Loader.exe.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini

"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OSA.EXE  (Shortcut exists | File exists)

"Secunia PSI Tray.lnk" - "Secunia" - C:\Programme\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)

"WinZip Quick Pick.lnk" - "WinZip Computing, Inc." - C:\Programme\WinZip\WZQKPICK.EXE  (Shortcut exists | File exists)

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" - "Nero AG" - "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"

"H/PC Connection Agent" - "Microsoft Corporation" - "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"

"pdfSaver3" - "Tracker Software Products Ltd." - "C:\Programme\S.A.D\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe"

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"

"avgnt" - "Avira GmbH" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

"NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe

"nwiz" - "NVIDIA Corporation" - nwiz.exe /install

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDF-XChange" - "Tracker Software" - C:\WINDOWS\system32\pxc25pm.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe

"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\avguard.exe

"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Programme\Avira\AntiVir Desktop\sched.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Programme\Secunia\PSI\PSIA.exe

"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Programme\Secunia\PSI\sua.exe

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----

{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

b) aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-10 19:26:43

-----------------------------

19:26:43.687    OS Version: Windows 5.1.2600 Service Pack 3

19:26:43.687    Number of processors: 2 586 0x4B02

19:26:43.687    ComputerName: ***  UserName: 

19:26:44.203    Initialize success

19:37:55.000    AVAST engine defs: 12041002

19:43:43.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0

19:43:43.656    Disk 0 Vendor: Hitachi_ GM2O Size: 238475MB BusType: 1

19:43:43.687    Disk 0 MBR read successfully

19:43:43.687    Disk 0 MBR scan

19:43:43.718    Disk 0 Windows XP default MBR code

19:43:43.718    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS        89996 MB offset 63

19:43:43.734    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       148477 MB offset 184313856

19:43:43.750    Disk 0 scanning sectors +488396245

19:43:43.765    Disk 0 malicious Win32:MBRoot code @ sector 488396248 !

19:43:43.812    Disk 0 scanning C:\WINDOWS\system32\drivers

19:43:52.828    Service scanning

19:44:05.437    Modules scanning

19:44:10.484    Disk 0 trace - called modules:

19:44:11.000    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys 

19:44:11.000    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bbc030]

19:44:11.000    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000005f[0x89bff920]

19:44:11.000    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x89bffa38]

19:44:11.468    AVAST engine scan C:\WINDOWS

19:44:29.312    AVAST engine scan C:\WINDOWS\system32

19:46:44.218    AVAST engine scan C:\WINDOWS\system32\drivers

19:46:57.859    AVAST engine scan C:\Dokumente und Einstellungen\***

19:49:56.609    AVAST engine scan C:\Dokumente und Einstellungen\All Users

19:51:12.484    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"

19:51:12.484    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

19:51:40.500    Scan finished successfully

19:55:25.203    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"

19:55:25.203    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

19:56:03.515    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\MBR.dat"

19:56:03.515    The log file has been saved successfully to "C:\Dokumente und Einstellungen\***\Desktop\aswMBR.txt"

Gruß,
sandero