Win32:Malware-gen in Datei - beim Versuch, sie auf Virustotal hochzuladen fährt der PC runter

cosinus · 16.07.2012, 14:20

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-1425521274-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/26 15:39:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{58af6740-ff7d-11e0-b98e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{58af6740-ff7d-11e0-b98e-806d6172696f}\Shell\AutoRun\command - "" = J:\arun.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Tenreijo · 16.07.2012, 21:13

Habe den Fix ausgeführt, hier ist das Log (aus dem Ordner _OTL/MovedFiles):

(Gab nur ein kleines Problem nachdem der PC neu gestartet hat, beim ersten mal ist der Desktop nicht erschienen, musste die Stromverbindung abschalten da er nicht normal herunterfahren wollte... kann vielleicht daran liegen, das ich Avast nur bis zum nächsten Neustart deaktiviert habe, den das einzige was beim Neustart erschien, war Avast's Sanbox(?) Meldung, und ein kurzes aufflackern vom OTL Log. War wohl mein Fehler, hoffe das dies die Aktion von OTL nicht negativ beeinflusst hat)

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-796845957-1425521274-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58af6740-ff7d-11e0-b98e-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58af6740-ff7d-11e0-b98e-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{58af6740-ff7d-11e0-b98e-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58af6740-ff7d-11e0-b98e-806d6172696f}\ not found.
File move failed. J:\ARUN.EXE scheduled to be moved on reboot.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 178754 bytes
->Flash cache emptied: 456 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ******
->Temp folder emptied: 3930309 bytes
->Temporary Internet Files folder emptied: 213394 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61104682 bytes
->Google Chrome cache emptied: 7380057 bytes
->Opera cache emptied: 0 bytes
 
User: *****
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134506 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 250352146 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 310,00 mb

cosinus · 17.07.2012, 11:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Tenreijo · 17.07.2012, 12:30

Hier ist das Log von TDSSKiller (musste wie erwähnt direkt von dem Log kopieren, weil dies im Bildschirm von TDSSKiller nicht möglich war)

Code:

ATTFilter

13:20:13.0640 0296	TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
13:20:13.0671 0296	============================================================
13:20:13.0671 0296	Current date / time: 2012/07/17 13:20:13.0671
13:20:13.0671 0296	SystemInfo:
13:20:13.0671 0296	
13:20:13.0671 0296	OS Version: 5.1.2600 ServicePack: 3.0
13:20:13.0671 0296	Product type: Workstation
13:20:13.0671 0296	ComputerName: *****-37AD7B7B3
13:20:13.0671 0296	UserName: ******
13:20:13.0671 0296	Windows directory: C:\WINDOWS
13:20:13.0671 0296	System windows directory: C:\WINDOWS
13:20:13.0671 0296	Processor architecture: Intel x86
13:20:13.0671 0296	Number of processors: 2
13:20:13.0671 0296	Page size: 0x1000
13:20:13.0671 0296	Boot type: Normal boot
13:20:13.0671 0296	============================================================
13:20:15.0562 0296	Drive \Device\Harddisk0\DR0 - Size: 0x132C570000 (76.69 Gb), SectorSize: 0x200, Cylinders: 0x271B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:20:15.0562 0296	Drive \Device\Harddisk1\DR2 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:20:15.0593 0296	============================================================
13:20:15.0593 0296	\Device\Harddisk0\DR0:
13:20:15.0593 0296	MBR partitions:
13:20:15.0593 0296	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x995C65B
13:20:15.0593 0296	\Device\Harddisk1\DR2:
13:20:15.0593 0296	MBR partitions:
13:20:15.0593 0296	\Device\Harddisk1\DR2\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0xEEA080
13:20:15.0593 0296	============================================================
13:20:15.0625 0296	C: <-> \Device\Harddisk0\DR0\Partition0
13:20:15.0640 0296	============================================================
13:20:15.0640 0296	Initialize success
13:20:15.0640 0296	============================================================
13:21:12.0671 2652	============================================================
13:21:12.0671 2652	Scan started
13:21:12.0671 2652	Mode: Manual; SigCheck; TDLFS; 
13:21:12.0671 2652	============================================================
13:21:12.0937 2652	6to4            (67927e41a89e6127836152417c5d4fcf) C:\WINDOWS\System32\6to4svc.dll
13:21:13.0609 2652	6to4 - ok
13:21:13.0671 2652	Aavmker4        (0b27ae82c113d3687024d18459440426) C:\WINDOWS\system32\drivers\Aavmker4.sys
13:21:13.0687 2652	Aavmker4 - ok
13:21:13.0703 2652	Abiosdsk - ok
13:21:13.0703 2652	abp480n5 - ok
13:21:13.0750 2652	ACPI            (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:21:13.0937 2652	ACPI - ok
13:21:13.0968 2652	ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:21:14.0125 2652	ACPIEC - ok
13:21:14.0125 2652	adpu160m - ok
13:21:14.0156 2652	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:21:14.0312 2652	aec - ok
13:21:14.0343 2652	AegisP          (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
13:21:14.0359 2652	AegisP ( UnsignedFile.Multi.Generic ) - warning
13:21:14.0359 2652	AegisP - detected UnsignedFile.Multi.Generic (1)
13:21:14.0406 2652	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:21:14.0437 2652	AFD - ok
13:21:14.0453 2652	Aha154x - ok
13:21:14.0453 2652	aic78u2 - ok
13:21:14.0468 2652	aic78xx - ok
13:21:14.0500 2652	Alerter         (758fdc60d41716ef889d849989b4b1cd) C:\WINDOWS\system32\alrsvc.dll
13:21:14.0656 2652	Alerter - ok
13:21:14.0671 2652	ALG             (5e9a6658a2a69ae7eb195113b7a2e7a9) C:\WINDOWS\System32\alg.exe
13:21:14.0828 2652	ALG - ok
13:21:14.0828 2652	AliIde - ok
13:21:14.0921 2652	Ambfilt         (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:21:14.0984 2652	Ambfilt - ok
13:21:15.0078 2652	amsint - ok
13:21:15.0078 2652	AppMgmt - ok
13:21:15.0093 2652	asc - ok
13:21:15.0093 2652	asc3350p - ok
13:21:15.0109 2652	asc3550 - ok
13:21:15.0203 2652	aspnet_state    (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
13:21:15.0218 2652	aspnet_state - ok
13:21:15.0250 2652	aswFsBlk        (1c1f3d6dddc046c920c493a779649f66) C:\WINDOWS\system32\drivers\aswFsBlk.sys
13:21:15.0265 2652	aswFsBlk - ok
13:21:15.0281 2652	aswMon2         (9e912fe7b41650701ef2b227aca440f3) C:\WINDOWS\system32\drivers\aswMon2.sys
13:21:15.0296 2652	aswMon2 - ok
13:21:15.0312 2652	aswRdr          (982e275d1c5801042fe94209fb0160fb) C:\WINDOWS\system32\drivers\aswRdr.sys
13:21:15.0328 2652	aswRdr - ok
13:21:15.0375 2652	aswSnx          (73dbcf808e00580f2a47f93dd9b03876) C:\WINDOWS\system32\drivers\aswSnx.sys
13:21:15.0421 2652	aswSnx - ok
13:21:15.0437 2652	aswSP           (6cbd7d3a33f498d09c831cdd732da2e0) C:\WINDOWS\system32\drivers\aswSP.sys
13:21:15.0468 2652	aswSP - ok
13:21:15.0500 2652	aswTdi          (7109a9aa551f37cd168c02368465957e) C:\WINDOWS\system32\drivers\aswTdi.sys
13:21:15.0515 2652	aswTdi - ok
13:21:15.0531 2652	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:21:15.0687 2652	AsyncMac - ok
13:21:15.0718 2652	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:21:15.0859 2652	atapi - ok
13:21:15.0875 2652	Atdisk - ok
13:21:15.0921 2652	Ati HotKey Poller (c2b87df80dab23407c4155090177c813) C:\WINDOWS\system32\Ati2evxx.exe
13:21:15.0968 2652	Ati HotKey Poller - ok
13:21:16.0187 2652	ati2mtag        (662c08fef641d8d6e9dcdb39168895b0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:21:16.0421 2652	ati2mtag - ok
13:21:16.0546 2652	AtiHDAudioService (af7ee20d8ecc163d30bd2ab594a74baf) C:\WINDOWS\system32\drivers\AtihdXP3.sys
13:21:16.0562 2652	AtiHDAudioService - ok
13:21:16.0593 2652	atirage3        (0ca49538c49fdf5b803238d4309393f9) C:\WINDOWS\system32\DRIVERS\atimpae.sys
13:21:16.0750 2652	atirage3 - ok
13:21:16.0781 2652	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:21:16.0921 2652	Atmarpc - ok
13:21:16.0953 2652	AudioSrv        (b4005aef7873144634765b570dac466e) C:\WINDOWS\System32\audiosrv.dll
13:21:17.0125 2652	AudioSrv - ok
13:21:17.0156 2652	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:21:17.0296 2652	audstub - ok
13:21:17.0375 2652	avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
13:21:17.0406 2652	avast! Antivirus - ok
13:21:17.0437 2652	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:21:17.0593 2652	Beep - ok
13:21:17.0640 2652	BITS            (baa0b6e647c1ad593e9bae5cc31bcffb) C:\WINDOWS\system32\qmgr.dll
13:21:17.0828 2652	BITS - ok
13:21:17.0859 2652	Browser         (06b54a7b1ef7cb16bfd0e208d343fa71) C:\WINDOWS\System32\browser.dll
13:21:18.0015 2652	Browser - ok
13:21:18.0046 2652	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:21:18.0203 2652	cbidf2k - ok
13:21:18.0218 2652	cd20xrnt - ok
13:21:18.0250 2652	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:21:18.0421 2652	Cdaudio - ok
13:21:18.0453 2652	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:21:18.0593 2652	Cdfs - ok
13:21:18.0609 2652	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:21:18.0765 2652	Cdrom - ok
13:21:18.0781 2652	Changer - ok
13:21:18.0812 2652	CiSvc           (793ef38a5fd086c3c8e48a8a861562ed) C:\WINDOWS\system32\cisvc.exe
13:21:18.0968 2652	CiSvc - ok
13:21:18.0984 2652	ClipSrv         (8b30cbb0c07d49b2658fb190946b0e7e) C:\WINDOWS\system32\clipsrv.exe
13:21:19.0125 2652	ClipSrv - ok
13:21:19.0171 2652	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:19.0218 2652	clr_optimization_v2.0.50727_32 - ok
13:21:19.0265 2652	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:19.0312 2652	clr_optimization_v4.0.30319_32 - ok
13:21:19.0312 2652	CmdIde - ok
13:21:19.0312 2652	COMSysApp - ok
13:21:19.0328 2652	Cpqarray - ok
13:21:19.0359 2652	CryptSvc        (7a6d0b71035e123fdda2156a25578ad3) C:\WINDOWS\System32\cryptsvc.dll
13:21:19.0515 2652	CryptSvc - ok
13:21:19.0515 2652	dac2w2k - ok
13:21:19.0531 2652	dac960nt - ok
13:21:19.0578 2652	DcomLaunch      (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
13:21:19.0687 2652	DcomLaunch - ok
13:21:19.0718 2652	Dhcp            (318f535dc05551d96deeb90b6d6904de) C:\WINDOWS\System32\dhcpcsvc.dll
13:21:19.0859 2652	Dhcp - ok
13:21:19.0875 2652	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:21:20.0031 2652	Disk - ok
13:21:20.0046 2652	dmadmin - ok
13:21:20.0093 2652	dmboot          (f5deadd42335fb33edca74ecb2f36cba) C:\WINDOWS\system32\drivers\dmboot.sys
13:21:20.0265 2652	dmboot - ok
13:21:20.0296 2652	dmio            (5a7c47c9b3f9fb92a66410a7509f0c71) C:\WINDOWS\system32\drivers\dmio.sys
13:21:20.0468 2652	dmio - ok
13:21:20.0484 2652	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:21:20.0640 2652	dmload - ok
13:21:20.0671 2652	dmserver        (6797c23d6b79935482d7f0e8ca5e5b67) C:\WINDOWS\System32\dmserver.dll
13:21:20.0828 2652	dmserver - ok
13:21:20.0843 2652	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:21:21.0000 2652	DMusic - ok
13:21:21.0015 2652	Dnscache        (1a1e59377fb6cacd711cc5073c4a7d79) C:\WINDOWS\System32\dnsrslvr.dll
13:21:21.0062 2652	Dnscache - ok
13:21:21.0109 2652	Dot3svc         (3fcf86f03d0302443c21ce6e5bbf7a25) C:\WINDOWS\System32\dot3svc.dll
13:21:21.0250 2652	Dot3svc - ok
13:21:21.0265 2652	dpti2o - ok
13:21:21.0265 2652	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:21:21.0421 2652	drmkaud - ok
13:21:21.0468 2652	dtsoftbus01     (687af6bb383885ff6a64071b189a7f3e) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
13:21:21.0484 2652	dtsoftbus01 - ok
13:21:21.0500 2652	EapHost         (8b5fc9087d2cab110bc2ed5cc5e7b8ac) C:\WINDOWS\System32\eapsvc.dll
13:21:21.0656 2652	EapHost - ok
13:21:21.0671 2652	ERSvc           (94f948cb12c4d35483f1e815deb16c7b) C:\WINDOWS\System32\ersvc.dll
13:21:21.0812 2652	ERSvc - ok
13:21:21.0843 2652	Eventlog        (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
13:21:21.0937 2652	Eventlog - ok
13:21:21.0968 2652	EventSystem     (ec16ae9b37eacf871629227a3f3913fd) C:\WINDOWS\system32\es.dll
13:21:22.0015 2652	EventSystem - ok
13:21:22.0046 2652	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:21:22.0203 2652	Fastfat - ok
13:21:22.0234 2652	FastUserSwitchingCompatibility (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:21:22.0296 2652	FastUserSwitchingCompatibility - ok
13:21:22.0328 2652	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:21:22.0484 2652	Fdc - ok
13:21:22.0484 2652	Fips            (31f923eb2170fc172c81abda0045d18c) C:\WINDOWS\system32\drivers\Fips.sys
13:21:22.0625 2652	Fips - ok
13:21:22.0640 2652	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:21:22.0796 2652	Flpydisk - ok
13:21:22.0828 2652	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:21:22.0984 2652	FltMgr - ok
13:21:23.0046 2652	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:21:23.0062 2652	FontCache3.0.0.0 - ok
13:21:23.0093 2652	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:21:23.0265 2652	Fs_Rec - ok
13:21:23.0296 2652	Ftdisk          (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:21:23.0453 2652	Ftdisk - ok
13:21:23.0484 2652	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:21:23.0640 2652	Gpc - ok
13:21:23.0656 2652	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:21:23.0812 2652	HDAudBus - ok
13:21:23.0859 2652	helpsvc         (1247f83b705af0e796330442f7967cf8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:21:24.0000 2652	helpsvc - ok
13:21:24.0031 2652	HidServ         (a3b9b4a68bc839ce5a264d5908092261) C:\WINDOWS\System32\hidserv.dll
13:21:24.0187 2652	HidServ - ok
13:21:24.0218 2652	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:21:24.0359 2652	hidusb - ok
13:21:24.0390 2652	hkmsvc          (17b3c3d40cdba40c2e331d28be4de27f) C:\WINDOWS\System32\kmsvc.dll
13:21:24.0546 2652	hkmsvc - ok
13:21:24.0546 2652	hpn - ok
13:21:24.0593 2652	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:21:24.0625 2652	HTTP - ok
13:21:24.0640 2652	HTTPFilter      (bd31cface38d1800abdb43f4260af0d5) C:\WINDOWS\System32\w3ssl.dll
13:21:24.0796 2652	HTTPFilter - ok
13:21:24.0812 2652	i2omgmt - ok
13:21:24.0812 2652	i2omp - ok
13:21:24.0843 2652	i8042prt        (a09bdc4ed10e3b2e0ec27bb94af32516) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:21:24.0984 2652	i8042prt - ok
13:21:25.0015 2652	i81x            (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
13:21:25.0156 2652	i81x - ok
13:21:25.0203 2652	IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:21:25.0218 2652	IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:21:25.0218 2652	IDriverT - detected UnsignedFile.Multi.Generic (1)
13:21:25.0296 2652	idsvc           (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:21:25.0343 2652	idsvc - ok
13:21:25.0359 2652	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:21:25.0515 2652	Imapi - ok
13:21:25.0546 2652	ImapiService    (c4221678bbaa55239c23632875759961) C:\WINDOWS\system32\imapi.exe
13:21:25.0687 2652	ImapiService - ok
13:21:25.0703 2652	ini910u - ok
13:21:25.0953 2652	IntcAzAudAddService (0503eb6f3359e1c6e4c46fef376405ef) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:21:26.0171 2652	IntcAzAudAddService - ok
13:21:26.0265 2652	IntelIde - ok
13:21:26.0296 2652	intelppm        (ad340800c35a42d4de1641a37feea34c) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:21:26.0437 2652	intelppm - ok
13:21:26.0468 2652	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:21:26.0609 2652	Ip6Fw - ok
13:21:26.0640 2652	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:21:26.0812 2652	IpFilterDriver - ok
13:21:26.0828 2652	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:21:26.0968 2652	IpInIp - ok
13:21:26.0984 2652	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:21:27.0171 2652	IpNat - ok
13:21:27.0187 2652	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:21:27.0343 2652	IPSec - ok
13:21:27.0359 2652	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:21:27.0500 2652	IRENUM - ok
13:21:27.0531 2652	isapnp          (355836975a67b6554bca60328cd6cb74) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:21:27.0687 2652	isapnp - ok
13:21:27.0781 2652	JavaQuickStarterService (de5d05fd449798ef88cc34ad4b1e7f85) C:\Program Files\Java\jre6\bin\jqs.exe
13:21:27.0812 2652	JavaQuickStarterService - ok
13:21:27.0828 2652	Kbdclass        (16813155807c6881f4bfbf6657424659) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:21:27.0984 2652	Kbdclass - ok
13:21:28.0000 2652	kbdhid          (94c59cb884ba010c063687c3a50dce8e) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:21:28.0156 2652	kbdhid - ok
13:21:28.0187 2652	KeyScrambler    (2fcdff8a230ae5e992239594cf0286a0) C:\WINDOWS\system32\drivers\keyscrambler.sys
13:21:28.0250 2652	KeyScrambler - ok
13:21:28.0281 2652	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:21:28.0437 2652	kmixer - ok
13:21:28.0484 2652	KMWDFILTER      (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
13:21:28.0515 2652	KMWDFILTER - ok
13:21:28.0546 2652	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:21:28.0578 2652	KSecDD - ok
13:21:28.0593 2652	lanmanserver    (1db8078a32e03ac8f5eb5e6dcac2aa34) C:\WINDOWS\System32\srvsvc.dll
13:21:28.0625 2652	lanmanserver - ok
13:21:28.0640 2652	lanmanworkstation (ad54ead46d92f413be189aabc1c59490) C:\WINDOWS\System32\wkssvc.dll
13:21:28.0687 2652	lanmanworkstation - ok
13:21:28.0687 2652	lbrtfdc - ok
13:21:28.0734 2652	LmHosts         (0f357c079ac529a844ab5b18e4eef881) C:\WINDOWS\System32\lmhsvc.dll
13:21:28.0890 2652	LmHosts - ok
13:21:28.0906 2652	Messenger       (e67a66a3781c1a483f0f8992664cbe0d) C:\WINDOWS\System32\msgsvc.dll
13:21:29.0062 2652	Messenger - ok
13:21:29.0093 2652	MGHwCtrl        (25a4177b8abf458691138f0c9684e70f) C:\WINDOWS\system32\drivers\MGHwCtrl.sys
13:21:29.0093 2652	MGHwCtrl ( UnsignedFile.Multi.Generic ) - warning
13:21:29.0093 2652	MGHwCtrl - detected UnsignedFile.Multi.Generic (1)
13:21:29.0125 2652	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:21:29.0281 2652	mnmdd - ok
13:21:29.0312 2652	mnmsrvc         (d3a2870cd96cda7bcff3dc54f64087ad) C:\WINDOWS\system32\mnmsrvc.exe
13:21:29.0468 2652	mnmsrvc - ok
13:21:29.0500 2652	Modem           (510ade9327fe84c10254e1902697e25f) C:\WINDOWS\system32\drivers\Modem.sys
13:21:29.0625 2652	Modem - ok
13:21:29.0718 2652	Monfilt         (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
13:21:29.0781 2652	Monfilt - ok
13:21:29.0796 2652	Mouclass        (027c01bd7ef3349aaebc883d8a799efb) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:21:29.0953 2652	Mouclass - ok
13:21:29.0984 2652	mouhid          (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:21:30.0171 2652	mouhid - ok
13:21:30.0203 2652	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:21:30.0343 2652	MountMgr - ok
13:21:30.0406 2652	MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:21:30.0437 2652	MozillaMaintenance - ok
13:21:30.0437 2652	mraid35x - ok
13:21:30.0468 2652	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:21:30.0640 2652	MRxDAV - ok
13:21:30.0687 2652	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:21:30.0734 2652	MRxSmb - ok
13:21:30.0765 2652	MSDTC           (8648d670ae0d95c95e7bbb5b80661796) C:\WINDOWS\system32\msdtc.exe
13:21:30.0906 2652	MSDTC - ok
13:21:30.0937 2652	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:21:31.0078 2652	Msfs - ok
13:21:31.0078 2652	MSIServer - ok
13:21:31.0125 2652	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:21:31.0265 2652	MSKSSRV - ok
13:21:31.0281 2652	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:21:31.0421 2652	MSPCLOCK - ok
13:21:31.0437 2652	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:21:31.0578 2652	MSPQM - ok
13:21:31.0609 2652	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:21:31.0765 2652	mssmbios - ok
13:21:31.0796 2652	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:21:31.0828 2652	Mup - ok
13:21:31.0859 2652	napagent        (69e4fbbabaeee1bff422e091da3171da) C:\WINDOWS\System32\qagentrt.dll
13:21:32.0015 2652	napagent - ok
13:21:32.0046 2652	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:21:32.0218 2652	NDIS - ok
13:21:32.0250 2652	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:21:32.0265 2652	NdisTapi - ok
13:21:32.0296 2652	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:21:32.0453 2652	Ndisuio - ok
13:21:32.0484 2652	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:21:32.0609 2652	NdisWan - ok
13:21:32.0640 2652	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:21:32.0671 2652	NDProxy - ok
13:21:32.0703 2652	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:21:32.0843 2652	NetBIOS - ok
13:21:32.0859 2652	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:21:33.0015 2652	NetBT - ok
13:21:33.0046 2652	NetDDE          (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
13:21:33.0187 2652	NetDDE - ok
13:21:33.0203 2652	NetDDEdsdm      (5c9b1d83755b36237b70f95df3d46a52) C:\WINDOWS\system32\netdde.exe
13:21:33.0500 2652	NetDDEdsdm - ok
13:21:33.0515 2652	Netlogon        (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:21:33.0656 2652	Netlogon - ok
13:21:33.0687 2652	Netman          (be0cb143fa427d93440ded18db8c918b) C:\WINDOWS\System32\netman.dll
13:21:33.0843 2652	Netman - ok
13:21:33.0906 2652	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:21:33.0921 2652	NetTcpPortSharing - ok
13:21:34.0015 2652	NishService     (aff24206ffc1081787155b03c99ba716) C:\Program Files\System Control Manager\edd.exe
13:21:34.0031 2652	NishService ( UnsignedFile.Multi.Generic ) - warning
13:21:34.0031 2652	NishService - detected UnsignedFile.Multi.Generic (1)
13:21:34.0062 2652	Nla             (6f5f546a92c7b6ae45db1d6910781eb0) C:\WINDOWS\System32\mswsock.dll
13:21:34.0125 2652	Nla - ok
13:21:34.0156 2652	nm              (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
13:21:34.0296 2652	nm - ok
13:21:34.0328 2652	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:21:34.0468 2652	Npfs - ok
13:21:34.0515 2652	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:21:34.0703 2652	Ntfs - ok
13:21:34.0703 2652	NtLmSsp         (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:21:34.0843 2652	NtLmSsp - ok
13:21:34.0890 2652	NtmsSvc         (037d92b3a7853a183fcab77fb1d13d6c) C:\WINDOWS\system32\ntmssvc.dll
13:21:35.0078 2652	NtmsSvc - ok
13:21:35.0109 2652	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:21:35.0265 2652	Null - ok
13:21:35.0296 2652	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:21:35.0468 2652	NwlnkFlt - ok
13:21:35.0484 2652	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:21:35.0640 2652	NwlnkFwd - ok
13:21:35.0656 2652	NwlnkIpx        (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
13:21:35.0812 2652	NwlnkIpx - ok
13:21:35.0828 2652	NwlnkNb         (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
13:21:35.0984 2652	NwlnkNb - ok
13:21:36.0015 2652	NwlnkSpx        (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
13:21:36.0171 2652	NwlnkSpx - ok
13:21:36.0203 2652	NwSapAgent      (a3c8a87d78c9b46385d67523f3d23ea5) C:\WINDOWS\System32\ipxsap.dll
13:21:36.0359 2652	NwSapAgent - ok
13:21:36.0390 2652	O2Flash         (e8ceb4094828fd742c8fa4bae76bf301) C:\WINDOWS\system32\o2flash.exe
13:21:36.0421 2652	O2Flash ( UnsignedFile.Multi.Generic ) - warning
13:21:36.0421 2652	O2Flash - detected UnsignedFile.Multi.Generic (1)
13:21:36.0437 2652	Parport         (8fd0bdbea875d06ccf6c945ca9abaf75) C:\WINDOWS\system32\drivers\Parport.sys
13:21:36.0578 2652	Parport - ok
13:21:36.0609 2652	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:21:36.0750 2652	PartMgr - ok
13:21:36.0781 2652	ParVdm          (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys
13:21:36.0937 2652	ParVdm - ok
13:21:36.0984 2652	PCAMPR5         (b670c5d89f0726b7a2a7dfb4e968cdf8) C:\WINDOWS\system32\PCAMPR5.SYS
13:21:37.0000 2652	PCAMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:21:37.0000 2652	PCAMPR5 - detected UnsignedFile.Multi.Generic (1)
13:21:37.0015 2652	PCANDIS5        (ecd2f9d67b06606064daf6961a6d5efe) C:\WINDOWS\system32\PCANDIS5.SYS
13:21:37.0031 2652	PCANDIS5 ( UnsignedFile.Multi.Generic ) - warning
13:21:37.0031 2652	PCANDIS5 - detected UnsignedFile.Multi.Generic (1)
13:21:37.0046 2652	PCI             (043410877bda580c528f45165f7125bc) C:\WINDOWS\system32\DRIVERS\pci.sys
13:21:37.0203 2652	PCI - ok
13:21:37.0218 2652	PCIDump - ok
13:21:37.0234 2652	PCIIde          (f4bfde7209c14a07aaa61e4d6ae69eac) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:21:37.0390 2652	PCIIde - ok
13:21:37.0421 2652	Pcmcia          (f0406cbc60bdb0394a0e17ffb04cdd3d) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:21:37.0562 2652	Pcmcia - ok
13:21:37.0562 2652	PDCOMP - ok
13:21:37.0578 2652	PDFRAME - ok
13:21:37.0593 2652	PDRELI - ok
13:21:37.0593 2652	PDRFRAME - ok
13:21:37.0609 2652	perc2 - ok
13:21:37.0609 2652	perc2hib - ok
13:21:37.0656 2652	PlugPlay        (c3fb1d70cb88722267949694ba51759e) C:\WINDOWS\system32\services.exe
13:21:37.0734 2652	PlugPlay - ok
13:21:37.0734 2652	PolicyAgent     (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:21:37.0875 2652	PolicyAgent - ok
13:21:37.0906 2652	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:21:38.0062 2652	PptpMiniport - ok
13:21:38.0062 2652	ProtectedStorage (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:21:38.0218 2652	ProtectedStorage - ok
13:21:38.0250 2652	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:21:38.0390 2652	PSched - ok
13:21:38.0421 2652	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
13:21:38.0437 2652	PSI - ok
13:21:38.0468 2652	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:21:38.0625 2652	Ptilink - ok
13:21:38.0640 2652	ql1080 - ok
13:21:38.0656 2652	Ql10wnt - ok
13:21:38.0656 2652	ql12160 - ok
13:21:38.0671 2652	ql1240 - ok
13:21:38.0687 2652	ql1280 - ok
13:21:38.0703 2652	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:21:38.0859 2652	RasAcd - ok
13:21:38.0890 2652	RasAuto         (78da9ccdac683ef5aa87d1c919f6d221) C:\WINDOWS\System32\rasauto.dll
13:21:39.0031 2652	RasAuto - ok
13:21:39.0046 2652	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:21:39.0203 2652	Rasl2tp - ok
13:21:39.0234 2652	RasMan          (0a48df90b4784f9b90a2671af992c914) C:\WINDOWS\System32\rasmans.dll
13:21:39.0375 2652	RasMan - ok
13:21:39.0390 2652	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:21:39.0531 2652	RasPppoe - ok
13:21:39.0546 2652	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:21:39.0687 2652	Raspti - ok
13:21:39.0718 2652	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:21:39.0859 2652	Rdbss - ok
13:21:39.0875 2652	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:21:40.0015 2652	RDPCDD - ok
13:21:40.0062 2652	RDPWD           (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
13:21:40.0109 2652	RDPWD - ok
13:21:40.0140 2652	RDSessMgr       (9f63d9c5b238ed1c375d417eff3d5be7) C:\WINDOWS\system32\sessmgr.exe
13:21:40.0281 2652	RDSessMgr - ok
13:21:40.0296 2652	redbook         (d8eb2a7904db6c916eb5361878ddcbae) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:21:40.0453 2652	redbook - ok
13:21:40.0468 2652	RemoteAccess    (7da370c31673c99497bd07068ee6e354) C:\WINDOWS\System32\mprdim.dll
13:21:40.0609 2652	RemoteAccess - ok
13:21:40.0625 2652	RpcLocator      (499c59a2584f6d4ea41e944da571d993) C:\WINDOWS\system32\locator.exe
13:21:40.0781 2652	RpcLocator - ok
13:21:40.0828 2652	RpcSs           (0203b1aad358f206cb0a3c1f93cce17a) C:\WINDOWS\system32\rpcss.dll
13:21:40.0937 2652	RpcSs - ok
13:21:40.0984 2652	RSVP            (414964844f4793acb868d057e8ed997e) C:\WINDOWS\system32\rsvp.exe
13:21:41.0171 2652	RSVP - ok
13:21:41.0234 2652	rt2870          (19a0b57164830df3c699e3cc93f68e37) C:\WINDOWS\system32\DRIVERS\rt2870.sys
13:21:41.0281 2652	rt2870 ( UnsignedFile.Multi.Generic ) - warning
13:21:41.0281 2652	rt2870 - detected UnsignedFile.Multi.Generic (1)
13:21:41.0453 2652	RTHDMIAzAudService (eb5a4e5437c643517f9d0fa0535310af) C:\WINDOWS\system32\drivers\RtKHDMI.sys
13:21:41.0609 2652	RTHDMIAzAudService - ok
13:21:41.0781 2652	RTL8192su       (b29eeb1ea7971bd83069eb2e2258d224) C:\WINDOWS\system32\DRIVERS\RTL8192su.sys
13:21:41.0859 2652	RTL8192su - ok
13:21:41.0906 2652	RTLE8023xp      (c6d34a1874cd2b212dc3e788091c64b4) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:21:41.0921 2652	RTLE8023xp - ok
13:21:41.0937 2652	RTLTEAMING - ok
13:21:41.0937 2652	RTLVLAN - ok
13:21:41.0953 2652	RtNdPt5x - ok
13:21:41.0984 2652	SamSs           (91e6024d6d4dcdecdb36c43ecf9bbecb) C:\WINDOWS\system32\lsass.exe
13:21:42.0125 2652	SamSs - ok
13:21:42.0140 2652	SCardSvr        (67949cc8a865296c1333c96a4e1a2d66) C:\WINDOWS\System32\SCardSvr.exe
13:21:42.0296 2652	SCardSvr - ok
13:21:42.0328 2652	Schedule        (55f5c5c1be1a78e285033e432ba01597) C:\WINDOWS\system32\schedsvc.dll
13:21:42.0484 2652	Schedule - ok
13:21:42.0515 2652	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:21:42.0671 2652	Secdrv - ok
13:21:42.0687 2652	seclogon        (5ac311c0af2af5ec221670bb8dc479d3) C:\WINDOWS\System32\seclogon.dll
13:21:42.0843 2652	seclogon - ok
13:21:42.0953 2652	Secunia PSI Agent (456b0b5844575714db0370742cbb7a88) C:\Program Files\Secunia\PSI\PSIA.exe
13:21:43.0000 2652	Secunia PSI Agent - ok
13:21:43.0031 2652	Secunia Update Agent (e5c9695967b022317bb1d96bc15cfda0) C:\Program Files\Secunia\PSI\sua.exe
13:21:43.0062 2652	Secunia Update Agent - ok
13:21:43.0093 2652	SENS            (3531366f38f453d08fe72e7b32dfe786) C:\WINDOWS\system32\sens.dll
13:21:43.0265 2652	SENS - ok
13:21:43.0312 2652	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:21:43.0468 2652	serenum - ok
13:21:43.0484 2652	Serial          (93d313c31f7ad9ea2b75f26075413c7c) C:\WINDOWS\system32\DRIVERS\serial.sys
13:21:43.0625 2652	Serial - ok
13:21:43.0671 2652	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:21:43.0812 2652	Sfloppy - ok
13:21:43.0859 2652	SharedAccess    (f4ce708a7d17a625de6c0fd746d50e88) C:\WINDOWS\System32\ipnathlp.dll
13:21:44.0031 2652	SharedAccess - ok
13:21:44.0062 2652	ShellHWDetection (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:21:44.0093 2652	ShellHWDetection - ok
13:21:44.0093 2652	Simbad - ok
13:21:44.0109 2652	Sparrow - ok
13:21:44.0140 2652	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:21:44.0281 2652	splitter - ok
13:21:44.0312 2652	Spooler         (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:21:44.0343 2652	Spooler - ok
13:21:44.0390 2652	sptd            (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys
13:21:44.0421 2652	sptd - ok
13:21:44.0453 2652	sr              (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
13:21:44.0593 2652	sr - ok
13:21:44.0640 2652	srservice       (6ed29124a1c83bd0cf6b26bd01ca6f6f) C:\WINDOWS\system32\srsvc.dll
13:21:44.0812 2652	srservice - ok
13:21:44.0843 2652	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:21:44.0890 2652	Srv - ok
13:21:44.0906 2652	SSDPSRV         (ea9e0db8684cef2fd3badd671df5a112) C:\WINDOWS\System32\ssdpsrv.dll
13:21:45.0062 2652	SSDPSRV - ok
13:21:45.0093 2652	SSHDRV85        (f0be373861a3f34cfab55c1b7ce1feb5) C:\WINDOWS\system32\drivers\SSHDRV85.sys
13:21:45.0109 2652	SSHDRV85 ( UnsignedFile.Multi.Generic ) - warning
13:21:45.0109 2652	SSHDRV85 - detected UnsignedFile.Multi.Generic (1)
13:21:45.0156 2652	stisvc          (d76b0e8a4ecad1adcc75fd14a7acc54c) C:\WINDOWS\system32\wiaservc.dll
13:21:45.0328 2652	stisvc - ok
13:21:45.0343 2652	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:21:45.0484 2652	swenum - ok
13:21:45.0515 2652	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:21:45.0656 2652	swmidi - ok
13:21:45.0671 2652	SwPrv - ok
13:21:45.0687 2652	symc810 - ok
13:21:45.0687 2652	symc8xx - ok
13:21:45.0703 2652	sym_hi - ok
13:21:45.0718 2652	sym_u3 - ok
13:21:45.0734 2652	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:21:45.0875 2652	sysaudio - ok
13:21:45.0906 2652	SysmonLog       (0899061318a6b1d9596aabfc77f45e44) C:\WINDOWS\system32\smlogsvc.exe
13:21:46.0062 2652	SysmonLog - ok
13:21:46.0093 2652	TapiSrv         (8e5231171ad6595ff002e848cc54fcd7) C:\WINDOWS\System32\tapisrv.dll
13:21:46.0250 2652	TapiSrv - ok
13:21:46.0296 2652	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:21:46.0375 2652	Tcpip - ok
13:21:46.0406 2652	Tcpip6          (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
13:21:46.0437 2652	Tcpip6 - ok
13:21:46.0453 2652	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:21:46.0593 2652	TDPIPE - ok
13:21:46.0609 2652	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:21:46.0765 2652	TDTCP - ok
13:21:46.0781 2652	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:21:46.0937 2652	TermDD - ok
13:21:46.0968 2652	TermService     (710bc85a8c22626ee094439e3ea0d38c) C:\WINDOWS\System32\termsrv.dll
13:21:47.0140 2652	TermService - ok
13:21:47.0171 2652	Themes          (1b8542f338cdd86929a084a455837158) C:\WINDOWS\System32\shsvcs.dll
13:21:47.0203 2652	Themes - ok
13:21:47.0218 2652	TosIde - ok
13:21:47.0234 2652	TrkWks          (e1a84a5067627407a53c2c4f8d8a1d2e) C:\WINDOWS\system32\trkwks.dll
13:21:47.0390 2652	TrkWks - ok
13:21:47.0406 2652	tunmp           (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
13:21:47.0546 2652	tunmp - ok
13:21:47.0562 2652	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:21:47.0718 2652	Udfs - ok
13:21:47.0734 2652	ultra - ok
13:21:47.0781 2652	UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys
13:21:47.0796 2652	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
13:21:47.0796 2652	UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
13:21:47.0828 2652	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:21:48.0000 2652	Update - ok
13:21:48.0046 2652	upnphost        (bd8166a495b02308f364b36249475f22) C:\WINDOWS\System32\upnphost.dll
13:21:48.0187 2652	upnphost - ok
13:21:48.0203 2652	UPS             (1edc93d7bd731b5ca6248ae245099b60) C:\WINDOWS\System32\ups.exe
13:21:48.0359 2652	UPS - ok
13:21:48.0390 2652	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:21:48.0531 2652	usbccgp - ok
13:21:48.0546 2652	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:21:48.0703 2652	usbehci - ok
13:21:48.0734 2652	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:21:48.0875 2652	usbhub - ok
13:21:48.0906 2652	usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:21:49.0046 2652	usbprint - ok
13:21:49.0062 2652	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:21:49.0203 2652	usbstor - ok
13:21:49.0203 2652	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:21:49.0359 2652	usbuhci - ok
13:21:49.0375 2652	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:21:49.0515 2652	VgaSave - ok
13:21:49.0531 2652	ViaIde - ok
13:21:49.0546 2652	VolSnap         (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
13:21:49.0687 2652	VolSnap - ok
13:21:49.0718 2652	VSS             (5a4da252b2c0550ab83d129c02cf6c19) C:\WINDOWS\System32\vssvc.exe
13:21:49.0906 2652	VSS - ok
13:21:49.0921 2652	W32Time         (c1f726ee0b043b074a68992bc4aef8fd) C:\WINDOWS\system32\w32time.dll
13:21:50.0093 2652	W32Time - ok
13:21:50.0109 2652	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:21:50.0250 2652	Wanarp - ok
13:21:50.0265 2652	WDICA - ok
13:21:50.0281 2652	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:21:50.0421 2652	wdmaud - ok
13:21:50.0453 2652	WebClient       (714670e64fbe6d28d99871ed9a52a334) C:\WINDOWS\System32\webclnt.dll
13:21:50.0593 2652	WebClient - ok
13:21:50.0656 2652	winmgmt         (5e9deae9980ff34bcd6dde2e9e2bf911) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:21:50.0812 2652	winmgmt - ok
13:21:50.0875 2652	WinRM           (9595464710862b17e399818ab114bd5e) C:\WINDOWS\system32\WsmSvc.dll
13:21:51.0031 2652	WinRM - ok
13:21:51.0078 2652	WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:21:51.0109 2652	WmdmPmSN - ok
13:21:51.0156 2652	WmiApSrv        (4e8e8a58f56b25d0795f484e5eb7f898) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:21:51.0312 2652	WmiApSrv - ok
13:21:51.0406 2652	WMPNetworkSvc   (c9bea742ce225cc993c9465fddae4656) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:21:51.0484 2652	WMPNetworkSvc - ok
13:21:51.0609 2652	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:21:51.0640 2652	WPFFontCache_v0400 - ok
13:21:51.0718 2652	wscsvc          (c1fd85db4a80a98d60ecb7a828e77fe0) C:\WINDOWS\system32\wscsvc.dll
13:21:51.0890 2652	wscsvc - ok
13:21:51.0890 2652	wuauserv        (75d6c5c3d2c93b1f9931e5dfb693ae2a) C:\WINDOWS\system32\wuauserv.dll
13:21:52.0046 2652	wuauserv - ok
13:21:52.0109 2652	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:21:52.0140 2652	WudfPf - ok
13:21:52.0156 2652	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:21:52.0187 2652	WudfRd - ok
13:21:52.0203 2652	WudfSvc         (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:21:52.0250 2652	WudfSvc - ok
13:21:52.0296 2652	WZCSVC          (c336e54ee0c291a02f004667db1e66cb) C:\WINDOWS\System32\wzcsvc.dll
13:21:52.0453 2652	WZCSVC - ok
13:21:52.0484 2652	xmlprov         (f92a87fdda0c11c8604fbc2b864fa726) C:\WINDOWS\System32\xmlprov.dll
13:21:52.0640 2652	xmlprov - ok
13:21:52.0671 2652	MBR (0x1B8)     (c99c3199cfaa4cbdcd91493f6d113a50) \Device\Harddisk0\DR0
13:21:53.0171 2652	\Device\Harddisk0\DR0 - ok
13:21:53.0171 2652	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
13:21:53.0312 2652	\Device\Harddisk1\DR2 - ok
13:21:53.0312 2652	Boot (0x1200)   (1ec36d3f6592b3f712a7165c99d8f6a4) \Device\Harddisk0\DR0\Partition0
13:21:53.0312 2652	\Device\Harddisk0\DR0\Partition0 - ok
13:21:53.0328 2652	Boot (0x1200)   (4f66dc648c06d883c2cb008695ad59cb) \Device\Harddisk1\DR2\Partition0
13:21:53.0328 2652	\Device\Harddisk1\DR2\Partition0 - ok
13:21:53.0328 2652	============================================================
13:21:53.0328 2652	Scan finished
13:21:53.0328 2652	============================================================
13:21:53.0437 3720	Detected object count: 10
13:21:53.0437 3720	Actual detected object count: 10
13:22:39.0859 3720	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0859 3720	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0859 3720	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0859 3720	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0859 3720	MGHwCtrl ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0859 3720	MGHwCtrl ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0875 3720	NishService ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0875 3720	NishService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0875 3720	O2Flash ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0875 3720	O2Flash ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0875 3720	PCAMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0875 3720	PCAMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0875 3720	PCANDIS5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0875 3720	PCANDIS5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0890 3720	rt2870 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0890 3720	rt2870 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0890 3720	SSHDRV85 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0890 3720	SSHDRV85 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:22:39.0890 3720	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:22:39.0890 3720	UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 18.07.2012, 11:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Tenreijo · 18.07.2012, 12:14

Hier ist das Log von Combofix:

Code:

ATTFilter

ComboFix 12-07-16.01 - ****** 18/07/2012  12:52:38.1.2 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.2047.1593 [GMT 2:00]
Lancé depuis: c:\documents and settings\******\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
 * Un nouveau point de restauration a été créé
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\******\Local Settings\Tempals_inst.exe
C:\install.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2012-06-18 au 2012-07-18  ))))))))))))))))))))))))))))))))))))
.
.
2012-07-16 19:40 . 2012-07-16 19:40	--------	d-----w-	C:\_OTL
2012-07-13 16:26 . 2012-07-13 16:26	--------	d-----w-	c:\program files\ESET
2012-07-02 15:09 . 2012-07-02 16:02	--------	d-----w-	c:\documents and settings\******\Local Settings\Application Data\DOSBox
2012-07-02 14:37 . 2012-07-02 15:05	--------	d-----w-	C:\DOS
2012-07-01 23:36 . 2012-07-01 23:36	--------	d--h--w-	c:\windows\PIF
2012-06-29 17:39 . 2012-06-29 17:39	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-06-25 16:10 . 2012-06-25 16:10	--------	d-----w-	c:\documents and settings\******\dwhelper
2012-06-25 13:27 . 2012-06-14 22:19	85472	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-06-25 13:27 . 2012-06-14 22:16	770384	----a-w-	c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-25 13:27 . 2012-06-14 22:16	421200	----a-w-	c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-25 13:06 . 2012-06-25 13:06	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-06-20 06:46 . 2012-06-20 06:46	--------	d-----w-	c:\documents and settings\Administrateur
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2010-11-22 01:56	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-03-02 12:14	721000	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-11-22 01:56	353688	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-11-22 01:56	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-11-22 01:56	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-11-22 01:56	97608	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2010-11-22 01:56	89624	----a-w-	c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2010-11-22 01:56	25256	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-11-22 01:56	41224	----a-w-	c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-11-22 01:56	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2010-12-06 16:10	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-25 13:06 . 2011-06-09 19:27	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-06-25 13:06 . 2010-11-10 01:55	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-13 13:55 . 2004-08-05 12:00	1866240	----a-w-	c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2009-08-19 16:07	1372672	------w-	c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2004-08-05 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-05 12:00	152576	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2010-11-09 20:25	16408	----a-w-	c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2010-11-01 11:26	329240	----a-w-	c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2010-11-01 11:26	210968	----a-w-	c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-11-01 11:26	219160	----a-w-	c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2010-11-09 20:26	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2010-11-01 11:26	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2010-11-01 11:26	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 13:19 . 2004-08-05 12:00	97304	----a-w-	c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2010-11-09 20:26	19480	----a-w-	c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2010-11-09 20:26	16408	----a-w-	c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2010-11-01 11:26	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-11-09 20:26	25112	----a-w-	c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-11-01 11:26	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-05 12:00	606208	----a-w-	c:\windows\system32\crypt32.dll
2012-05-16 15:06 . 2004-08-05 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-05-11 14:40 . 2004-08-05 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2012-05-11 14:40 . 2004-08-05 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-05 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-05-05 03:15 . 2004-08-05 12:00	2150400	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2004-08-04 00:49	2028544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:47 . 2010-11-01 11:22	139656	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-21 10:17 . 2010-11-11 01:21	477240	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-06-14 22:19 . 2012-06-25 13:27	85472	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1867888]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-11-02 19580520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0aswBoot.exe /M:d7880c91
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Secunia PSI Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Sitecom 300N USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Sitecom 300N USB Wireless LAN Utility.lnk
backup=c:\windows\pss\Sitecom 300N USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^*******^Menu Démarrer^Programmes^Démarrage^Secunia PSI.lnk]
path=c:\documents and settings\*******\Menu Démarrer\Programmes\Démarrage\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^******^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.4.lnk]
path=c:\documents and settings\******\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^******^Menu Démarrer^Programmes^Démarrage^Secunia PSI.lnk]
path=c:\documents and settings\******\Menu Démarrer\Programmes\Démarrage\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^*****^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 3.4.lnk]
path=c:\documents and settings\*****\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.4.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^*****^Menu Démarrer^Programmes^Démarrage^Secunia PSI.lnk]
path=c:\documents and settings\*****\Menu Démarrer\Programmes\Démarrage\Secunia PSI.lnk
backup=c:\windows\pss\Secunia PSI.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-17 15:19	3671872	----a-w-	c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
2006-12-13 16:13	180736	----a-w-	c:\program files\System Control Manager\MGSysCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2007-12-12 08:50	107248	----a-w-	c:\program files\OrangeHSS\SessionManager\SessionManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 15:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02	254696	----a-w-	c:\program files\Fichiers communs\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\SITECOM\\300N USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Gestion à distance de Windows 
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/03/2011 14:14 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [22/11/2010 03:56 353688]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [17/10/2011 13:49 78848]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22/11/2010 03:56 21256]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [05/01/2011 12:31 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [05/01/2011 12:31 399416]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [29/06/2012 19:39 242240]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [11/11/2010 02:01 113896]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [01/11/2010 14:07 9088]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 10:30 15544]
S2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [01/11/2010 14:07 40960]
S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt5x.sys --> c:\windows\system32\DRIVERS\RtNdPt5x.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [10/11/2010 06:44 1691480]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [10/11/2010 06:11 101904]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [08/05/2012 20:04 113120]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [01/12/2010 15:39 594048]
S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\DRIVERS\RTLTEAMING.SYS --> c:\windows\system32\DRIVERS\RTLTEAMING.SYS [?]
S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\DRIVERS\RTLVLAN.SYS --> c:\windows\system32\DRIVERS\RTLVLAN.SYS [?]
.
Contenu du dossier 'Tâches planifiées'
.
2012-07-18 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-06-29 16:21]
.
.
------- Examen supplémentaire -------
.
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\******\Application Data\Mozilla\Firefox\Profiles\ysf54h3b.default\
.
- - - - ORPHELINS SUPPRIMES - - - -
.
AddRemove-{DADC7AB0-E554-4705-9F6A-83EA82ED708E} - c:\program files\InstallShield Installation Information\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-18 12:57
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ... 
.
Recherche d'éléments en démarrage automatique cachés ... 
.
Recherche de fichiers cachés ... 
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Heure de fin: 2012-07-18  13:02:09
ComboFix-quarantined-files.txt  2012-07-18 11:02
.
Avant-CF: 5*155*287*040 octets libres
Après-CF: 5*102*231*552 octets libres
.
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /noexecute=optin /usepmtimer /3GB
.
- - End Of File - - E998717EB789745A04D104803BEF345D

cosinus · 18.07.2012, 19:37

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Tenreijo · 19.07.2012, 03:59

Hier sind die Logs von:

Osam

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 03:03:31 on 19.07.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - "AVAST Software" - C:\WINDOWS\system32\aswBoot.exe

[Common]
-----( %SystemRoot%\Tasks )-----
"avast! Emergency Update.job" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastEmUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.7.5.0" (AegisP) - "Cisco Systems, Inc." - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"avast! Standard Shield Support" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"azu36ve8" (azu36ve8) - "Microsoft Corporation" - C:\WINDOWS\system32\drivers\azu36ve8.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"catchme" (catchme) - ? - C:\DOCUME~1\******\LOCALS~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"KeyScrambler" (KeyScrambler) - "QFX Software Corporation" - C:\WINDOWS\System32\drivers\keyscrambler.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"MGHwCtrl" (MGHwCtrl) - "Windows (R) 2000 DDK provider" - C:\WINDOWS\system32\drivers\MGHwCtrl.sys
"pbfilter" (pbfilter) - ? - C:\Program Files\PeerBlock\pbfilter.sys  (File found, but it contains no detailed information)
"PCAMPR5 NDIS Protocol Driver" (PCAMPR5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCAMPR5.SYS
"PCANDIS5 NDIS Protocol Driver" (PCANDIS5) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\system32\PCANDIS5.SYS
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PSI" (PSI) - "Secunia" - C:\WINDOWS\System32\DRIVERS\psi_mf.sys
"Ralink 802.11n USB Wireless LAN Card Driver" (rt2870) - "Ralink Technology, Corp." - C:\WINDOWS\System32\DRIVERS\rt2870.sys
"Realtek Intermediate Driver for Ethernet Extended Features" (RTLTEAMING) - ? - C:\WINDOWS\System32\DRIVERS\RTLTEAMING.SYS  (File not found)
"Realtek NDIS Protocol Driver" (RtNdPt5x) - ? - C:\WINDOWS\System32\DRIVERS\RtNdPt5x.sys  (File not found)
"Realtek VLAN Intermediate Driver" (RTLVLAN) - ? - C:\WINDOWS\System32\DRIVERS\RTLVLAN.SYS  (File not found)
"sptd" (sptd) - "Duplex Secure Ltd." - C:\WINDOWS\System32\Drivers\sptd.sys
"SSHDRV85" (SSHDRV85) - ? - C:\WINDOWS\system32\drivers\SSHDRV85.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\ashShell.dll
{872A9397-E0D6-4e28-B64D-52B8D0A7EA35} "DisplayCplExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamaxx.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "Extension Affichage Panorama du Panneau de configuration" - ? -   (File not found | COM-object registry key not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Extensions de l'environnement de compression de fichiers" - ? -   (File not found | COM-object registry key not found)
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Menu contextuel de cryptage" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - "Advanced Micro Devices, Inc." - c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)
{8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? -   (File not found | COM-object registry key not found)
{8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre1.6.0_22\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_33" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_33.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{B745F984-EF2E-40D6-A9AC-D8CED7230E61} "ClsidExtension" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
{2B9F5787-88A5-4945-90E7-C4B18563BC5E} "CKeyScramblerBHO Object" - "QFX Software Corporation" - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

[Logon]
-----( %AllUsersProfile%\Menu Démarrer\Programmes\Démarrage )-----
"desktop.ini" - ? - C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-----( %UserProfile%\Menu Démarrer\Programmes\Démarrage )-----
"desktop.ini" - ? - C:\Documents and Settings\******\Menu Démarrer\Programmes\Démarrage\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"PeerBlock" - "PeerBlock, LLC" - C:\Program Files\PeerBlock\peerblock.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
"Gestion d'applications" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"O2Micro Flash Memory" (O2Flash) - ? - C:\WINDOWS\system32\o2flash.exe  (File found, but it contains no detailed information)
"SCM Driver Daemon" (NishService) - ? - C:\Program Files\System Control Manager\edd.exe  (File found, but it contains no detailed information)
"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe
"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe
"Service d'état ASP.NET" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Installation de logiciel" - ? - appmgmts.dll  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Gmer

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-19 04:28:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 ExcelStor_Technology_J880S rev.PF2OA60A
Running: 30fhpqri.exe; Driver: C:\DOCUME~1\******\LOCALS~1\Temp\fglcrfow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwAddBootEntry [0xEE66A536]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwAllocateVirtualMemory [0xEE73B7BA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwAssignProcessToJobObject [0xEE66AF52]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwClose [0xEE6AAC31]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateEvent [0xEE675D7A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateEventPair [0xEE675DC6]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateIoCompletion [0xEE675F48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateKey [0xEE6AA5E5]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateMutant [0xEE675CE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateSection [0xEE675E0A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateSemaphore [0xEE675D30]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateThread [0xEE66B146]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwCreateTimer [0xEE675F02]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDebugActiveProcess [0xEE66B8CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDeleteBootEntry [0xEE66A584]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDeleteKey [0xEE6AB2F7]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDeleteValueKey [0xEE6AB5AD]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwDuplicateObject [0xEE66EF36]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwEnumerateKey [0xEE6AB162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwEnumerateValueKey [0xEE6AAFCD]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwFreeVirtualMemory [0xEE73B89E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwLoadDriver [0xEE66A1EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwModifyBootEntry [0xEE66A5D2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwNotifyChangeKey [0xEE66F2A8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwNotifyChangeMultipleKeys [0xEE66C292]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenEvent [0xEE675DA4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenEventPair [0xEE675DE8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenIoCompletion [0xEE675F6C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenKey [0xEE6AA941]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenMutant [0xEE675D0E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenProcess [0xEE66EAAC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenSection [0xEE675E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenSemaphore [0xEE675D58]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenThread [0xEE66ECDE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwOpenTimer [0xEE675F26]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwProtectVirtualMemory [0xEE73BA1E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwQueryKey [0xEE6AAE48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwQueryObject [0xEE66C15E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwQueryValueKey [0xEE6AAC9A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwQueueApcThread [0xEE66BD08]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwRenameKey [0xEE747338]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwRestoreKey [0xEE6A9C58]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetBootEntryOrder [0xEE66A620]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetBootOptions [0xEE66A66E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetContextThread [0xEE66B74A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetSystemInformation [0xEE66A276]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetSystemPowerState [0xEE66A426]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSetValueKey [0xEE6AB3FE]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwShutdownSystem [0xEE66A3CC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSuspendProcess [0xEE66BA2C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSuspendThread [0xEE66BB88]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwSystemDebugControl [0xEE66A496]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwTerminateProcess [0xEE66B468]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwTerminateThread [0xEE66B5CA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwVdmControl [0xEE66A6BC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                     ZwWriteVirtualMemory [0xEE66AF96]

INT 0x63        ?                                                                                                                         FAF54E54
INT 0x73        ?                                                                                                                         FA5EFE54
INT 0x83        ?                                                                                                                         FAFB6C3C
INT 0x84        ?                                                                                                                         FA977E54
INT 0x92        ?                                                                                                                         FAA587E4
INT 0x93        ?                                                                                                                         FAD4B2AC
INT 0x94        ?                                                                                                                         FA95E644
INT 0xA4        ?                                                                                                                         FAA227A4
INT 0xB1        ?                                                                                                                         FAF5A2AC
INT 0xB4        ?                                                                                                                         FAADF644

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ZwCreateProcessEx [0xEE753744]
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                     ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 122                                                                                       E0B9497C 4 Bytes  CALL A3A7B0DD 
.text           ntoskrnl.exe!ZwYieldExecution + 25E                                                                                       E0B94AB8 4 Bytes  JMP 84F6EE66 
.text           ntoskrnl.exe!ZwYieldExecution + 3C2                                                                                       E0B94C1C 12 Bytes  [20, A6, 66, EE, 6E, A6, 66, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 46A                                                                                       E0B94CC4 12 Bytes  [2C, BA, 66, EE, 88, BB, 66, ...]
PAGE            ntoskrnl.exe!ObInsertObject                                                                                               E0C1DA64 5 Bytes  JMP EE7520FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                               E0C26705 4 Bytes  CALL EE66C943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ZwCreateProcessEx                                                                                            E0C3B7F4 7 Bytes  JMP EE753748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                        E0C90536 5 Bytes  JMP EE75061C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.sptd1          C:\WINDOWS\system32\drivers\sptd.sys                                                                                      entry point in ".sptd1" section [0xF6842B2E]
.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                  section is writeable [0xF579F000, 0x275B27, 0xE8000020]
.text           azu36ve8.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7                                                                             F569E900 48 Bytes  [3D, 54, DB, 53, 6D, 8B, 1F, ...]
?               C:\WINDOWS\System32\Drivers\azu36ve8.SYS                                                                                  suspicious PE modification
.text           C:\WINDOWS\system32\drivers\SSHDRV85.sys                                                                                  section is writeable [0xEEA1B000, 0x24A24, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\SSHDRV85.sys                                                                                  entry point in ".pklstb" section [0xEEA4E000]
.relo2          C:\WINDOWS\system32\drivers\SSHDRV85.sys                                                                                  unknown last section [0xEEA64000, 0x8E, 0x42000040]
.text           win32k.sys!EngFreeUserMem + 674                                                                                           DE00992D 5 Bytes  JMP EE6708C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFreeUserMem + 35D0                                                                                          DE00C889 5 Bytes  JMP EE6707B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                                          DE013921 5 Bytes  JMP EE67076A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3                                                                                  DE01C58B 5 Bytes  JMP EE66FE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 79A8                                                                                         DE0240FB 5 Bytes  JMP EE66F538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + F9C                                                                                          DE028A65 5 Bytes  JMP EE670A2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                                      DE0314B0 5 Bytes  JMP EE670C32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B687                                                                                      DE039EE7 5 Bytes  JMP EE670670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!FONTOBJ_pxoGetXform + 84ED                                                                                     DE051775 5 Bytes  JMP EE66F3FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + F17                                                                                          DE05BCAA 5 Bytes  JMP EE66FEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3581                                                                                         DE05E314 5 Bytes  JMP EE66F992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 360C                                                                                         DE05E39F 5 Bytes  JMP EE66FC58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 88                                                                                          DE05F612 5 Bytes  JMP EE66F3E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 5457                                                                                        DE0649E1 5 Bytes  JMP EE6707FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 35FB                                                                                   DE0731DB 5 Bytes  JMP EE66FA52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 4138                                                                                   DE073D18 5 Bytes  JMP EE66FC12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetLastError + 1606                                                                                         DE090E16 5 Bytes  JMP EE66FEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGradientFill + 26EE                                                                                         DE0943C1 5 Bytes  JMP EE670972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 583                                                                                         DE094E99 5 Bytes  JMP EE670B90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 3862                                                                                             DE09C24E 5 Bytes  JMP EE66FE04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 4DF7                                                                                             DE09D7E3 5 Bytes  JMP EE66F5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngEraseSurface + A9E0                                                                                         DE0C1D20 5 Bytes  JMP EE66F6B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                             DE0CA1B1 2 Bytes  JMP EE66F790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 151A                                                                                             DE0CA1B4 2 Bytes  [5A, 10]
.text           win32k.sys!EngFillPath + 1797                                                                                             DE0CA431 5 Bytes  JMP EE66F8BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3AFB                                                                                      DE0EBDB4 5 Bytes  JMP EE66F2DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + CB0D                                                                                      DE0F4DC6 5 Bytes  JMP EE66FE34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 1A2F                                                                                           DE1142E4 5 Bytes  JMP EE66F4D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 2603                                                                                           DE114EB8 5 Bytes  JMP EE66F664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4F7C                                                                                           DE117831 5 Bytes  JMP EE66FD72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngPlgBlt + 1947                                                                                               DE147980 5 Bytes  JMP EE670AE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!RtlDosSearchPath_U + 186                                             7C926865 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] kernel32.dll!GetBinaryTypeW + 80                                               7C868D8C 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 003A0600 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWindowsHookExW                                                   7E3A820F 5 Bytes  JMP 003B0804 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWindowsHookEx                                                 7E3AD5F3 3 Bytes  JMP 003B0A08 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWindowsHookEx + 4                                             7E3AD5F7 1 Byte  [82]
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWindowsHookExA                                                   7E3B1211 5 Bytes  JMP 003B0600 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!SetWinEventHook                                                     7E3B17F7 5 Bytes  JMP 003B01F8 
.text           C:\Program Files\Secunia\PSI\PSIA.exe[492] USER32.dll!UnhookWinEvent                                                      7E3B18AC 5 Bytes  JMP 003B03FC 
.text           C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrLoadDll                                                                 7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!RtlDosSearchPath_U + 186                                                   7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll                                                               7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 80                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!SetServiceObjectSecurity                                                77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigA                                                    77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigW                                                    77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2A                                                   77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2W                                                   77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceA                                                          77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceW                                                          77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!DeleteService                                                           77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW                                                         7E3A820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx                                                       7E3AD5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA                                                         7E3B1211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWinEventHook                                                           7E3B17F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWinEvent                                                            7E3B18AC 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\smss.exe[824] ntdll.dll!RtlDosSearchPath_U + 186                                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[888] ntdll.dll!RtlDosSearchPath_U + 186                                                     7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[888] KERNEL32.dll!GetBinaryTypeW + 80                                                       7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[904] ntdll.dll!RtlDosSearchPath_U + 186                                                   7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\wscntfy.exe[904] kernel32.dll!GetBinaryTypeW + 80                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[928] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[928] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[972] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[972] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[984] ntdll.dll!RtlDosSearchPath_U + 186                                                     7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[984] kernel32.dll!GetBinaryTypeW + 80                                                       7C868D8C 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!LdrLoadDll                                                         7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186                                           7C926865 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ntdll.dll!LdrUnloadDll                                                       7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] kernel32.dll!GetBinaryTypeW + 80                                             7C868D8C 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity                                        77E06D81 3 Bytes  JMP 00391014 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity + 4                                    77E06D85 1 Byte  [88]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfigA                                            77E06E69 5 Bytes  JMP 00390804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfigW                                            77E07001 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A                                           77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W                                           77E07189 5 Bytes  JMP 00390E10 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!CreateServiceA                                                  77E07211 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!CreateServiceW                                                  77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] ADVAPI32.dll!DeleteService                                                   77E074B1 5 Bytes  JMP 00390600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWindowsHookExW                                                 7E3A820F 5 Bytes  JMP 003A0804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!UnhookWindowsHookEx                                               7E3AD5F3 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWindowsHookExA                                                 7E3B1211 5 Bytes  JMP 003A0600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!SetWinEventHook                                                   7E3B17F7 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[1124] USER32.dll!UnhookWinEvent                                                    7E3B18AC 5 Bytes  JMP 003A03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1160] ntdll.dll!RtlDosSearchPath_U + 186                                                 7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1160] kernel32.dll!GetBinaryTypeW + 80                                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrLoadDll                                                                        7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C926865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!LdrUnloadDll                                                                      7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\Explorer.EXE[1440] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!SetServiceObjectSecurity                                                       77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigA                                                           77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfigW                                                           77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceA                                                                 77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!CreateServiceW                                                                 77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\Explorer.EXE[1440] ADVAPI32.dll!DeleteService                                                                  77E074B1 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExW                                                                7E3A820F 5 Bytes  JMP 002D0804 
.text           C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWindowsHookEx                                                              7E3AD5F3 5 Bytes  JMP 002D0A08 
.text           C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWindowsHookExA                                                                7E3B1211 5 Bytes  JMP 002D0600 
.text           C:\WINDOWS\Explorer.EXE[1440] USER32.dll!SetWinEventHook                                                                  7E3B17F7 5 Bytes  JMP 002D01F8 
.text           C:\WINDOWS\Explorer.EXE[1440] USER32.dll!UnhookWinEvent                                                                   7E3B18AC 5 Bytes  JMP 002D03FC 
.text           C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1624] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1624] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!LdrLoadDll                                                7C92632D 5 Bytes  JMP 001401F8 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!RtlDosSearchPath_U + 186                                  7C926865 1 Byte  [62]
.text           C:\Program Files\System Control Manager\edd.exe[1636] ntdll.dll!LdrUnloadDll                                              7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\Program Files\System Control Manager\edd.exe[1636] kernel32.dll!GetBinaryTypeW + 80                                    7C868D8C 1 Byte  [62]
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!SetServiceObjectSecurity                               77E06D81 5 Bytes  JMP 00381014 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfigA                                   77E06E69 5 Bytes  JMP 00380804 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfigW                                   77E07001 5 Bytes  JMP 00380A08 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A                                  77E07101 5 Bytes  JMP 00380C0C 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W                                  77E07189 5 Bytes  JMP 00380E10 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!CreateServiceA                                         77E07211 5 Bytes  JMP 003801F8 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!CreateServiceW                                         77E073A9 5 Bytes  JMP 003803FC 
.text           C:\Program Files\System Control Manager\edd.exe[1636] ADVAPI32.dll!DeleteService                                          77E074B1 5 Bytes  JMP 00380600 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] ntdll.dll!RtlDosSearchPath_U + 186                              7C926865 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter                        7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] kernel32.dll!GetBinaryTypeW + 80                                7C868D8C 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186                               7C926865 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] kernel32.dll!GetBinaryTypeW + 80                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1788] ntdll.dll!RtlDosSearchPath_U + 186                                                 7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1788] kernel32.dll!GetBinaryTypeW + 80                                                   7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1860] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1860] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!LdrLoadDll                                                                7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\system32\o2flash.exe[1980] ntdll.dll!LdrUnloadDll                                                              7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\system32\o2flash.exe[1980] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity                                               77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfigA                                                   77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfigW                                                   77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A                                                  77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W                                                  77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!CreateServiceA                                                         77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!CreateServiceW                                                         77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\system32\o2flash.exe[1980] ADVAPI32.dll!DeleteService                                                          77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWindowsHookExW                                                        7E3A820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!UnhookWindowsHookEx                                                      7E3AD5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWindowsHookExA                                                        7E3B1211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!SetWinEventHook                                                          7E3B17F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\system32\o2flash.exe[1980] USER32.dll!UnhookWinEvent                                                           7E3B18AC 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!LdrLoadDll                                                                         7C92632D 5 Bytes  JMP 001401F8 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!RtlDosSearchPath_U + 186                                                           7C926865 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ntdll.dll!LdrUnloadDll                                                                       7C9271CD 5 Bytes  JMP 001403FC 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] kernel32.dll!GetBinaryTypeW + 80                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E06D81 5 Bytes  JMP 00381014 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfigA                                                            77E06E69 5 Bytes  JMP 00380804 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfigW                                                            77E07001 5 Bytes  JMP 00380A08 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfig2A                                                           77E07101 5 Bytes  JMP 00380C0C 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!ChangeServiceConfig2W                                                           77E07189 5 Bytes  JMP 00380E10 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!CreateServiceA                                                                  77E07211 5 Bytes  JMP 003801F8 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!CreateServiceW                                                                  77E073A9 5 Bytes  JMP 003803FC 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] ADVAPI32.dll!DeleteService                                                                   77E074B1 5 Bytes  JMP 00380600 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWindowsHookExW                                                                 7E3A820F 5 Bytes  JMP 00390804 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!UnhookWindowsHookEx                                                               7E3AD5F3 5 Bytes  JMP 00390A08 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWindowsHookExA                                                                 7E3B1211 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!SetWinEventHook                                                                   7E3B17F7 5 Bytes  JMP 003901F8 
.text           C:\WINDOWS\RTHDCPL.EXE[2120] USER32.dll!UnhookWinEvent                                                                    7E3B18AC 5 Bytes  JMP 003903FC 
.text           C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrLoadDll                                                                7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186                                                  7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2608] ntdll.dll!LdrUnloadDll                                                              7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\svchost.exe[2608] kernel32.dll!GetBinaryTypeW + 80                                                    7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity                                               77E06D81 5 Bytes  JMP 002B1014 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigA                                                   77E06E69 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfigW                                                   77E07001 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A                                                  77E07101 5 Bytes  JMP 002B0C0C 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W                                                  77E07189 5 Bytes  JMP 002B0E10 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceA                                                         77E07211 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!CreateServiceW                                                         77E073A9 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\svchost.exe[2608] ADVAPI32.dll!DeleteService                                                          77E074B1 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWindowsHookExW                                                        7E3A820F 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!UnhookWindowsHookEx                                                      7E3AD5F3 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWindowsHookExA                                                        7E3B1211 5 Bytes  JMP 002C0600 
.text           C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!SetWinEventHook                                                          7E3B17F7 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\svchost.exe[2608] USER32.dll!UnhookWinEvent                                                           7E3B18AC 5 Bytes  JMP 002C03FC 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!LdrLoadDll                                                  7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186                                    7C926865 1 Byte  [62]
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ntdll.dll!LdrUnloadDll                                                7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] kernel32.dll!GetBinaryTypeW + 80                                      7C868D8C 1 Byte  [62]
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity                                 77E06D81 5 Bytes  JMP 003A1014 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfigA                                     77E06E69 5 Bytes  JMP 003A0804 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfigW                                     77E07001 5 Bytes  JMP 003A0A08 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A                                    77E07101 5 Bytes  JMP 003A0C0C 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W                                    77E07189 5 Bytes  JMP 003A0E10 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!CreateServiceA                                           77E07211 5 Bytes  JMP 003A01F8 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!CreateServiceW                                           77E073A9 5 Bytes  JMP 003A03FC 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] ADVAPI32.dll!DeleteService                                            77E074B1 5 Bytes  JMP 003A0600 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWindowsHookExW                                          7E3A820F 5 Bytes  JMP 003B0804 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWindowsHookEx                                        7E3AD5F3 3 Bytes  JMP 003B0A08 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWindowsHookEx + 4                                    7E3AD5F7 1 Byte  [82]
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWindowsHookExA                                          7E3B1211 5 Bytes  JMP 003B0600 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!SetWinEventHook                                            7E3B17F7 5 Bytes  JMP 003B01F8 
.text           C:\Program Files\DAEMON Tools Lite\DTLite.exe[2808] USER32.dll!UnhookWinEvent                                             7E3B18AC 5 Bytes  JMP 003B03FC 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!LdrLoadDll                                                           7C92632D 5 Bytes  JMP 001501F8 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!RtlDosSearchPath_U + 186                                             7C926865 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ntdll.dll!LdrUnloadDll                                                         7C9271CD 5 Bytes  JMP 001503FC 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] kernel32.dll!GetBinaryTypeW + 80                                               7C868D8C 1 Byte  [62]
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity                                          77E06D81 3 Bytes  JMP 00391014 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity + 4                                      77E06D85 1 Byte  [88]
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfigA                                              77E06E69 5 Bytes  JMP 00390804 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfigW                                              77E07001 5 Bytes  JMP 00390A08 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A                                             77E07101 5 Bytes  JMP 00390C0C 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W                                             77E07189 5 Bytes  JMP 00390E10 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!CreateServiceA                                                    77E07211 5 Bytes  JMP 003901F8 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!CreateServiceW                                                    77E073A9 5 Bytes  JMP 003903FC 
.text           C:\Program Files\Secunia\PSI\sua.exe[3272] ADVAPI32.dll!DeleteService                                                     77E074B1 5 Bytes  JMP 00390600 
.text           C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrLoadDll                                                                    7C92632D 5 Bytes  JMP 000901F8 
.text           C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!RtlDosSearchPath_U + 186                                                      7C926865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3604] ntdll.dll!LdrUnloadDll                                                                  7C9271CD 5 Bytes  JMP 000903FC 
.text           C:\WINDOWS\System32\alg.exe[3604] kernel32.dll!GetBinaryTypeW + 80                                                        7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWindowsHookExW                                                            7E3A820F 5 Bytes  JMP 002B0804 
.text           C:\WINDOWS\System32\alg.exe[3604] USER32.dll!UnhookWindowsHookEx                                                          7E3AD5F3 5 Bytes  JMP 002B0A08 
.text           C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWindowsHookExA                                                            7E3B1211 5 Bytes  JMP 002B0600 
.text           C:\WINDOWS\System32\alg.exe[3604] USER32.dll!SetWinEventHook                                                              7E3B17F7 5 Bytes  JMP 002B01F8 
.text           C:\WINDOWS\System32\alg.exe[3604] USER32.dll!UnhookWinEvent                                                               7E3B18AC 5 Bytes  JMP 002B03FC 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!SetServiceObjectSecurity                                                   77E06D81 5 Bytes  JMP 002C1014 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfigA                                                       77E06E69 5 Bytes  JMP 002C0804 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfigW                                                       77E07001 5 Bytes  JMP 002C0A08 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfig2A                                                      77E07101 5 Bytes  JMP 002C0C0C 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!ChangeServiceConfig2W                                                      77E07189 5 Bytes  JMP 002C0E10 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!CreateServiceA                                                             77E07211 5 Bytes  JMP 002C01F8 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!CreateServiceW                                                             77E073A9 5 Bytes  JMP 002C03FC 
.text           C:\WINDOWS\System32\alg.exe[3604] ADVAPI32.dll!DeleteService                                                              77E074B1 5 Bytes  JMP 002C0600 
.text           C:\Documents and Settings\******\Bureau\30fhpqri.exe[3684] ntdll.dll!RtlDosSearchPath_U + 186                              7C926865 1 Byte  [62]
.text           C:\Documents and Settings\******\Bureau\30fhpqri.exe[3684] kernel32.dll!GetBinaryTypeW + 80                                7C868D8C 1 Byte  [62]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG]                                                           [F674E232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR]                                                            [F674D730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                           [F674DF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                        [F674D730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                [F674D914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                       [F674D856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                               [F674E0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                       [F674DF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                                   FADCC5E8
IAT             \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                      FADCC2F8
IAT             \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                        [F6761EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
IAT             \SystemRoot\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                     FAC4E2F8

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]              003A0002
IAT             C:\WINDOWS\system32\services.exe[972] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                    003A0000
IAT             C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT             C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1736] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]   [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                    aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Ntfs \Ntfs                                                                                                    FAF901E8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                    aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Fastfat \FatCdrom                                                                                             aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Fastfat \FatCdrom                                                                                             FAAF0430
Device          \Driver\usbstor \Device\0000008e                                                                                          FAE1E430
Device          \Driver\usbstor \Device\0000008f                                                                                          FAE1E430

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                  aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\NetBT \Device\NetBT_Tcpip_{C4C5D9D8-EF89-402D-AE7C-D249AB041AE4}                                                  FA9AD430
Device          \Driver\usbuhci \Device\USBPDO-0                                                                                          FAD101E8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                          FAD101E8
Device          \Driver\usbehci \Device\USBPDO-2                                                                                          FAD031E8
Device          \Driver\usbuhci \Device\USBPDO-3                                                                                          FAD101E8
Device          \Driver\PCI_PNP5646 \Device\00000054                                                                                      sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                          FAD101E8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                 aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                          FAD101E8
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                          FAD101E8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                          FAD031E8
Device          \Driver\Cdrom \Device\CdRom0                                                                                              FADF4430
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4                                                                               [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c                                                                               [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort4                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdePort5                                                                                        [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19                                                                              [F66DDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\Cdrom \Device\CdRom1                                                                                              FADF4430
Device          \Driver\Cdrom \Device\CdRom2                                                                                              FADF4430
Device          \Driver\usbstor \Device\00000090                                                                                          FAE1E430
Device          \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                  FAB9D430
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                   FA9AD430
Device          \Driver\usbstor \Device\00000091                                                                                          FAE1E430
Device          \Driver\usbstor \Device\00000092                                                                                          FAE1E430
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                          FA9AD430

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                 aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                               aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device          \Driver\usbuhci \Device\USBFDO-0                                                                                          FAD101E8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                          FAD101E8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                         FAAAD430
Device          \Driver\usbehci \Device\USBFDO-2                                                                                          FAD031E8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                               FAAAD430
Device          \Driver\usbuhci \Device\USBFDO-3                                                                                          FAD101E8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                          FAD101E8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                          FAD101E8
Device          \Driver\usbstor \Device\0000008b                                                                                          FAE1E430
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                          FAD101E8
Device          \Driver\usbstor \Device\0000008c                                                                                          FAE1E430
Device          \Driver\usbehci \Device\USBFDO-7                                                                                          FAD031E8
Device          \Driver\azu36ve8 \Device\Scsi\azu36ve81Port6Path0Target0Lun0                                                              FAC3A1E8
Device          \Driver\azu36ve8 \Device\Scsi\azu36ve81                                                                                   FAC3A1E8
Device          \FileSystem\Fastfat \Fat                                                                                                  aswSP.SYS (avast! self protection module/AVAST Software)
Device          \FileSystem\Fastfat \Fat                                                                                                  FAAF0430

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                  aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device          \FileSystem\Cdfs \Cdfs                                                                                                    FAC01430

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                           0
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0x31 0x34 0x85 0xEE ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                           C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)             
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                               0xA0 0x68 0x7C 0x9A ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0x2D 0xA2 0x20 0xCE ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                      
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                           0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                           0
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                        0x95 0xA4 0xB9 0xC0 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                           C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)             
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                               0xA0 0x68 0x7C 0x9A ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                  0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)        
Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                          0x81 0xAA 0xCA 0xB6 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                       0x00 0x00 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                       0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                    0x2E 0xE5 0x53 0x1C ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                       C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                 
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                           0xA0 0x68 0x7C 0x9A ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                              0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                            
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                      0xE1 0x04 0x0D 0xD3 ...

---- EOF - GMER 1.0.15 ----

aswMBR

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-19 04:33:37
-----------------------------
04:33:37.328    OS Version: Windows 5.1.2600 Service Pack 3
04:33:37.328    Number of processors: 2 586 0x409
04:33:37.328    ComputerName: *****-37AD7B7B3  UserName: ******
04:33:38.000    Initialize success
04:33:41.515    AVAST engine defs: 12071900
04:34:33.562    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19
04:34:33.562    Disk 0 Vendor: ExcelStor_Technology_J880S PF2OA60A Size: 78533MB BusType: 3
04:34:33.578    Disk 0 MBR read successfully
04:34:33.578    Disk 0 MBR scan
04:34:33.578    Disk 0 Windows XP default MBR code
04:34:33.593    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        78520 MB offset 63
04:34:33.593    Disk 0 scanning sectors +160810650
04:34:33.703    Disk 0 scanning C:\WINDOWS\system32\drivers
04:34:46.593    Service scanning
04:35:01.171    Modules scanning
04:35:08.859    Disk 0 trace - called modules:
04:35:08.890    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys pciide.sys PCIIDEX.SYS 
04:35:08.890    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfaf43ab8]
04:35:08.906    3 CLASSPNP.SYS[f68c7fd7] -> nt!IofCallDriver -> \Device\0000007c[0xfaf089e8]
04:35:08.906    5 ACPI.sys[f6722620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-19[0xfaeedd98]
04:35:09.500    AVAST engine scan C:\WINDOWS
04:35:15.031    AVAST engine scan C:\WINDOWS\system32
04:37:38.218    AVAST engine scan C:\WINDOWS\system32\drivers
04:37:56.796    AVAST engine scan C:\Documents and Settings\******
04:40:25.906    AVAST engine scan C:\Documents and Settings\All Users
04:40:38.953    Scan finished successfully
04:40:46.593    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\******\Bureau\MBR.dat"
04:40:46.593    The log file has been saved successfully to "C:\Documents and Settings\******\Bureau\aswMBR.txt"

Und eine kleine Frage: Seit dem Scan von ComboFix startet der Hintergrundwächter von Avast nicht mehr automatisch, muss jedesmal auf den Avast Shortcut drücken um ihn zu aktivieren (er erscheint auch nicht mehr ihm Startup, wenn ich unter CCleaner überprüfe), ist dies normal/geplannt... und wenn ja, kannst du mir sagen wie ich ihn später wieder als Autorun aktivieren kann (und ab wann)?

cosinus · 19.07.2012, 16:47

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Tenreijo · 20.07.2012, 05:05

Hier sind die Logs von:

SASW

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/20/2012 at 03:28 AM

Application Version : 5.5.1006

Core Rules Database Version : 8930
Trace Rules Database Version: 6742

Scan type       : Complete Scan
Total Scan Time : 01:25:07

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned      : 498
Memory threats detected   : 0
Registry items scanned    : 33958
Registry threats detected : 0
File items scanned        : 90623
File threats detected     : 2

Adware.Tracking Cookie
	.www.burstnet.com [ C:\DOCUMENTS AND SETTINGS\******\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
	.content.yieldmanager.com [ C:\DOCUMENTS AND SETTINGS\******\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

Mbam
(habe wieder den Desktop vom Eingeschränkten Benutzerkonto ausgelassen)

Code:

ATTFilter

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.20.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
****** :: *****-37AD7B7B3 [Administrator]

20/07/2012 04:23:30
mbam-log-2012-07-20 (04-23-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen: 
Durchsuchte Objekte: 276776
Laufzeit: 1 Stunde(n), 9 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 20.07.2012, 15:11

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Tenreijo · 21.07.2012, 10:33

Nein, soweit scheint alles wieder in Ordnung zu sein...

Kann Avast jetzt wieder so eingestellt werden dass er automatisch beim hochfahren startet, und wie mach ich das?

Generell benutze ich Opera oder Firefox mit NoScript, Adblock Plus und lehne Cookies immer zuerst ab und erlaube sie höchstens später wenn nötig. In diesem Fall scheinen sie noch vom vorher installierten Google Chrome übrig geblieben zu sein (schon seit längerer Zeit deinstalliert)

cosinus · 23.07.2012, 12:47

Dann wären wir durch!

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

cosinus · 23.07.2012, 12:47

(sry doppelt)

Tenreijo · 24.07.2012, 11:49

Habe alle Updates gemacht und den Adobe Reader durch PDF Xchange Viewer ersetzt.

Vielen Dank für die Hilfe.

19.07.2012, 16:47	#24
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32:Malware-gen in Datei - beim Versuch, sie auf Virustotal hochzuladen fährt der PC runter Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

23.07.2012, 12:47	#29
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Win32:Malware-gen in Datei - beim Versuch, sie auf Virustotal hochzuladen fährt der PC runter (sry doppelt) __________________ Logfiles bitte immer in CODE-Tags posten

Win32:Malware-gen in Datei - beim Versuch, sie auf Virustotal hochzuladen fährt der PC runter

Plagegeister aller Art und deren Bekämpfung: Win32:Malware-gen in Datei - beim Versuch, sie auf Virustotal hochzuladen fährt der PC runter