Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''

cosinus · 10.10.2012, 12:44

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

giusi92 · 11.10.2012, 20:02

Hallo!
Sry, dass die Antwort erst jetzt kommt...
Hier die neueste Log Datei vom TDSS Scan:

Code:

ATTFilter

20:55:45.0343 1136  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
20:55:46.0031 1136  ============================================================
20:55:46.0031 1136  Current date / time: 2012/10/11 20:55:46.0031
20:55:46.0031 1136  SystemInfo:
20:55:46.0031 1136  
20:55:46.0031 1136  OS Version: 5.1.2600 ServicePack: 3.0
20:55:46.0031 1136  Product type: Workstation
20:55:46.0031 1136  ComputerName: ***
20:55:46.0031 1136  UserName: ***
20:55:46.0031 1136  Windows directory: C:\WINDOWS
20:55:46.0031 1136  System windows directory: C:\WINDOWS
20:55:46.0031 1136  Processor architecture: Intel x86
20:55:46.0031 1136  Number of processors: 2
20:55:46.0031 1136  Page size: 0x1000
20:55:46.0031 1136  Boot type: Normal boot
20:55:46.0031 1136  ============================================================
20:55:56.0843 1136  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:55:56.0984 1136  ============================================================
20:55:56.0984 1136  \Device\Harddisk0\DR0:
20:55:57.0078 1136  MBR partitions:
20:55:57.0078 1136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F608, BlocksNum 0x12461B8C
20:55:57.0078 1136  ============================================================
20:55:58.0078 1136  C: <-> \Device\Harddisk0\DR0\Partition1
20:55:58.0156 1136  ============================================================
20:55:58.0156 1136  Initialize success
20:55:58.0156 1136  ============================================================
20:56:51.0968 2556  ============================================================
20:56:51.0968 2556  Scan started
20:56:51.0968 2556  Mode: Manual; SigCheck; TDLFS; 
20:56:51.0968 2556  ============================================================
20:56:53.0468 2556  ================ Scan system memory ========================
20:56:53.0468 2556  System memory - ok
20:56:53.0468 2556  ================ Scan services =============================
20:56:53.0593 2556  Abiosdsk - ok
20:56:53.0656 2556  [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
20:56:54.0312 2556  abp480n5 - ok
20:56:54.0375 2556  [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:56:54.0531 2556  ACPI - ok
20:56:54.0578 2556  [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
20:56:54.0734 2556  ACPIEC - ok
20:56:54.0812 2556  [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:54.0843 2556  AdobeFlashPlayerUpdateSvc - ok
20:56:54.0875 2556  [ 9A11864873DA202C996558B2106B0BBC ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
20:56:55.0015 2556  adpu160m - ok
20:56:55.0046 2556  [ 8BED39E3C35D6A489438B8141717A557 ] aec             C:\WINDOWS\system32\drivers\aec.sys
20:56:55.0171 2556  aec - ok
20:56:55.0218 2556  [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
20:56:55.0281 2556  AFD - ok
20:56:55.0328 2556  [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
20:56:55.0453 2556  agp440 - ok
20:56:55.0468 2556  [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
20:56:55.0609 2556  agpCPQ - ok
20:56:55.0656 2556  [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
20:56:55.0718 2556  Aha154x - ok
20:56:55.0750 2556  [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
20:56:55.0890 2556  aic78u2 - ok
20:56:55.0906 2556  [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
20:56:56.0031 2556  aic78xx - ok
20:56:56.0093 2556  [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
20:56:56.0250 2556  Alerter - ok
20:56:56.0265 2556  [ 190CD73D4984F94D823F9444980513E5 ] ALG             C:\WINDOWS\System32\alg.exe
20:56:56.0343 2556  ALG - ok
20:56:56.0359 2556  [ 1140AB9938809700B46BB88E46D72A96 ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
20:56:56.0484 2556  AliIde - ok
20:56:56.0500 2556  [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
20:56:56.0625 2556  alim1541 - ok
20:56:56.0640 2556  [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
20:56:56.0765 2556  amdagp - ok
20:56:56.0796 2556  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
20:56:56.0875 2556  amsint - ok
20:56:57.0015 2556  [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Programme\Avira\AntiVir Desktop\avmailc.exe
20:56:57.0046 2556  AntiVirMailService - ok
20:56:57.0093 2556  [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
20:56:57.0109 2556  AntiVirSchedulerService - ok
20:56:57.0156 2556  [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService  C:\Programme\Avira\AntiVir Desktop\avguard.exe
20:56:57.0171 2556  AntiVirService - ok
20:56:57.0234 2556  [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
20:56:57.0265 2556  AntiVirWebService - ok
20:56:57.0375 2556  [ 70D7BE78061126DD0C3ACCDB7E129017 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:57.0406 2556  Apple Mobile Device - ok
20:56:57.0406 2556  AppMgmt - ok
20:56:57.0468 2556  [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:56:57.0593 2556  Arp1394 - ok
20:56:57.0656 2556  [ 62D318E9A0C8FC9B780008E724283707 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
20:56:57.0796 2556  asc - ok
20:56:57.0828 2556  [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
20:56:57.0906 2556  asc3350p - ok
20:56:57.0906 2556  [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
20:56:58.0031 2556  asc3550 - ok
20:56:58.0171 2556  [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:56:58.0203 2556  aspnet_state - ok
20:56:58.0234 2556  [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:56:58.0390 2556  AsyncMac - ok
20:56:58.0406 2556  [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
20:56:58.0562 2556  atapi - ok
20:56:58.0562 2556  Atdisk - ok
20:56:58.0640 2556  [ 4DEAA162480367B232F3EE3A6D34084B ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
20:56:58.0718 2556  Ati HotKey Poller - ok
20:56:58.0781 2556  [ F0D0B0CDEC0BE32D775F404CAC2604BF ] ati2mtag        C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
20:56:58.0828 2556  ati2mtag - ok
20:56:58.0859 2556  [ 9916C1225104BA14794209CFA8012159 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:56:59.0000 2556  Atmarpc - ok
20:56:59.0031 2556  [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
20:56:59.0171 2556  AudioSrv - ok
20:56:59.0203 2556  [ D9F724AA26C010A217C97606B160ED68 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
20:56:59.0343 2556  audstub - ok
20:56:59.0390 2556  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:56:59.0437 2556  avgntflt - ok
20:56:59.0500 2556  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:56:59.0515 2556  avipbb - ok
20:56:59.0546 2556  [ 53E56450DA16A1A7F0D002F511113F67 ] avkmgr          C:\WINDOWS\system32\DRIVERS\avkmgr.sys
20:56:59.0562 2556  avkmgr - ok
20:56:59.0640 2556  [ D16C201E44F7D1F7A65C4D20C6929AF8 ] AVMUNET         C:\WINDOWS\system32\DRIVERS\avmunet.sys
20:56:59.0687 2556  AVMUNET - ok
20:56:59.0734 2556  [ E727776A56A51B7E6B7C87C02EA8B405 ] bcm4sbxp        C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:56:59.0781 2556  bcm4sbxp - ok
20:56:59.0812 2556  [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
20:56:59.0937 2556  Beep - ok
20:57:00.0046 2556  [ D6F603772A789BB3228F310D650B8BD1 ] BITS            C:\WINDOWS\system32\qmgr.dll
20:57:00.0531 2556  BITS - ok
20:57:00.0593 2556  [ B71549F23736ADF83A571061C47777FD ] Browser         C:\WINDOWS\System32\browser.dll
20:57:00.0656 2556  Browser - ok
20:57:00.0703 2556  [ B279426E3C0C344893ED78A613A73BDE ] BthEnum         C:\WINDOWS\system32\DRIVERS\BthEnum.sys
20:57:00.0843 2556  BthEnum - ok
20:57:00.0875 2556  [ FCA6F069597B62D42495191ACE3FC6C1 ] BTHMODEM        C:\WINDOWS\system32\DRIVERS\bthmodem.sys
20:57:01.0031 2556  BTHMODEM - ok
20:57:01.0046 2556  [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan          C:\WINDOWS\system32\DRIVERS\bthpan.sys
20:57:01.0187 2556  BthPan - ok
20:57:01.0234 2556  [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT         C:\WINDOWS\system32\Drivers\BTHport.sys
20:57:01.0296 2556  BTHPORT - ok
20:57:01.0328 2556  [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ         C:\WINDOWS\System32\bthserv.dll
20:57:01.0468 2556  BthServ - ok
20:57:01.0484 2556  [ 61364CD71EF63B0F038B7E9DF00F1EFA ] BTHUSB          C:\WINDOWS\system32\Drivers\BTHUSB.sys
20:57:01.0609 2556  BTHUSB - ok
20:57:01.0671 2556  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
20:57:01.0796 2556  cbidf - ok
20:57:01.0812 2556  [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
20:57:01.0937 2556  cbidf2k - ok
20:57:02.0000 2556  [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:57:02.0125 2556  CCDECODE - ok
20:57:02.0171 2556  [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
20:57:02.0250 2556  cd20xrnt - ok
20:57:02.0296 2556  [ C1B486A7658353D33A10CC15211A873B ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
20:57:02.0421 2556  Cdaudio - ok
20:57:02.0437 2556  [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
20:57:02.0578 2556  Cdfs - ok
20:57:02.0609 2556  [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:57:02.0750 2556  Cdrom - ok
20:57:02.0750 2556  Changer - ok
20:57:02.0812 2556  [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc           C:\WINDOWS\system32\cisvc.exe
20:57:02.0937 2556  CiSvc - ok
20:57:02.0984 2556  [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
20:57:03.0125 2556  ClipSrv - ok
20:57:03.0187 2556  [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:57:03.0359 2556  clr_optimization_v2.0.50727_32 - ok
20:57:03.0421 2556  [ C687F81290303D90099B027A6474F99F ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
20:57:03.0546 2556  CmdIde - ok
20:57:03.0562 2556  COMSysApp - ok
20:57:03.0625 2556  [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
20:57:03.0781 2556  Cpqarray - ok
20:57:03.0828 2556  [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
20:57:03.0953 2556  CryptSvc - ok
20:57:04.0000 2556  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\WINDOWS\system32\DRIVERS\CVirtA.sys
20:57:04.0062 2556  CVirtA - ok
20:57:04.0093 2556  [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
20:57:04.0250 2556  dac2w2k - ok
20:57:04.0265 2556  [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
20:57:04.0390 2556  dac960nt - ok
20:57:04.0437 2556  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
20:57:04.0500 2556  DcomLaunch - ok
20:57:04.0562 2556  [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
20:57:04.0750 2556  Dhcp - ok
20:57:04.0781 2556  [ 044452051F3E02E7963599FC8F4F3E25 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
20:57:04.0921 2556  Disk - ok
20:57:04.0921 2556  dmadmin - ok
20:57:04.0984 2556  [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
20:57:05.0171 2556  dmboot - ok
20:57:05.0203 2556  [ 53720AB12B48719D00E327DA470A619A ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
20:57:05.0343 2556  dmio - ok
20:57:05.0390 2556  [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
20:57:06.0046 2556  dmload - ok
20:57:06.0093 2556  [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver        C:\WINDOWS\System32\dmserver.dll
20:57:06.0234 2556  dmserver - ok
20:57:06.0250 2556  [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
20:57:06.0390 2556  DMusic - ok
20:57:06.0437 2556  [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE             C:\WINDOWS\system32\DRIVERS\dne2000.sys
20:57:06.0468 2556  DNE - ok
20:57:06.0515 2556  [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
20:57:06.0640 2556  Dnscache - ok
20:57:06.0703 2556  [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
20:57:06.0843 2556  Dot3svc - ok
20:57:06.0875 2556  [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20:57:07.0000 2556  dpti2o - ok
20:57:07.0046 2556  [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
20:57:07.0171 2556  drmkaud - ok
20:57:07.0234 2556  [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01     C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
20:57:07.0265 2556  dtsoftbus01 - ok
20:57:07.0281 2556  [ A6DE5342417FEC3C0AA8EFEBB899C431 ] E100B           C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:57:07.0406 2556  E100B - ok
20:57:07.0453 2556  [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost         C:\WINDOWS\System32\eapsvc.dll
20:57:07.0578 2556  EapHost - ok
20:57:07.0625 2556  [ 877C18558D70587AA7823A1A308AC96B ] ERSvc           C:\WINDOWS\System32\ersvc.dll
20:57:07.0765 2556  ERSvc - ok
20:57:07.0812 2556  [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog        C:\WINDOWS\system32\services.exe
20:57:07.0843 2556  Eventlog - ok
20:57:07.0890 2556  [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem     C:\WINDOWS\system32\es.dll
20:57:07.0968 2556  EventSystem - ok
20:57:08.0000 2556  [ 38D332A6D56AF32635675F132548343E ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
20:57:08.0125 2556  Fastfat - ok
20:57:08.0156 2556  [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
20:57:08.0250 2556  FastUserSwitchingCompatibility - ok
20:57:08.0312 2556  [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax             C:\WINDOWS\system32\fxssvc.exe
20:57:08.0468 2556  Fax - ok
20:57:08.0515 2556  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
20:57:08.0640 2556  Fdc - ok
20:57:08.0671 2556  [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
20:57:08.0796 2556  Fips - ok
20:57:08.0828 2556  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:57:08.0953 2556  Flpydisk - ok
20:57:09.0015 2556  [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
20:57:09.0156 2556  FltMgr - ok
20:57:09.0234 2556  [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:57:09.0265 2556  FontCache3.0.0.0 - ok
20:57:09.0312 2556  [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr         C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:57:09.0328 2556  fssfltr - ok
20:57:09.0500 2556  [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc          C:\Programme\Windows Live\Family Safety\fsssvc.exe
20:57:09.0750 2556  fsssvc - ok
20:57:09.0781 2556  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:57:09.0953 2556  Fs_Rec - ok
20:57:10.0015 2556  [ 8F1955CE42E1484714B542F341647778 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:57:10.0187 2556  Ftdisk - ok
20:57:10.0234 2556  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM     C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
20:57:10.0265 2556  GEARAspiWDM - ok
20:57:10.0375 2556  [ 0879DC7444A201DF84E69C5DD5083D61 ] getPlusHelper   C:\Programme\NOS\bin\getPlus_Helper.dll
20:57:10.0562 2556  getPlusHelper - ok
20:57:10.0671 2556  [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:57:10.0796 2556  Gpc - ok
20:57:10.0890 2556  [ F02A533F517EB38333CB12A9E8963773 ] gupdate1c9984e2df4c2fa C:\Programme\Google\Update\GoogleUpdate.exe
20:57:10.0906 2556  gupdate1c9984e2df4c2fa - ok
20:57:10.0906 2556  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Programme\Google\Update\GoogleUpdate.exe
20:57:10.0937 2556  gupdatem - ok
20:57:10.0984 2556  [ 408DDD80EEDE47175F6844817B90213E ] gusvc           C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
20:57:11.0000 2556  gusvc - ok
20:57:11.0093 2556  [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:57:11.0234 2556  helpsvc - ok
20:57:11.0281 2556  [ A5AECF10BE62459533A06ED7EBF5770B ] HidBth          C:\WINDOWS\system32\DRIVERS\hidbth.sys
20:57:11.0406 2556  HidBth - ok
20:57:11.0421 2556  HidServ - ok
20:57:11.0437 2556  [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:57:11.0562 2556  HidUsb - ok
20:57:11.0625 2556  [ ED29F14101523A6E0E808107405D452C ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
20:57:11.0750 2556  hkmsvc - ok
20:57:11.0812 2556  [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
20:57:11.0921 2556  hpn - ok
20:57:11.0984 2556  [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
20:57:12.0046 2556  HTTP - ok
20:57:12.0062 2556  [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
20:57:12.0203 2556  HTTPFilter - ok
20:57:12.0218 2556  [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
20:57:12.0359 2556  i2omgmt - ok
20:57:12.0359 2556  [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
20:57:12.0500 2556  i2omp - ok
20:57:12.0515 2556  [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:57:12.0640 2556  i8042prt - ok
20:57:12.0781 2556  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:57:12.0781 2556  IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:57:12.0781 2556  IDriverT - detected UnsignedFile.Multi.Generic (1)
20:57:12.0890 2556  [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:57:12.0968 2556  idsvc - ok
20:57:13.0000 2556  [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
20:57:13.0140 2556  Imapi - ok
20:57:13.0187 2556  [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService    C:\WINDOWS\system32\imapi.exe
20:57:13.0312 2556  ImapiService - ok
20:57:13.0343 2556  [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
20:57:13.0484 2556  ini910u - ok
20:57:13.0500 2556  [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
20:57:13.0625 2556  IntelIde - ok
20:57:13.0656 2556  [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:57:13.0796 2556  intelppm - ok
20:57:13.0796 2556  [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
20:57:13.0921 2556  Ip6Fw - ok
20:57:13.0953 2556  [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:57:14.0093 2556  IpFilterDriver - ok
20:57:14.0140 2556  [ B87AB476DCF76E72010632B5550955F5 ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:57:14.0265 2556  IpInIp - ok
20:57:14.0312 2556  [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:57:14.0437 2556  IpNat - ok
20:57:14.0500 2556  [ 32CDEDD15E2D1A557CD54552AE78FF86 ] iPod Service    C:\Programme\iPod\bin\iPodService.exe
20:57:14.0562 2556  iPod Service - ok
20:57:14.0625 2556  [ 23C74D75E36E7158768DD63D92789A91 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:57:14.0750 2556  IPSec - ok
20:57:14.0781 2556  [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
20:57:14.0859 2556  IRENUM - ok
20:57:14.0875 2556  [ 6DFB88F64135C525433E87648BDA30DE ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:57:15.0000 2556  isapnp - ok
20:57:15.0109 2556  [ 1834C96FB1F9280BCF6DDFA6DE8338BF ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
20:57:15.0140 2556  JavaQuickStarterService - ok
20:57:15.0156 2556  [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:57:15.0296 2556  Kbdclass - ok
20:57:15.0328 2556  [ B6D6C117D771C98130497265F26D1882 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:57:15.0468 2556  kbdhid - ok
20:57:15.0484 2556  [ 692BCF44383D056AED41B045A323D378 ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
20:57:15.0609 2556  kmixer - ok
20:57:15.0671 2556  [ B467646C54CC746128904E1654C750C1 ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
20:57:15.0812 2556  KSecDD - ok
20:57:15.0859 2556  [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
20:57:15.0890 2556  lanmanserver - ok
20:57:15.0937 2556  [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
20:57:16.0000 2556  lanmanworkstation - ok
20:57:16.0015 2556  lbrtfdc - ok
20:57:16.0062 2556  [ 454B6C19C69EA71E83BE967AB5444C55 ] litsgt          C:\WINDOWS\system32\DRIVERS\litsgt.sys
20:57:16.0093 2556  litsgt ( UnsignedFile.Multi.Generic ) - warning
20:57:16.0093 2556  litsgt - detected UnsignedFile.Multi.Generic (1)
20:57:16.0125 2556  [ 636714B7D43C8D0C80449123FD266920 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
20:57:16.0265 2556  LmHosts - ok
20:57:16.0343 2556  [ 2261D7CC31D0309F6ED72923FF82DF50 ] lxdxCATSCustConnectService C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
20:57:16.0406 2556  lxdxCATSCustConnectService - ok
20:57:16.0421 2556  lxdx_device - ok
20:57:16.0453 2556  mchInjDrv - ok
20:57:16.0468 2556  [ B7550A7107281D170CE85524B1488C98 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
20:57:16.0609 2556  Messenger - ok
20:57:16.0656 2556  [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
20:57:16.0781 2556  mnmdd - ok
20:57:16.0828 2556  [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
20:57:16.0968 2556  mnmsrvc - ok
20:57:17.0015 2556  [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
20:57:17.0140 2556  Modem - ok
20:57:17.0203 2556  [ A54ABBDA4EE2FDAE15D4E1EE7AB788A1 ] MotDev          C:\WINDOWS\system32\DRIVERS\motodrv.sys
20:57:17.0265 2556  MotDev - ok
20:57:17.0312 2556  [ 37E5A8C7F9A3B38F113B71EC7CE34F92 ] motmodem        C:\WINDOWS\system32\DRIVERS\motmodem.sys
20:57:17.0500 2556  motmodem - ok
20:57:17.0531 2556  [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:57:17.0656 2556  Mouclass - ok
20:57:17.0703 2556  [ 66A6F73C74E1791464160A7065CE711A ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:57:17.0828 2556  mouhid - ok
20:57:17.0843 2556  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
20:57:17.0984 2556  MountMgr - ok
20:57:18.0031 2556  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
20:57:18.0062 2556  MozillaMaintenance - ok
20:57:18.0093 2556  [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
20:57:18.0218 2556  mraid35x - ok
20:57:18.0250 2556  [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:57:18.0375 2556  MRxDAV - ok
20:57:18.0421 2556  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:57:18.0500 2556  MRxSmb - ok
20:57:18.0562 2556  [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
20:57:18.0734 2556  MSDTC - ok
20:57:18.0750 2556  [ C941EA2454BA8350021D774DAF0F1027 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
20:57:18.0875 2556  Msfs - ok
20:57:18.0890 2556  MSIServer - ok
20:57:18.0937 2556  [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:57:19.0062 2556  MSKSSRV - ok
20:57:19.0078 2556  [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:57:19.0218 2556  MSPCLOCK - ok
20:57:19.0234 2556  [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
20:57:19.0359 2556  MSPQM - ok
20:57:19.0406 2556  [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:57:19.0531 2556  mssmbios - ok
20:57:19.0562 2556  [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE           C:\WINDOWS\system32\drivers\MSTEE.sys
20:57:19.0750 2556  MSTEE - ok
20:57:19.0796 2556  [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
20:57:19.0828 2556  Mup - ok
20:57:19.0843 2556  [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC        C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:57:19.0984 2556  NABTSFEC - ok
20:57:20.0031 2556  [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent        C:\WINDOWS\System32\qagentrt.dll
20:57:20.0437 2556  napagent - ok
20:57:20.0484 2556  [ 1DF7F42665C94B825322FAE71721130D ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
20:57:20.0625 2556  NDIS - ok
20:57:20.0656 2556  [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP          C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:57:20.0781 2556  NdisIP - ok
20:57:20.0828 2556  [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:57:20.0875 2556  NdisTapi - ok
20:57:20.0890 2556  [ F927A4434C5028758A842943EF1A3849 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:57:21.0015 2556  Ndisuio - ok
20:57:21.0046 2556  [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:57:21.0171 2556  NdisWan - ok
20:57:21.0234 2556  [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
20:57:21.0296 2556  NDProxy - ok
20:57:21.0328 2556  [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
20:57:21.0453 2556  NetBIOS - ok
20:57:21.0484 2556  [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
20:57:21.0625 2556  NetBT - ok
20:57:21.0671 2556  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE          C:\WINDOWS\system32\netdde.exe
20:57:21.0812 2556  NetDDE - ok
20:57:21.0812 2556  [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
20:57:21.0937 2556  NetDDEdsdm - ok
20:57:21.0984 2556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon        C:\WINDOWS\system32\lsass.exe
20:57:22.0109 2556  Netlogon - ok
20:57:22.0125 2556  [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman          C:\WINDOWS\System32\netman.dll
20:57:22.0265 2556  Netman - ok
20:57:22.0312 2556  [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:57:22.0359 2556  NetTcpPortSharing - ok
20:57:22.0390 2556  [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:57:22.0515 2556  NIC1394 - ok
20:57:22.0562 2556  [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla             C:\WINDOWS\System32\mswsock.dll
20:57:22.0640 2556  Nla - ok
20:57:22.0687 2556  [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
20:57:22.0812 2556  Npfs - ok
20:57:22.0843 2556  [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
20:57:23.0015 2556  Ntfs - ok
20:57:23.0046 2556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
20:57:23.0171 2556  NtLmSsp - ok
20:57:23.0296 2556  [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
20:57:23.0437 2556  NtmsSvc - ok
20:57:23.0468 2556  [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null            C:\WINDOWS\system32\drivers\Null.sys
20:57:23.0593 2556  Null - ok
20:57:23.0703 2556  [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:57:23.0984 2556  nv - ok
20:57:24.0031 2556  [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:57:24.0156 2556  NwlnkFlt - ok
20:57:24.0218 2556  [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:57:24.0343 2556  NwlnkFwd - ok
20:57:24.0390 2556  [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:57:24.0531 2556  ohci1394 - ok
20:57:24.0578 2556  [ 53D5F1278D9EDB21689BBBCECC09108D ] omci            C:\WINDOWS\system32\DRIVERS\omci.sys
20:57:24.0578 2556  omci ( UnsignedFile.Multi.Generic ) - warning
20:57:24.0578 2556  omci - detected UnsignedFile.Multi.Generic (1)
20:57:24.0609 2556  [ F84785660305B9B903FB3BCA8BA29837 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
20:57:24.0734 2556  Parport - ok
20:57:24.0765 2556  [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
20:57:24.0890 2556  PartMgr - ok
20:57:24.0937 2556  [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
20:57:25.0062 2556  ParVdm - ok
20:57:25.0109 2556  [ FD2041E9BA03DB7764B2248F02475079 ] pccsmcfd        C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:57:25.0171 2556  pccsmcfd - ok
20:57:25.0187 2556  [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
20:57:25.0312 2556  PCI - ok
20:57:25.0328 2556  PCIDump - ok
20:57:25.0359 2556  [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
20:57:25.0484 2556  PCIIde - ok
20:57:25.0515 2556  [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
20:57:25.0640 2556  Pcmcia - ok
20:57:25.0656 2556  PDCOMP - ok
20:57:25.0656 2556  PDFRAME - ok
20:57:25.0671 2556  PDRELI - ok
20:57:25.0687 2556  PDRFRAME - ok
20:57:25.0718 2556  [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
20:57:25.0843 2556  perc2 - ok
20:57:25.0859 2556  [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
20:57:25.0984 2556  perc2hib - ok
20:57:26.0046 2556  [ 5C08D25808A7ED574102EA832FBB1400 ] PIXMCV          C:\WINDOWS\system32\Drivers\pixmcvc.sys
20:57:26.0093 2556  PIXMCV ( UnsignedFile.Multi.Generic ) - warning
20:57:26.0093 2556  PIXMCV - detected UnsignedFile.Multi.Generic (1)
20:57:26.0140 2556  [ 2CECAD203ADED777E8A46E2A01971147 ] PIXMCVA         C:\WINDOWS\system32\Drivers\pixmcva.sys
20:57:26.0140 2556  PIXMCVA ( UnsignedFile.Multi.Generic ) - warning
20:57:26.0140 2556  PIXMCVA - detected UnsignedFile.Multi.Generic (1)
20:57:26.0203 2556  [ 2BDEEF8B900E18DE526AE8586CE6C680 ] PIXMCVV         C:\WINDOWS\system32\Drivers\pixmcvv.sys
20:57:26.0203 2556  PIXMCVV ( UnsignedFile.Multi.Generic ) - warning
20:57:26.0203 2556  PIXMCVV - detected UnsignedFile.Multi.Generic (1)
20:57:26.0250 2556  [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay        C:\WINDOWS\system32\services.exe
20:57:26.0265 2556  PlugPlay - ok
20:57:26.0312 2556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
20:57:26.0437 2556  PolicyAgent - ok
20:57:26.0500 2556  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:57:26.0625 2556  PptpMiniport - ok
20:57:26.0625 2556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
20:57:26.0750 2556  ProtectedStorage - ok
20:57:26.0781 2556  [ 09298EC810B07E5D582CB3A3F9255424 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
20:57:26.0906 2556  PSched - ok
20:57:26.0921 2556  [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:57:27.0046 2556  Ptilink - ok
20:57:27.0078 2556  [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:57:27.0093 2556  PxHelp20 - ok
20:57:27.0125 2556  [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
20:57:27.0281 2556  ql1080 - ok
20:57:27.0296 2556  [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
20:57:27.0437 2556  Ql10wnt - ok
20:57:27.0453 2556  [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
20:57:27.0562 2556  ql12160 - ok
20:57:27.0578 2556  [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
20:57:27.0734 2556  ql1240 - ok
20:57:27.0750 2556  [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
20:57:27.0875 2556  ql1280 - ok
20:57:27.0921 2556  [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:57:28.0031 2556  RasAcd - ok
20:57:28.0093 2556  [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
20:57:28.0218 2556  RasAuto - ok
20:57:28.0250 2556  [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:57:28.0375 2556  Rasl2tp - ok
20:57:28.0437 2556  [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan          C:\WINDOWS\System32\rasmans.dll
20:57:28.0562 2556  RasMan - ok
20:57:28.0593 2556  [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:57:28.0718 2556  RasPppoe - ok
20:57:28.0734 2556  [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
20:57:28.0875 2556  Raspti - ok
20:57:28.0890 2556  [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:57:29.0015 2556  Rdbss - ok
20:57:29.0031 2556  [ 4912D5B403614CE99C28420F75353332 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:57:29.0156 2556  RDPCDD - ok
20:57:29.0234 2556  [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:57:29.0359 2556  rdpdr - ok
20:57:29.0421 2556  [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
20:57:29.0484 2556  RDPWD - ok
20:57:29.0531 2556  [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
20:57:29.0656 2556  RDSessMgr - ok
20:57:29.0671 2556  [ ED761D453856F795A7FE056E42C36365 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
20:57:29.0812 2556  redbook - ok
20:57:29.0859 2556  [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
20:57:29.0984 2556  RemoteAccess - ok
20:57:30.0031 2556  [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM          C:\WINDOWS\system32\DRIVERS\rfcomm.sys
20:57:30.0156 2556  RFCOMM - ok
20:57:30.0218 2556  [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator      C:\WINDOWS\system32\locator.exe
20:57:30.0375 2556  RpcLocator - ok
20:57:30.0406 2556  [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs           C:\WINDOWS\system32\rpcss.dll
20:57:30.0453 2556  RpcSs - ok
20:57:30.0500 2556  [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP            C:\WINDOWS\system32\rsvp.exe
20:57:30.0656 2556  RSVP - ok
20:57:30.0687 2556  [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs           C:\WINDOWS\system32\lsass.exe
20:57:30.0812 2556  SamSs - ok
20:57:30.0828 2556  [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
20:57:30.0953 2556  SCardSvr - ok
20:57:31.0000 2556  [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule        C:\WINDOWS\system32\schedsvc.dll
20:57:31.0125 2556  Schedule - ok
20:57:31.0187 2556  [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:57:31.0250 2556  Secdrv - ok
20:57:31.0281 2556  [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon        C:\WINDOWS\System32\seclogon.dll
20:57:31.0406 2556  seclogon - ok
20:57:31.0437 2556  [ E5B56569A9F79B70314FEDE6C953641E ] seehcri         C:\WINDOWS\system32\DRIVERS\seehcri.sys
20:57:31.0484 2556  seehcri - ok
20:57:31.0562 2556  [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt         C:\WINDOWS\system32\drivers\senfilt.sys
20:57:31.0656 2556  senfilt - ok
20:57:31.0687 2556  [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS            C:\WINDOWS\system32\sens.dll
20:57:31.0812 2556  SENS - ok
20:57:31.0859 2556  [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
20:57:32.0000 2556  serenum - ok
20:57:32.0015 2556  [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
20:57:32.0140 2556  Serial - ok
20:57:32.0140 2556  ServiceLayer - ok
20:57:32.0203 2556  [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
20:57:32.0328 2556  Sfloppy - ok
20:57:32.0343 2556  [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
20:57:32.0375 2556  ShellHWDetection - ok
20:57:32.0375 2556  Simbad - ok
20:57:32.0437 2556  [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
20:57:32.0562 2556  sisagp - ok
20:57:32.0625 2556  [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP            C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:57:32.0734 2556  SLIP - ok
20:57:32.0781 2556  [ 86C4D93B7B7818D066C52FDB03C6C921 ] smwdm           C:\WINDOWS\system32\drivers\smwdm.sys
20:57:32.0796 2556  smwdm - ok
20:57:33.0109 2556  [ 3708EFBAA0C3899430565E1D700F07C6 ] SNPSTD3         C:\WINDOWS\system32\DRIVERS\snpstd3.sys
20:57:33.0671 2556  SNPSTD3 - ok
20:57:33.0734 2556  [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
20:57:33.0812 2556  Sparrow - ok
20:57:33.0828 2556  SplashtopRemoteService - ok
20:57:33.0875 2556  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
20:57:34.0000 2556  splitter - ok
20:57:34.0062 2556  [ 60784F891563FB1B767F70117FC2428F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
20:57:34.0125 2556  Spooler - ok
20:57:34.0140 2556  [ 50FA898F8C032796D3B1B9951BB5A90F ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
20:57:34.0218 2556  sr - ok
20:57:34.0281 2556  [ FE77A85495065F3AD59C5C65B6C54182 ] srservice       C:\WINDOWS\system32\srsvc.dll
20:57:34.0359 2556  srservice - ok
20:57:34.0421 2556  [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
20:57:34.0484 2556  Srv - ok
20:57:34.0546 2556  [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
20:57:34.0625 2556  SSDPSRV - ok
20:57:34.0687 2556  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:57:34.0703 2556  ssmdrv - ok
20:57:34.0703 2556  SSUService - ok
20:57:34.0765 2556  [ BC2C5985611C5356B24AEB370953DED9 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
20:57:34.0937 2556  stisvc - ok
20:57:34.0984 2556  [ 77813007BA6265C4B6098187E6ED79D2 ] streamip        C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:57:35.0125 2556  streamip - ok
20:57:35.0140 2556  [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
20:57:35.0265 2556  swenum - ok
20:57:35.0296 2556  [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
20:57:35.0421 2556  swmidi - ok
20:57:35.0437 2556  SwPrv - ok
20:57:35.0484 2556  [ 1FF3217614018630D0A6758630FC698C ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
20:57:35.0593 2556  symc810 - ok
20:57:35.0640 2556  [ 070E001D95CF725186EF8B20335F933C ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
20:57:35.0765 2556  symc8xx - ok
20:57:35.0781 2556  [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
20:57:35.0906 2556  sym_hi - ok
20:57:35.0906 2556  [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
20:57:36.0031 2556  sym_u3 - ok
20:57:36.0046 2556  [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
20:57:36.0171 2556  sysaudio - ok
20:57:36.0234 2556  [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
20:57:36.0359 2556  SysmonLog - ok
20:57:36.0390 2556  [ 65E9377BEDDBA680DA9034DA3ED44725 ] tansgt          C:\WINDOWS\system32\DRIVERS\tansgt.sys
20:57:36.0406 2556  tansgt ( UnsignedFile.Multi.Generic ) - warning
20:57:36.0406 2556  tansgt - detected UnsignedFile.Multi.Generic (1)
20:57:36.0437 2556  [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
20:57:36.0562 2556  TapiSrv - ok
20:57:36.0640 2556  [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:57:36.0718 2556  Tcpip - ok
20:57:36.0734 2556  [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
20:57:36.0875 2556  TDPIPE - ok
20:57:36.0890 2556  [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
20:57:37.0015 2556  TDTCP - ok
20:57:37.0031 2556  [ 88155247177638048422893737429D9E ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
20:57:37.0171 2556  TermDD - ok
20:57:37.0250 2556  [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService     C:\WINDOWS\System32\termsrv.dll
20:57:37.0375 2556  TermService - ok
20:57:37.0421 2556  [ 2DB7D303C36DDD055215052F118E8E75 ] Themes          C:\WINDOWS\System32\shsvcs.dll
20:57:37.0437 2556  Themes - ok
20:57:37.0468 2556  [ D213A9247DC347F305A2D4CC9B951487 ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
20:57:37.0593 2556  TosIde - ok
20:57:37.0640 2556  [ 626504572B175867F30F3215C04B3E2F ] TrkWks          C:\WINDOWS\system32\trkwks.dll
20:57:37.0781 2556  TrkWks - ok
20:57:37.0875 2556  [ 43887BDFF7468A55708228CC3319D265 ] TUWinStylerThemeSvc C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
20:57:37.0890 2556  TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - warning
20:57:37.0890 2556  TUWinStylerThemeSvc - detected UnsignedFile.Multi.Generic (1)
20:57:37.0937 2556  [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
20:57:38.0062 2556  Udfs - ok
20:57:38.0109 2556  [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
20:57:38.0171 2556  ultra - ok
20:57:38.0265 2556  [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
20:57:38.0390 2556  Update - ok
20:57:38.0421 2556  [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost        C:\WINDOWS\System32\upnphost.dll
20:57:38.0515 2556  upnphost - ok
20:57:38.0515 2556  upperdev - ok
20:57:38.0546 2556  [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS             C:\WINDOWS\System32\ups.exe
20:57:38.0671 2556  UPS - ok
20:57:38.0734 2556  [ 4B8A9C16B6D9258ED99C512AECB8C555 ] USBAAPL         C:\WINDOWS\system32\Drivers\usbaapl.sys
20:57:38.0765 2556  USBAAPL - ok
20:57:38.0812 2556  [ E919708DB44ED8543A7C017953148330 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
20:57:38.0937 2556  usbaudio - ok
20:57:38.0937 2556  usbbus - ok
20:57:38.0968 2556  [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:57:39.0093 2556  usbccgp - ok
20:57:39.0109 2556  [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:57:39.0250 2556  usbehci - ok
20:57:39.0312 2556  [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:57:39.0421 2556  usbhub - ok
20:57:39.0437 2556  USBModem - ok
20:57:39.0453 2556  [ A717C8721046828520C9EDF31288FC00 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:57:39.0593 2556  usbprint - ok
20:57:39.0609 2556  [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:57:39.0765 2556  usbscan - ok
20:57:39.0796 2556  [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:57:39.0937 2556  USBSTOR - ok
20:57:39.0953 2556  [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:57:40.0078 2556  usbuhci - ok
20:57:40.0078 2556  [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
20:57:40.0218 2556  VgaSave - ok
20:57:40.0265 2556  [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
20:57:40.0390 2556  viaagp - ok
20:57:40.0406 2556  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
20:57:40.0515 2556  ViaIde - ok
20:57:40.0531 2556  [ A5A712F4E880874A477AF790B5186E1D ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
20:57:40.0656 2556  VolSnap - ok
20:57:40.0703 2556  [ 68F106273BE29E7B7EF8266977268E78 ] VSS             C:\WINDOWS\System32\vssvc.exe
20:57:40.0781 2556  VSS - ok
20:57:40.0812 2556  [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time         C:\WINDOWS\system32\w32time.dll
20:57:40.0937 2556  w32time - ok
20:57:40.0953 2556  [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:57:41.0078 2556  Wanarp - ok
20:57:41.0140 2556  [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
20:57:41.0171 2556  Wdf01000 - ok
20:57:41.0187 2556  WDICA - ok
20:57:41.0234 2556  [ 6768ACF64B18196494413695F0C3A00F ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
20:57:41.0359 2556  wdmaud - ok
20:57:41.0390 2556  [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient       C:\WINDOWS\System32\webclnt.dll
20:57:41.0515 2556  WebClient - ok
20:57:41.0609 2556  [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
20:57:41.0734 2556  winmgmt - ok
20:57:41.0812 2556  [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN        C:\WINDOWS\system32\MsPMSNSv.dll
20:57:41.0921 2556  WmdmPmSN - ok
20:57:41.0937 2556  [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
20:57:42.0078 2556  WmiApSrv - ok
20:57:42.0187 2556  [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc   C:\Programme\Windows Media Player\WMPNetwk.exe
20:57:42.0265 2556  WMPNetworkSvc - ok
20:57:42.0312 2556  [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb          C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:57:42.0343 2556  WpdUsb - ok
20:57:42.0375 2556  [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:57:42.0500 2556  WS2IFSL - ok
20:57:42.0515 2556  WSearch - ok
20:57:42.0578 2556  [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC        C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:57:42.0765 2556  WSTCODEC - ok
20:57:42.0812 2556  [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
20:57:42.0968 2556  wuauserv - ok
20:57:43.0031 2556  [ 50EB9E21963B4F06FD010D007D54351B ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:57:43.0125 2556  WudfPf - ok
20:57:43.0140 2556  [ 6E209664BDEA8A15B5E8E480D6C607C2 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:57:43.0218 2556  WudfRd - ok
20:57:43.0250 2556  [ AE93084D2D236887BA56467AE42B4955 ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
20:57:43.0296 2556  WudfSvc - ok
20:57:43.0390 2556  [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
20:57:43.0609 2556  WZCSVC - ok
20:57:43.0656 2556  [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
20:57:43.0812 2556  xmlprov - ok
20:57:43.0843 2556  ================ Scan global ===============================
20:57:43.0890 2556  [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
20:57:43.0937 2556  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:57:43.0968 2556  [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
20:57:43.0984 2556  [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
20:57:43.0984 2556  [Global] - ok
20:57:43.0984 2556  ================ Scan MBR ==================================
20:57:44.0031 2556  [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
20:57:44.0328 2556  \Device\Harddisk0\DR0 - ok
20:57:44.0328 2556  ================ Scan VBR ==================================
20:57:44.0328 2556  [ 435D63F53EE27A3881F8B7D8414C7087 ] \Device\Harddisk0\DR0\Partition1
20:57:44.0328 2556  \Device\Harddisk0\DR0\Partition1 - ok
20:57:44.0328 2556  ============================================================
20:57:44.0328 2556  Scan finished
20:57:44.0328 2556  ============================================================
20:57:44.0453 1008  Detected object count: 8
20:57:44.0453 1008  Actual detected object count: 8
20:58:04.0671 1008  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0671 1008  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0671 1008  litsgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0671 1008  litsgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  omci ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0687 1008  omci ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  PIXMCV ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0687 1008  PIXMCV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  PIXMCVA ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0687 1008  PIXMCVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  PIXMCVV ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0687 1008  PIXMCVV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  tansgt ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0687 1008  tansgt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:58:04.0687 1008  TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:58:04.0703 1008  TUWinStylerThemeSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 12.10.2012, 10:29

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

giusi92 · 12.10.2012, 12:47

Hab ComboFix jetzt durchlaufen lassen....Anscheinend habe ich Avira nicht deaktiviert, obwohl ich es deaktiviert habe^^ kann mir leider nicht erklären, warum ComboFix mir gesagt hat, dass es noch aktiv sei....aufjedenfall ist hier die neueste Log Datei:

Code:

ATTFilter

ComboFix 12-10-12.01 - Vittorio 12.10.2012  14:09:54.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1022.427 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *Disabled/Updated* {85A325E4-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00000246-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {00007FFD-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85F3E2DC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {85FA5C44-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860714E4-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860787AC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860A3DDC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {860D16B4-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8612265C-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86230DDC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8625ADDC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86273054-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862A977C-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862D4C1C-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {862EDB5C-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86304B14-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86324394-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8637CDDC-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {863B1554-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {86403764-FFA4-0105-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *Enabled/Updated* {8663E054-FFA4-0105-0D24-347CA8A3377C}
AV: Avira Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\AdobeDLM.log
c:\dokumente und einstellungen\Vittorio\WINDOWS
c:\programme\xp-AntiSpy
c:\programme\xp-AntiSpy\sponsoring\ebay.ico
c:\programme\xp-AntiSpy\sponsoring\ebay_hover.ico
c:\programme\xp-AntiSpy\uninst.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.chm
c:\programme\xp-AntiSpy\xp-AntiSpy.exe
c:\programme\xp-AntiSpy\xp-AntiSpy.url
c:\temp\17o7
c:\temp\17o7\tmpTF.log
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\smpi1
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\FUSION.DLL
c:\windows\system32\URTTemp\MSCOREE.DLL
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\MSCORSN.DLL
c:\windows\system32\URTTemp\MSCORWKS.DLL
c:\windows\system32\URTTemp\MSVCR71.DLL
c:\windows\system32\URTTemp\REGTLIB.EXE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-12 bis 2012-10-12  ))))))))))))))))))))))))))))))
.
.
2012-10-10 06:12 . 2012-10-10 06:12	--------	d-----w-	C:\_OTL
2012-10-06 06:06 . 2012-10-06 06:06	--------	d-----w-	c:\programme\ESET
2012-10-02 21:26 . 2012-10-02 21:26	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-10-02 21:25 . 2012-10-02 21:25	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-10-02 21:25 . 2012-10-02 21:25	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-10-02 21:25 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-02 20:58 . 2012-10-02 20:58	--------	d-----w-	c:\dokumente und einstellungen\Administrator.FAMILIEN-PC\Anwendungsdaten\Avira
2012-10-02 20:58 . 2012-10-02 20:58	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator.FAMILIEN-PC\IETldCache
2012-09-21 12:37 . 2012-09-21 12:37	--------	d-----w-	c:\dokumente und einstellungen\***.***\Anwendungsdaten\Avira
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 13:38 . 2012-06-27 06:03	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-21 13:38 . 2011-05-28 05:48	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-01 05:53 . 2012-09-01 07:32	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-09-01 05:53 . 2012-09-01 07:32	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-09-01 05:52 . 2012-09-01 07:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-08-28 15:05 . 2004-08-17 12:07	916992	----a-w-	c:\windows\system32\wininet.dll
2012-08-28 15:05 . 2004-08-17 11:56	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-08-28 15:05 . 2004-08-17 11:55	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-17 11:55	385024	----a-w-	c:\windows\system32\html.iec
2012-08-24 13:53 . 2004-08-17 12:07	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-08-23 07:15 . 2012-08-31 09:54	7022536	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\{113685DD-4832-4A52-AA3B-B4A114D8B467}\mpengine.dll
2012-08-23 07:15 . 2006-10-07 19:23	7022536	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-08-23 06:26 . 2004-08-17 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-23 06:26 . 2004-08-04 00:50	2030080	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-08-10 11:11 . 2012-08-10 11:11	242240	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-30 12:16 . 2012-08-10 17:25	4659712	----a-w-	c:\windows\system32\Redemption.dll
2012-07-30 12:16 . 2012-07-30 12:16	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2012-07-30 12:16 . 2012-07-30 12:16	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2012-07-30 12:16 . 2012-07-30 12:16	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2012-07-30 12:16 . 2012-07-30 12:16	569344	----a-w-	c:\windows\system32\muzdecode.ax
2012-07-30 12:16 . 2012-07-30 12:16	491520	----a-w-	c:\windows\system32\muzapp.dll
2012-07-30 12:16 . 2012-07-30 12:16	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2012-07-30 12:16 . 2012-07-30 12:16	45320	----a-w-	c:\windows\system32\MAMACExtract.dll
2012-07-30 12:16 . 2012-07-30 12:16	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2012-07-30 12:16 . 2012-07-30 12:16	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2012-07-30 12:16 . 2012-07-30 12:16	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2012-07-30 12:16 . 2012-07-30 12:16	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2012-07-30 12:16 . 2012-07-30 12:16	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2012-07-30 12:16 . 2012-07-30 12:16	245760	----a-w-	c:\windows\system32\MSCLib.dll
2012-07-30 12:16 . 2012-07-30 12:16	24576	----a-w-	c:\windows\system32\MASetupCleaner.exe
2012-07-30 12:16 . 2012-07-30 12:16	200704	----a-w-	c:\windows\system32\muzwmts.dll
2012-07-30 12:16 . 2012-07-30 12:16	155648	----a-w-	c:\windows\system32\MSFLib.dll
2012-07-30 12:16 . 2012-07-30 12:16	143360	----a-w-	c:\windows\system32\3DAudio.ax
2012-07-30 12:16 . 2012-07-30 12:16	135168	----a-w-	c:\windows\system32\muzaf1.dll
2012-07-30 12:16 . 2012-07-30 12:16	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2012-07-30 12:16 . 2012-07-30 12:16	122880	----a-w-	c:\windows\system32\muzeffect.ax
2012-07-30 12:16 . 2012-07-30 12:16	118784	----a-w-	c:\windows\system32\MaDRM.dll
2012-07-30 12:16 . 2012-07-30 12:16	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2008-02-25 17:09 . 2008-10-02 14:01	852080	-c--a-w-	c:\programme\AudioRecorder.exe
2006-01-12 17:38 . 2007-01-12 20:46	63128	----a-w-	c:\programme\internet explorer\plugins\AcroIEHelper.dll
2006-05-16 18:31 . 2007-01-12 20:46	296584	----a-w-	c:\programme\internet explorer\plugins\AcroPDF.dll
2004-12-13 23:15 . 2007-01-12 20:46	67192	----a-w-	c:\programme\internet explorer\plugins\GbDetect.dll
2004-12-13 23:20 . 2007-01-12 20:46	110592	----a-w-	c:\programme\internet explorer\plugins\pdfshell.dll
2012-09-07 19:52 . 2012-09-07 19:52	266720	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-09-01 348664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\dokumente und einstellungen\Vittorio\Startmenü\Programme\Autostart\
Dropbox.lnk - c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
Picture Motion Browser Medien-Prüfung.lnk - c:\programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2011-12-9 368640]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableClock"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoMultiIE"= 0 (0x0)
"LWA"= 0 (0x0)
"LWB"= 0 (0x0)
"LWC"= 0 (0x0)
"LWD"= 0 (0x0)
"LWE"= 0 (0x0)
"LWF"= 0 (0x0)
"LWG"= 0 (0x0)
"LWH"= 0 (0x0)
"LWI"= 0 (0x0)
"LWJ"= 0 (0x0)
"LWK"= 0 (0x0)
"LWL"= 0 (0x0)
"LWM"= 0 (0x0)
"LWN"= 0 (0x0)
"LWO"= 0 (0x0)
"LWP"= 0 (0x0)
"LWQ"= 0 (0x0)
"LWR"= 0 (0x0)
"LWS"= 0 (0x0)
"LWT"= 0 (0x0)
"LWU"= 0 (0x0)
"LWV"= 0 (0x0)
"LWW"= 0 (0x0)
"LWX"= 0 (0x0)
"LWY"= 0 (0x0)
"LWZ"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programme\Messenger\msmsgs.exe" /background
"swg"=c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"EPSON Stylus Photo RX420 Series (Kopie 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Kopie 1)" /O6 "USB001" /M "Stylus Photo RX420"
"EPSON Stylus Photo RX420 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
"DVDLauncher"="c:\programme\CyberLink\PowerDVD\DVDLauncher.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SoundMAXPnP"=c:\programme\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"WinSvr"=c:\windows\system32\WinSvr.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"IMEKRMIG6.1"=c:\windows\ime\imkr6_1\IMEKRMIG.EXE
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
"snpstd3"=c:\windows\vsnpstd3.exe
"tsnpstd3"=c:\windows\tsnpstd3.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Windows Defender"="c:\programme\Windows Defender\MSASCui.exe" -hide
"AppleSyncNotifier"=c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
.
R1 avkmgr;avkmgr;c:\windows\SYSTEM32\DRIVERS\avkmgr.sys [01.09.2012 09:32 36000]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\SYSTEM32\DRIVERS\dtsoftbus01.sys [10.08.2012 13:11 242240]
R2 AntiVirMailService;Avira Email Schutz;c:\programme\Avira\AntiVir Desktop\avmailc.exe [01.09.2012 09:32 375760]
R2 AntiVirSchedulerService;Avira Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [01.09.2012 09:32 86224]
R2 AntiVirWebService;Avira Browser Schutz;c:\programme\Avira\AntiVir Desktop\avwebgrd.exe [01.09.2012 09:32 465360]
R2 litsgt;litsgt;c:\windows\SYSTEM32\DRIVERS\litsgt.sys [07.02.2008 23:16 137344]
R2 tansgt;tansgt;c:\windows\SYSTEM32\DRIVERS\tansgt.sys [07.02.2008 23:16 12032]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\SYSTEM32\DRIVERS\seehcri.sys [06.09.2009 13:35 27632]
S2 gupdate1c9984e2df4c2fa;Google Update Service (gupdate1c9984e2df4c2fa);c:\programme\Google\Update\GoogleUpdate.exe [25.06.2011 11:41 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [27.06.2012 08:03 250288]
S3 AVMUNET;AVM FRITZ!Box;c:\windows\SYSTEM32\DRIVERS\avmunet.sys [09.02.2005 13:16 16384]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [25.06.2011 11:41 136176]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [11.04.2007 20:30 40832]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\SYSTEM32\DRIVERS\pixmcvc.sys [22.04.2005 17:58 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:\windows\SYSTEM32\DRIVERS\pixmcva.sys [23.04.2005 19:32 28057]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:\windows\SYSTEM32\DRIVERS\pixmcvv.sys [23.04.2005 19:31 21081]
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-06 c:\windows\Tasks\1-Klick-Wartung.job
- c:\programme\TuneUp Utilities 2004\SystemOptimizer.exe [2004-03-02 17:33]
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 13:38]
.
2012-10-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-01 05:33]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd9236ee3000a8.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-06-25 09:41]
.
2012-09-01 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{310EC4ED-CB0D-49BB-9D3F-517E1B7D90AB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.euro.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
LSP: c:\programme\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\dokumente und einstellungen\Vittorio\Anwendungsdaten\Mozilla\Firefox\Profiles\zof52xax.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKU-Default-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
SafeBoot-WinDefend
AddRemove-iPlayer_1.0 - c:\windows\iun6002.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Splashtop Software Updater - c:\programme\Splashtop\Splashtop Software Updater\uninst.exe
AddRemove-xp-AntiSpy - c:\programme\xp-AntiSpy\uninst.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\programme\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\programme\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\programme\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\programme\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\programme\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\programme\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\programme\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\programme\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\programme\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-10-12 14:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2993945987-1433914867-763228881-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-2993945987-1433914867-763228881-1007\Software\¢0×0ê0±0ü0·0ç0ó0 *¦0£0¶0ü0É0g0ubU0Œ0_0í0ü0«0ë0 *¢0×0ê0±0ü0·0ç0ó0\ImageDataLightboxSR\ControlState]
"008b-06a9"=dword:00000000
"008b-06ab"=dword:00000001
"008b-0514"="JPEG-Format"
"008b-0580"="Weihnachten"
"008b-0583"="c:\\Dokumente und Einstellungen\\Vittorio\\Eigene Dateien\\Image Data Converter SR\\Collections"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\programme\TuneUp Utilities 2004\WinStylerThemeHelper.dll
.
- - - - - - - > 'lsass.exe'(692)
c:\programme\TuneUp Utilities 2004\WinStylerThemeHelper.dll
c:\programme\Avira\AntiVir Desktop\avsda.dll
.
Zeit der Fertigstellung: 2012-10-12  14:35:50
ComboFix-quarantined-files.txt  2012-10-12 12:35
.
Vor Suchlauf: 9.052.712.960 Bytes frei
Nach Suchlauf: 9.433.427.968 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - A8E13C867219A2E163FA5B96496F027D

cosinus · 12.10.2012, 14:53

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

giusi92 · 14.10.2012, 15:04

Hallo!
anbei die neuesten Log Dateien =) Zu dem aswMBR Scan...anfangs hat es gescannt, irgendwann hat sich stundenlang ncihts mehr getan und der scan button war auch ausgeblendet. Dann hab ich es nochmal neu gestartet und es ist wieder das selbe passiert... Ich habe jetzt trotzdem mal die Log Datei gepostet bis zu dem Punkt, zu dem es gekommen ist...

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-14 11:18:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: 8rlp0jd6.exe; Driver: C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT            F7B40AE4                                                                                                                          ZwClose
SSDT            F7B40A9E                                                                                                                          ZwCreateKey
SSDT            F7B40AEE                                                                                                                          ZwCreateSection
SSDT            F7B40AC6                                                                                                                          ZwCreateSymbolicLinkObject
SSDT            F7B40A94                                                                                                                          ZwCreateThread
SSDT            F7B40AA3                                                                                                                          ZwDeleteKey
SSDT            F7B40AAD                                                                                                                          ZwDeleteValueKey
SSDT            F7B40ADF                                                                                                                          ZwDuplicateObject
SSDT            F7B40ACB                                                                                                                          ZwLoadDriver
SSDT            F7B40AB2                                                                                                                          ZwLoadKey
SSDT            F7B40A80                                                                                                                          ZwOpenProcess
SSDT            F7B40AC1                                                                                                                          ZwOpenSection
SSDT            F7B40A85                                                                                                                          ZwOpenThread
SSDT            F7B40B07                                                                                                                          ZwQueryValueKey
SSDT            F7B40ABC                                                                                                                          ZwReplaceKey
SSDT            F7B40AF8                                                                                                                          ZwRequestWaitReplyPort
SSDT            F7B40AB7                                                                                                                          ZwRestoreKey
SSDT            F7B40AF3                                                                                                                          ZwSetContextThread
SSDT            F7B40AFD                                                                                                                          ZwSetSecurityObject
SSDT            F7B40AD0                                                                                                                          ZwSetSystemInformation
SSDT            F7B40AA8                                                                                                                          ZwSetValueKey
SSDT            F7B40B02                                                                                                                          ZwSystemDebugControl
SSDT            F7B40A8F                                                                                                                          ZwTerminateProcess
SSDT            F7B40A8A                                                                                                                          ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\senfilt.sys                                                                                           entry point in "init" section [0xF69AFF80]
?               C:\WINDOWS\TEMP\mc21.tmp                                                                                                          Das System kann die angegebene Datei nicht finden. !
.text           C:\WINDOWS\system32\DRIVERS\litsgt.sys                                                                                            section is writeable [0xF6DC3300, 0x1F510, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FreeLibrary + 15                                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW                                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateFileW                                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!LoadLibraryExW                                                            7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!FreeLibrary + 15                                                          7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!CreateFileW                                                               7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!WriteFile                                                                 7C810E27 7 Bytes  JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text           C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!LoadLibraryExW                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!CreateFileW                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!LoadLibraryExW                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!CreateFileW                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!LoadLibraryExW                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!FreeLibrary + 15                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!CreateFileW                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!LoadLibraryExW        7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!FreeLibrary + 15      7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!CreateFileW           7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW                                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!FreeLibrary + 15                                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW                                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW                                                              7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!FreeLibrary + 15                                                            7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW                                                                 7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!LoadLibraryExW                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!FreeLibrary + 15                                       7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!CreateFileW                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!LoadLibraryExW                                                     7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!FreeLibrary + 15                                                   7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!CreateFileW                                                        7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!LoadLibraryExW                                                                7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!FreeLibrary + 15                                                              7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!CreateFileW                                                                   7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!LoadLibraryExW                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!FreeLibrary + 15                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!CreateFileW                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!LoadLibraryExW                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!FreeLibrary + 15                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!CreateFileW                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!LoadLibraryExW                                                 7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!FreeLibrary + 15                                               7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!CreateFileW                                                    7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!LoadLibraryExW                                                                         7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!FreeLibrary + 15                                                                       7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!CreateFileW                                                                            7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!LoadLibraryExW                                                           7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!FreeLibrary + 15                                                         7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!CreateFileW                                                              7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW                                                                     7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15                                                                   7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!CreateFileW                                                                        7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!LoadLibraryExW                                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!FreeLibrary + 15                                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!CreateFileW                                                       7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!LoadLibraryExW                                                                  7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!FreeLibrary + 15                                                                7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!CreateFileW                                                                     7C810800 6 Bytes  JMP 5F040F5A 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!LoadLibraryExW                                    7C801AF5 6 Bytes  JMP 5F070F5A 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!FreeLibrary + 15                                  7C80AC93 4 Bytes  CALL 5F00003D 
.text           C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!CreateFileW                                       7C810800 6 Bytes  JMP 5F040F5A 

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                         fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device          \FileSystem\Fastfat \Fat                                                                                                          B8889D20

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0 (not active ControlSet)                                   
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46                                              0x90 0x7D 0x42 0xF7 ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680                                              0x0C 0xCE 0x9E 0x2D ...
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532                                              0xFF 0x18 0x9C 0x63 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0                                                       
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46                                          0x90 0x7D 0x42 0xF7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680                                          0x0C 0xCE 0x9E 0x2D ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532                                          0xFF 0x18 0x9C 0x63 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@                                                C:\WINDOWS\system32\compatui.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\ProgID@                                                        CompatUI.Util.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\TypeLib@                                                       {233A5627-7755-4B36-AA00-656B8846F501}
Reg             HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\VersionIndependentProgID@                                      CompatUI.Util
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@                                                C:\WINDOWS\system32\xenroll.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\ProgID@                                                        CEnroll.CEnroll.2
Reg             HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\VersionIndependentProgID@                                      CEnroll.CEnroll
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@                                                C:\WINDOWS\system32\msvidctl.dll
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ThreadingModel                                  Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@                                                        MSVidCtl.MSVidAnalogTunerDevice.1
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\TypeLib@                                                       {B0EDF154-910A-11D2-B632-00C04F79498E}
Reg             HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@                                      MSVidCtl.MSVidAnalogTunerDevice

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Dateien\ICQ\217058948\ReceivedFiles\428014520 ..\ichiiiii.jpg           310948 bytes

---- EOF - GMER 1.0.15 ----GMER 1.0.15.15641 - hxxp://www.gmer.net

--- --- ---
Rootkit scan 2012-10-14 11:18:16
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
Running: 8rlp0jd6.exe; Driver: C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys

---- System - GMER 1.0.15 ----

SSDT F7B40AE4 ZwClose
SSDT F7B40A9E ZwCreateKey
SSDT F7B40AEE ZwCreateSection
SSDT F7B40AC6 ZwCreateSymbolicLinkObject
SSDT F7B40A94 ZwCreateThread
SSDT F7B40AA3 ZwDeleteKey
SSDT F7B40AAD ZwDeleteValueKey
SSDT F7B40ADF ZwDuplicateObject
SSDT F7B40ACB ZwLoadDriver
SSDT F7B40AB2 ZwLoadKey
SSDT F7B40A80 ZwOpenProcess
SSDT F7B40AC1 ZwOpenSection
SSDT F7B40A85 ZwOpenThread
SSDT F7B40B07 ZwQueryValueKey
SSDT F7B40ABC ZwReplaceKey
SSDT F7B40AF8 ZwRequestWaitReplyPort
SSDT F7B40AB7 ZwRestoreKey
SSDT F7B40AF3 ZwSetContextThread
SSDT F7B40AFD ZwSetSecurityObject
SSDT F7B40AD0 ZwSetSystemInformation
SSDT F7B40AA8 ZwSetValueKey
SSDT F7B40B02 ZwSystemDebugControl
SSDT F7B40A8F ZwTerminateProcess
SSDT F7B40A8A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF69AFF80]
? C:\WINDOWS\TEMP\mc21.tmp Das System kann die angegebene Datei nicht finden. !
.text C:\WINDOWS\system32\DRIVERS\litsgt.sys section is writeable [0xF6DC3300, 0x1F510, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[228] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[628] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[672] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[692] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[876] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 01121B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe[976] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\spoolsv.exe[1532] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1580] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1644] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1712] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1724] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Java\jre6\bin\jqs.exe[1852] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1884] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Google\Update\GoogleUpdate.exe[1912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\lxdxcoms.exe[1968] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avshadow.exe[2364] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avmailc.exe[2460] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE[2536] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\Explorer.EXE[2748] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\System32\alg.exe[3132] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3300] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\WINDOWS\system32\ctfmon.exe[3516] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 5F00003D
.text C:\Dokumente und Einstellungen\Vittorio\Desktop\8rlp0jd6.exe[4016] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F040F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\Fastfat \Fat B8889D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46 0x90 0x7D 0x42 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680 0x0C 0xCE 0x9E 0x2D ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532 0xFF 0x18 0x9C 0x63 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0019b71b0e46 0x90 0x7D 0x42 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0005c9fc6680 0x0C 0xCE 0x9E 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001583bb92f0@0cddefea7532 0xFF 0x18 0x9C 0x63 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ C:\WINDOWS\system32\compatui.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\ProgID@ CompatUI.Util.1
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\TypeLib@ {233A5627-7755-4B36-AA00-656B8846F501}
Reg HKLM\SOFTWARE\Classes\CLSID\{36018685-C5B5-9B32-AB55-39A30EA1A452}\VersionIndependentProgID@ CompatUI.Util
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ C:\WINDOWS\system32\xenroll.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\ProgID@ CEnroll.CEnroll.2
Reg HKLM\SOFTWARE\Classes\CLSID\{78BBB592-AF3E-64CC-7822-D11AB0240FB9}\VersionIndependentProgID@ CEnroll.CEnroll
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ C:\WINDOWS\system32\msvidctl.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\ProgID@ MSVidCtl.MSVidAnalogTunerDevice.1
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\TypeLib@ {B0EDF154-910A-11D2-B632-00C04F79498E}
Reg HKLM\SOFTWARE\Classes\CLSID\{FBD44B43-52CF-EDF3-2A14-9785820AB493}\VersionIndependentProgID@ MSVidCtl.MSVidAnalogTunerDevice

---- Files - GMER 1.0.15 ----

File C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Dateien\ICQ\217058948\ReceivedFiles\428014520 ..\ichiiiii.jpg 310948 bytes

---- EOF - GMER 1.0.15 ----[/code]

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 12:56:22 on 14.10.2012

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 16.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore1cd9236ee3000a8.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Google Software Updater.job" - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"MP Scheduled Scan.job" - "Microsoft Corporation" - C:\Programme\Windows Defender\MpCmdRun.exe
"1-Klick-Wartung.job" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"BACSCPL.cpl" - ? - C:\WINDOWS\system32\BACSCPL.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"AntiVir PersonalEdition Classic Konfiguration" - ? - C:\PROGRA~1\ANTIVI~1\avconfig.cpl  (File not found)
"Avira AntiVir Premium " - "Avira Operations GmbH & Co. KG" - C:\PROGRA~1\Avira\ANTIVI~1\avconfig.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\avkmgr.sys
"axtdqpog" (axtdqpog) - ? - C:\DOKUME~1\Vittorio\LOKALE~1\Temp\axtdqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\DOKUME~1\Vittorio\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DAEMON Tools Virtual Bus Driver" (dtsoftbus01) - "DT Soft Ltd" - C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys
"Deterministic Network Enhancer Miniport" (DNE) - "Deterministic Networks, Inc." - C:\WINDOWS\System32\DRIVERS\dne2000.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"JVC Communication PIX-MCV Driver" (PIXMCV) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcvc.sys
"JVC PIX-MCV Audio Capture" (PIXMCVA) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcva.sys
"JVC PIX-MCV Video Capture" (PIXMCVV) - "Pixela" - C:\WINDOWS\System32\Drivers\pixmcvv.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\WINDOWS\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys  (File not found)
"litsgt" (litsgt) - ? - C:\WINDOWS\System32\DRIVERS\litsgt.sys  (File found, but it contains no detailed information)
"mchInjDrv" (mchInjDrv) - ? - C:\WINDOWS\TEMP\mc21.tmp  (File not found)
"OMCI WDM Device Driver" (omci) - "Dell Computer Corporation" - C:\WINDOWS\System32\DRIVERS\omci.sys
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
"tansgt" (tansgt) - ? - C:\WINDOWS\System32\DRIVERS\tansgt.sys  (File found, but it contains no detailed information)
"upperdev" (upperdev) - ? - C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Desktop\Components )-----
"(0) Source" - ? - /C:/DOKUME~1/Vittorio/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg  (File not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} "Microsoft AntiMalware ShellExecuteHook" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MpShHook.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -   (File not found | COM-object registry key not found)
{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpowerAMP Music Converter" - ? -   (File not found | COM-object registry key not found)
{FED7043D-346A-414D-ACD7-550D052499A7} "dBpShell Class" - ? - C:\Programme\Illustrate\dBpowerAMP\dBShell.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll
{DEE12703-6333-4D4E-8F34-738C4DCC2E04} "RecordNow! SendToExt" - ? - C:\Programme\Sonic\RecordNow!\shlext.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\shlext.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{A51A8D7A-BEDB-4cac-8B19-59C7EB9FB91D} "SRFImageExt" - ? - C:\Programme\Sony\Sony Image Data Suite\Image Data Converter SR ver. 2\SRFImageExt.dll
{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0} "TuneUp Shredder Shell Context Menu Extension" - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\sdshelex.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Programme\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
<binary data> "{119DBEDA-9C41-4F97-94B4-B6BCD01133CF}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)
<binary data> "{EF99BD32-C1FB-11D2-892F-0090271D4F88}" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BD393C14-72AD-4790-A095-76522973D6B8} "CBreakshotControl Class" - "pixelStorm Inc." - C:\WINDOWS\Downloaded Program Files\Banksht2.dll / hxxp://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
{00B71CFB-6864-4346-A978-C0A14556272C} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
{20A60F0D-9AFA-4515-A0FD-83BD84642501} "Checkers Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\msgrchkr.dll / hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "get_atlcom Class" - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\gp.ocx / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} "GoPetsWeb Control" - "GoPets LTD" - C:\WINDOWS\DOWNLO~1\GOPETS~1.OCX / https://secure.gopetslive.com/dev/GoPetsWeb.cab
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader5.ocx / hxxp://static.pe.schuelervz.net/photouploader/ImageUploader5.cab?nocache=1221319819
{6E5E167B-1566-4316-B27F-0DDAB3484CF7} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://static.ak.schuelervz.net/photouploader/ImageUploader4.cab?nocache=20071219-1
{BA162249-F2C5-4851-8ADC-FC58CB424243} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx / hxxp://static.ak.schuelervz.net/photouploader/ImageUploader5.cab?nocache=20080125-1
{EDFCB7CB-942C-4822-AF14-F0B687409848} "Image Uploader Control" - "Aurigma, Inc." - C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx / hxxp://fdata.over-blog.com/99/00/00/03/js/javauploader/ImageUploader4.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{15B782AF-55D8-11D1-B477-006097098764} "Macromedia Authorware Web Player Control" - "Macromedia, Inc." - C:\WINDOWS\system32\macromed\authorwa\awswax.ocx / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
{14B87622-7E19-4EA8-93B3-97215F77A6BC} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
{97E71027-0BA2-44F2-97DB-F84D808ED0B6} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} "MessengerStatsClient Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.2\MessengerStatsPAClient.dll / hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
{2917297F-F02B-4B9D-81DF-494B6333150B} "Minesweeper Flags Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\minesweeper.dll / hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
{B8BE5E93-A60C-4D26-A2DC-220313175592} "MSN Games - Installer" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\ZIntro.ocx / hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} "MSN Photo Upload Tool" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll / hxxp://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\WINDOWS\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{9122D757-5A4F-4768-82C5-B4171D8556A7} "PhotoPickConvert Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\PhtPkMSN.dll / hxxp://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\SYSTEM32\Adobe\Director\SwDir.dll / hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10k.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF} "Solitaire Showdown Class" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll / hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
{5D6F45B3-9043-443D-A792-115447494D24} "UnoCtrl Class" - "Microsoft" - C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll / hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
{474F00F5-3853-492C-AC3A-476512BBC336} "UploadListView Class" - ? - C:\WINDOWS\Downloaded Program Files\UploaderX.dll / hxxp://picasaweb.google.com/s/v/24.16/uploader2.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\WINDOWS\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} "Windows Live Photo Upload Control" - "Microsoft® Corporation" - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll / hxxp://giusisspace.spaces.live.com/PhotoUpload/MsnPUpld.cab
{E6187999-9FEC-46A1-A20F-F4CA977D5643} "ZoneChess Object" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\chess.ocx / hxxp://messenger.zone.msn.com/binary/Chess.cab55200.cab
{4A85DBE0-BFB2-4119-8401-186A7C6EB653} "{4A85DBE0-BFB2-4119-8401-186A7C6EB653}" - "Microsoft Corporation" - C:\WINDOWS\Downloaded Program Files\MJSS.ocx / hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/mjss/MJSS.cab109791.cab
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} "{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} "{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" - ? -   (File not found | COM-object registry key not found) / hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
"ICQ Lite" - ? - C:\Programme\ICQLite\ICQLite.exe  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} "Lexmark Symbolleiste" - ? - C:\Programme\Lexmark Toolbar\toolband.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{53707962-6F74-2D53-2644-206D7942484F} "{53707962-6F74-2D53-2644-206D7942484F}" - "Safer Networking Limited" - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} "{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\DESKTOP.INI
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"DESKTOP.INI" - ? - C:\Dokumente und Einstellungen\Vittorio\Startmenü\Programme\Autostart\DESKTOP.INI
"Dropbox.lnk" - "Dropbox, Inc." - C:\Dokumente und Einstellungen\Vittorio\Anwendungsdaten\Dropbox\bin\Dropbox.exe  (Shortcut exists | File exists)
"Picture Motion Browser Medien-Prüfung.lnk" - "Sony Corporation" - C:\Programme\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Lexmark Print-2-Fax Port" - ? - C:\WINDOWS\system32\LXF3PMON.DLL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\sched.exe
"getPlus(R) Helper" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper.dll
"Google Software Updater" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9984e2df4c2fa)" (gupdate1c9984e2df4c2fa) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
"ServiceLayer" (ServiceLayer) - ? - "C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe"  (File not found)
"Splashtop Software Updater Service" (SSUService) - ? - C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe  (File not found)
"Splashtop® Remote Service" (SplashtopRemoteService) - ? - "C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe"  (File not found)
"TuneUp WinStyler Theme Service" (TUWinStylerThemeSvc) - "TuneUp Software GmbH" - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Programme\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

 aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 14:20:51
-----------------------------
14:20:51.359    OS Version: Windows 5.1.2600 Service Pack 3
14:20:51.359    Number of processors: 2 586 0x401
14:20:51.359    ComputerName: GIUSI  UserName: 
14:20:52.687    Initialize success
14:21:05.796    AVAST engine defs: 12101400
14:21:11.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
14:21:11.656    Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152587MB BusType: 3
14:21:11.718    Disk 0 MBR read successfully
14:21:11.734    Disk 0 MBR scan
14:21:11.890    Disk 0 unknown MBR code
14:21:11.921    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       62 MB offset 63
14:21:12.093    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       149699 MB offset 128520
14:21:12.171    Disk 0 Partition 3 00     DB  CP/M / CTOS MSWIN4.1     2816 MB offset 306729045
14:21:12.281    Disk 0 scanning sectors +312496380
14:21:12.562    Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:37.515    Service scanning
14:23:03.468    Modules scanning
14:23:52.875    Disk 0 trace - called modules:
14:23:52.906    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
14:23:52.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fcaab8]
14:23:52.937    3 CLASSPNP.SYS[f7645fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f9d468]
14:23:54.046    AVAST engine scan C:\WINDOWS
14:25:54.218    AVAST engine scan C:\WINDOWS\system32
14:36:41.765    AVAST engine scan C:\WINDOWS\system32\drivers
14:38:19.812    AVAST engine scan C:\Dokumente und Einstellungen\aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-14 14:20:51
-----------------------------
14:20:51.359    OS Version: Windows 5.1.2600 Service Pack 3
14:20:51.359    Number of processors: 2 586 0x401
14:20:51.359    ComputerName: GIUSI  UserName: 
14:20:52.687    Initialize success
14:21:05.796    AVAST engine defs: 12101400
14:21:11.656    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
14:21:11.656    Disk 0 Vendor: WDC_WD1600JD-75HBB0 08.02D08 Size: 152587MB BusType: 3
14:21:11.718    Disk 0 MBR read successfully
14:21:11.734    Disk 0 MBR scan
14:21:11.890    Disk 0 unknown MBR code
14:21:11.921    Disk 0 Partition 1 00     DE Dell Utility Dell 4.1       62 MB offset 63
14:21:12.093    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       149699 MB offset 128520
14:21:12.171    Disk 0 Partition 3 00     DB  CP/M / CTOS MSWIN4.1     2816 MB offset 306729045
14:21:12.281    Disk 0 scanning sectors +312496380
14:21:12.562    Disk 0 scanning C:\WINDOWS\system32\drivers
14:22:37.515    Service scanning
14:23:03.468    Modules scanning
14:23:52.875    Disk 0 trace - called modules:
14:23:52.906    ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
14:23:52.921    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fcaab8]
14:23:52.937    3 CLASSPNP.SYS[f7645fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x86f9d468]
14:23:54.046    AVAST engine scan C:\WINDOWS
14:25:54.218    AVAST engine scan C:\WINDOWS\system32
14:36:41.765    AVAST engine scan C:\WINDOWS\system32\drivers
14:38:19.812    AVAST engine scan C:\Dokumente und Einstellungen\Vittorio
15:22:46.359    AVAST engine scan C:\Dokumente und Einstellungen\All Users
15:55:54.390    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Vittorio\Desktop\MBR.dat"
15:55:54.390    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Vittorio\Desktop\aswMBR2.txt"

cosinus · 14.10.2012, 19:27

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''

Log-Analyse und Auswertung: Log nach scheinbar erfolgreicher(?)Entfernung von ,,System Progressive Protection''