Dropper.gen mit antivir gefunden

Sai112 · 01.04.2010, 08:57

Hallo. Ich habe seit zwei Tagen Malware auf meinem PC. Nach verschiedenen Versuchen bleibt mein Problem dass Antivir immer wieder dropper.gen findet.
Z.B. in spoosvr.exe

Bin für jede Hilfe dankbar.

Virustotal.com sagt dazu:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.01 Virus.Win32.Virut!IK
AhnLab-V3 5.0.0.2 2010.03.31 -
AntiVir 7.10.6.10 2010.03.31 W32/Virut.Gen
Antiy-AVL 2.0.3.7 2010.04.01 -
Authentium 5.2.0.5 2010.04.01 -
Avast 4.8.1351.0 2010.03.31 Win32:Vitro
Avast5 5.0.332.0 2010.03.31 Win32:Vitro
AVG 9.0.0.787 2010.03.31 unknown virus Win32/DH.AA54534F48
BitDefender 7.2 2010.04.01 Win32.Virtob.Gen.12
CAT-QuickHeal 10.00 2010.04.01 W32.Virut.G
ClamAV 0.96.0.0-git 2010.04.01 -
Comodo 4459 2010.04.01 -
DrWeb 5.0.2.03300 2010.04.01 Win32.Virut.56
eSafe 7.0.17.0 2010.03.31 -
eTrust-Vet 35.2.7401 2010.04.01 -
F-Prot 4.5.1.85 2010.04.01 -
F-Secure 9.0.15370.0 2010.04.01 Win32.Virtob.Gen.12
Fortinet 4.0.14.0 2010.03.30 -
GData 19 2010.04.01 Win32.Virtob.Gen.12
Ikarus T3.1.1.80.0 2010.04.01 Virus.Win32.Virut
Jiangmin 13.0.900 2010.04.01 -
K7AntiVirus 7.10.1004 2010.03.22 -
Kaspersky 7.0.0.125 2010.04.01 -
McAfee 5937 2010.03.31 W32/Virut.n.gen
McAfee+Artemis 5937 2010.03.31 W32/Virut.n.gen
McAfee-GW-Edition 6.8.5 2010.03.31 Win32.Virut.Gen
Microsoft 1.5605 2010.03.31 Virus:Win32/Virut.BN
NOD32 4990 2010.04.01 Win32/Virut.NBP
Norman 6.04.10 2010.03.31 -
nProtect 2009.1.8.0 2010.03.31 -
Panda 10.0.2.2 2010.03.31 -
PCTools 7.0.3.5 2010.04.01 -
Prevx 3.0 2010.04.01 -
Rising 22.41.03.03 2010.04.01 Win32.Virut.cl
Sophos 4.52.0 2010.04.01 W32/Scribble-B
Sunbelt 6123 2010.04.01 Virus.Win32.Virut.ce (v)
Symantec 20091.2.0.41 2010.04.01 W32.Virut.CF
TheHacker 6.5.2.0.248 2010.03.31 -
TrendMicro 9.120.0.1004 2010.04.01 PE_VIRUX.R
VBA32 3.12.12.4 2010.03.31 -
ViRobot 2010.4.1.2255 2010.04.01 Win32.Virut.AM
VirusBuster 5.0.27.0 2010.03.31 Win32.Virut.AB.Gen
weitere Informationen
File size: 82432 bytes
MD5...: 97012771c7a56c27bcaae68804666047
SHA1..: f575aa59e1d868138caee6e5c05cc6370efbd73f
SHA256: 2c277d345aa33fe59cedd745ba44e043745318abe5c2505ee1fde1b6ff8e5feb
ssdeep: 1536:vpgSHlAMmxUC/OUVIrOgotYi35yzhDnsJ5zwdhFbn:jajLIrfotYi3czh4J
ZwdhF7
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x15c80
timedatestamp.....: 0x177038e4 (Fri Jun 18 06:42:44 1982)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xba70 0xbc00 5.96 07f62c2dd4ed0308dea78a7ae3f9a7a1
.data 0xd000 0x13b4 0x1400 2.24 887444c39cada5bd753c428783e0009b
.rsrc 0xf000 0x6e00 0x6e00 7.89 690cadc1e5e65f3f5e7813be856e0ada
fkzspzp 0x16000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

( 6 imports )
> ADVAPI32.dll: SetServiceStatus, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, InitializeSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetLengthSid, InitializeAcl, AddAccessAllowedAce, AddAccessDeniedAce, GetAce, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, RegDisablePredefinedCache, RegOpenKeyExW, RegCloseKey, RegisterServiceCtrlHandlerExW, StartServiceCtrlDispatcherW
> GDI32.dll: bMakePathNameW, GdiInitSpool, GdiGetSpoolMessage
> KERNEL32.dll: GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, GetCurrentProcessId, SetUnhandledExceptionFilter, GetModuleHandleA, GetCurrentThreadId, GetTickCount, UnhandledExceptionFilter, QueryPerformanceCounter, FreeLibrary, InterlockedExchange, GetModuleHandleW, GetLastError, ExitThread, CloseHandle, WaitForSingleObject, CreateEventW, CreateThread, ExitProcess, Sleep, OpenEventW, LoadLibraryA, InitializeCriticalSection, LocalFree, LocalAlloc, SetEvent, LeaveCriticalSection, EnterCriticalSection, SetLastError, OpenProcess, InterlockedIncrement, RaiseException, InterlockedDecrement, GetProcAddress, GetSystemDirectoryW
> msvcrt.dll: __initenv, _exit, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, _XcptFilter, wcsrchr, wcslen, _c_exit, _stricmp, _wcsnicmp, _except_handler3
> ntdll.dll: RtlValidRelativeSecurityDescriptor
> RPCRT4.dll: RpcServerRegisterIf2, I_RpcBindingIsClientLocal, I_RpcSessionStrictContextHandle, RpcRaiseException, RpcImpersonateClient, RpcRevertToSelf, NdrServerCall2, RpcServerUseProtseqEpA, I_RpcSsDontSerializeContext, RpcMgmtSetServerStackSize, RpcServerListen

( 12 exports )
YDriverUnloadComplete, YEndDocPrinter, YFlushPrinter, YGetPrinter, YGetPrinterDriver2, YGetPrinterDriverDirectory, YReadPrinter, YSeekPrinter, YSetJob, YSetPort, YSplReadPrinter, YWritePrinter
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Spooler SubSystem App
original name: spoolsv.exe
internal name: spoolsv.exe
file version.: 5.1.2600.5512 (xpsp.080413-0852)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Ich weiß nicht ob das schon die halbe Miete war oder nicht. ich post mal noch die Scans mit RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-04-01 09:32:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (24%) free of 100 GB
Total RAM: 3327 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:54, on 01.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programme\AnVir Task Manager Free\AnVir.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programme\AnVir Task Manager Free\AnVir .exe
C:\WINDOWS.0\system32\Pen_Tablet.exe
C:\WINDOWS.0\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS.0\system32\Pen_Tablet.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner\RSIT.exe
C:\Programme\Trend Micro\HijackThis\***.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Programme\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS.0\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe

--
End of file - 2853 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\At1.job
C:\WINDOWS.0\tasks\At10.job
C:\WINDOWS.0\tasks\At11.job
C:\WINDOWS.0\tasks\At12.job
C:\WINDOWS.0\tasks\At13.job
C:\WINDOWS.0\tasks\At14.job
C:\WINDOWS.0\tasks\At15.job
C:\WINDOWS.0\tasks\At16.job
C:\WINDOWS.0\tasks\At17.job
C:\WINDOWS.0\tasks\At18.job
C:\WINDOWS.0\tasks\At19.job
C:\WINDOWS.0\tasks\At2.job
C:\WINDOWS.0\tasks\At20.job
C:\WINDOWS.0\tasks\At21.job
C:\WINDOWS.0\tasks\At22.job
C:\WINDOWS.0\tasks\At23.job
C:\WINDOWS.0\tasks\At24.job
C:\WINDOWS.0\tasks\At3.job
C:\WINDOWS.0\tasks\At4.job
C:\WINDOWS.0\tasks\At5.job
C:\WINDOWS.0\tasks\At6.job
C:\WINDOWS.0\tasks\At7.job
C:\WINDOWS.0\tasks\At8.job
C:\WINDOWS.0\tasks\At9.job
C:\WINDOWS.0\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2009-06-12 17887232]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"AnVir Task Manager Free"=C:\Programme\AnVir Task Manager Free\AnVir.exe [2010-03-31 68032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\uTorrent\utorrent.exe"="C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS.0\Explorer.EXE"="C:\WINDOWS.0\Explorer.EXE:*:enabled:@shell32.dll,-1"
"\??\C:\WINDOWS.0\system32\winlogon.exe"="\??\C:\WINDOWS.0\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-01 09:32:51 ----D---- C:\rsit
2010-04-01 09:27:42 ----A---- C:\WINDOWS.0\system32\spoolsv.exe
2010-04-01 01:16:49 ----D---- C:\avrescue
2010-03-31 18:20:18 ----D---- C:\WINDOWS.0\system32\NtmsData
2010-03-31 17:58:53 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
2010-03-31 17:57:02 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira
2010-03-27 17:29:38 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-03-27 17:29:36 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes
2010-03-27 16:33:37 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\62D24FE445E81894E8FC8089F079C304

======List of files/folders modified in the last 1 months======

2010-04-01 09:27:42 ----D---- C:\WINDOWS.0\system32
2010-04-01 09:27:18 ----RSD---- C:\WINDOWS.0\Fonts
2010-04-01 09:24:11 ----D---- C:\WINDOWS.0\Internet Logs
2010-04-01 09:22:46 ----D---- C:\WINDOWS.0\Temp
2010-04-01 09:14:33 ----D---- C:\WINDOWS.0\Prefetch
2010-04-01 09:14:31 ----D---- C:\Programme\Graboid
2010-04-01 09:10:38 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WTablet
2010-04-01 09:10:34 ----D---- C:\WINDOWS.0\system32\CatRoot2
2010-04-01 01:25:25 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2010-04-01 01:19:05 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2010-04-01 01:19:05 ----D---- C:\WINDOWS.0\system32\drivers
2010-04-01 01:16:09 ----D---- C:\Programme\Mozilla Thunderbird
2010-04-01 01:15:44 ----D---- C:\Programme\JustWrite Office
2010-04-01 01:15:44 ----D---- C:\Programme\GeoGebra
2010-04-01 01:15:41 ----D---- C:\Programme\NetBalancer
2010-04-01 01:15:40 ----D---- C:\Programme\WinRAR
2010-04-01 01:15:39 ----D---- C:\WINDOWS.0
2010-03-31 20:36:50 ----D---- C:\Programme\QuickTime
2010-03-31 20:30:37 ----D---- C:\Programme\RivaTuner v2.11
2010-03-31 20:30:27 ----D---- C:\Programme\AnVir Task Manager Free
2010-03-31 20:10:03 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-03-31 20:07:56 ----D---- C:\WINDOWS.0\Registration
2010-03-31 19:21:41 ----D---- C:\Programme\Mozilla Firefox
2010-03-31 18:20:18 ----D---- C:\WINDOWS.0\repair
2010-03-31 17:57:02 ----D---- C:\Programme\Avira
2010-03-31 17:56:37 ----SHD---- C:\WINDOWS.0\Installer
2010-03-31 17:56:35 ----D---- C:\WINDOWS.0\WinSxS
2010-03-29 18:13:00 ----D---- C:\WINDOWS.0\pchealth
2010-03-28 17:20:49 ----SD---- C:\WINDOWS.0\Tasks
2010-03-28 11:14:57 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2010-03-27 17:34:23 ----D---- C:\WINDOWS.0\Logs
2010-03-27 16:34:38 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2010-03-17 23:55:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2010-03-17 21:37:51 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS.0\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS.0\system32\DRIVERS\VBoxDrv.sys [2009-07-10 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS.0\system32\DRIVERS\VBoxUSBMon.sys [2009-07-10 41424]
R1 vsdatant;vsdatant; C:\WINDOWS.0\System32\vsdatant.sys [2009-02-16 353672]
R2 Aspi32;Aspi32; C:\WINDOWS.0\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS.0\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS.0\system32\drivers\btslbcsp.sys []
R3 3xHybrid;Cinergy 400 TV service; C:\WINDOWS.0\system32\DRIVERS\3xHybrid.sys [2006-12-04 1121536]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS.0\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Nbdrv;NetBalancer Service; C:\WINDOWS.0\system32\DRIVERS\nbdrv.sys [2009-09-09 22528]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS.0\system32\DRIVERS\taphss.sys [2009-09-15 32768]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS.0\system32\DRIVERS\VBoxNetAdp.sys [2009-07-10 91472]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS.0\system32\DRIVERS\VBoxNetFlt.sys [2009-07-10 99472]
R3 VClone;VClone; C:\WINDOWS.0\system32\DRIVERS\VClone.sys [2009-05-23 29696]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS.0\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 Ambfilt;Ambfilt; C:\WINDOWS.0\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS.0\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS.0\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS.0\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwhid;btwhid; C:\WINDOWS.0\system32\DRIVERS\btwhid.sys [2005-09-19 44163]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS.0\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS.0\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE-Filter; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.11\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver; C:\WINDOWS.0\System32\Drivers\tascusb2.sys [2007-10-31 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device; C:\WINDOWS.0\system32\drivers\tscusb2m.sys [2007-10-31 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM; C:\WINDOWS.0\system32\drivers\tscusb2a.sys [2007-10-31 33792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS.0\System32\Drivers\VBoxUSB.sys [2009-07-10 32016]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS.0\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 iaStor;iaStor; C:\WINDOWS.0\system32\drivers\iaStor.sys []
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS.0\system32\Pen_Tablet.exe [2008-05-02 3032360]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-18 937984]
S3 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-09-19 282624]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 HotspotShieldService;Hotspot Shield Service; C:\Programme\Hotspot Shield\bin\openvpnas.exe [2009-09-15 204848]
S4 HssSrv;Hotspot Shield Routing Service; C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe [2009-09-15 331824]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Programme\Hotspot Shield\bin\HssTrayService.EXE [2009-09-15 57640]
S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by *** at 2010-04-01 09:32:51
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 24 GB (24%) free of 100 GB
Total RAM: 3327 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:54, on 01.04.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Programme\AnVir Task Manager Free\AnVir.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Programme\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Programme\AnVir Task Manager Free\AnVir .exe
C:\WINDOWS.0\system32\Pen_Tablet.exe
C:\WINDOWS.0\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS.0\system32\Pen_Tablet.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient .exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner\RSIT.exe
C:\Programme\Trend Micro\HijackThis\***.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnVir Task Manager Free] "C:\Programme\AnVir Task Manager Free\AnVir.exe" Minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS.0\system32\Pen_Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe

--
End of file - 2853 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\At1.job
C:\WINDOWS.0\tasks\At10.job
C:\WINDOWS.0\tasks\At11.job
C:\WINDOWS.0\tasks\At12.job
C:\WINDOWS.0\tasks\At13.job
C:\WINDOWS.0\tasks\At14.job
C:\WINDOWS.0\tasks\At15.job
C:\WINDOWS.0\tasks\At16.job
C:\WINDOWS.0\tasks\At17.job
C:\WINDOWS.0\tasks\At18.job
C:\WINDOWS.0\tasks\At19.job
C:\WINDOWS.0\tasks\At2.job
C:\WINDOWS.0\tasks\At20.job
C:\WINDOWS.0\tasks\At21.job
C:\WINDOWS.0\tasks\At22.job
C:\WINDOWS.0\tasks\At23.job
C:\WINDOWS.0\tasks\At24.job
C:\WINDOWS.0\tasks\At3.job
C:\WINDOWS.0\tasks\At4.job
C:\WINDOWS.0\tasks\At5.job
C:\WINDOWS.0\tasks\At6.job
C:\WINDOWS.0\tasks\At7.job
C:\WINDOWS.0\tasks\At8.job
C:\WINDOWS.0\tasks\At9.job
C:\WINDOWS.0\tasks\NSSstub.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS.0\RTHDCPL.EXE [2009-06-12 17887232]
"ZoneAlarm Client"=C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-16 981384]
"avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS.0\system32\ctfmon.exe [2008-04-14 15360]
"AnVir Task Manager Free"=C:\Programme\AnVir Task Manager Free\AnVir.exe [2010-03-31 68032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programme\uTorrent\utorrent.exe"="C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS.0\Explorer.EXE"="C:\WINDOWS.0\Explorer.EXE:*:enabled:@shell32.dll,-1"
"\??\C:\WINDOWS.0\system32\winlogon.exe"="\??\C:\WINDOWS.0\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-01 09:32:51 ----D---- C:\rsit
2010-04-01 09:27:42 ----A---- C:\WINDOWS.0\system32\spoolsv.exe
2010-04-01 01:16:49 ----D---- C:\avrescue
2010-03-31 18:20:18 ----D---- C:\WINDOWS.0\system32\NtmsData
2010-03-31 17:58:53 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
2010-03-31 17:57:02 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Avira
2010-03-27 17:29:38 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
2010-03-27 17:29:36 ----D---- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Malwarebytes
2010-03-27 16:33:37 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\62D24FE445E81894E8FC8089F079C304

======List of files/folders modified in the last 1 months======

2010-04-01 09:27:42 ----D---- C:\WINDOWS.0\system32
2010-04-01 09:27:18 ----RSD---- C:\WINDOWS.0\Fonts
2010-04-01 09:24:11 ----D---- C:\WINDOWS.0\Internet Logs
2010-04-01 09:22:46 ----D---- C:\WINDOWS.0\Temp
2010-04-01 09:14:33 ----D---- C:\WINDOWS.0\Prefetch
2010-04-01 09:14:31 ----D---- C:\Programme\Graboid
2010-04-01 09:10:38 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WTablet
2010-04-01 09:10:34 ----D---- C:\WINDOWS.0\system32\CatRoot2
2010-04-01 01:25:25 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2010-04-01 01:19:05 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2010-04-01 01:19:05 ----D---- C:\WINDOWS.0\system32\drivers
2010-04-01 01:16:09 ----D---- C:\Programme\Mozilla Thunderbird
2010-04-01 01:15:44 ----D---- C:\Programme\JustWrite Office
2010-04-01 01:15:44 ----D---- C:\Programme\GeoGebra
2010-04-01 01:15:41 ----D---- C:\Programme\NetBalancer
2010-04-01 01:15:40 ----D---- C:\Programme\WinRAR
2010-04-01 01:15:39 ----D---- C:\WINDOWS.0
2010-03-31 20:36:50 ----D---- C:\Programme\QuickTime
2010-03-31 20:30:37 ----D---- C:\Programme\RivaTuner v2.11
2010-03-31 20:30:27 ----D---- C:\Programme\AnVir Task Manager Free
2010-03-31 20:10:03 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-03-31 20:07:56 ----D---- C:\WINDOWS.0\Registration
2010-03-31 19:21:41 ----D---- C:\Programme\Mozilla Firefox
2010-03-31 18:20:18 ----D---- C:\WINDOWS.0\repair
2010-03-31 17:57:02 ----D---- C:\Programme\Avira
2010-03-31 17:56:37 ----SHD---- C:\WINDOWS.0\Installer
2010-03-31 17:56:35 ----D---- C:\WINDOWS.0\WinSxS
2010-03-29 18:13:00 ----D---- C:\WINDOWS.0\pchealth
2010-03-28 17:20:49 ----SD---- C:\WINDOWS.0\Tasks
2010-03-28 11:14:57 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2010-03-27 17:34:23 ----D---- C:\WINDOWS.0\Logs
2010-03-27 16:34:38 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2010-03-17 23:55:55 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
2010-03-17 21:37:51 ----D---- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS.0\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS.0\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 ssmdrv;ssmdrv; C:\WINDOWS.0\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS.0\system32\DRIVERS\VBoxDrv.sys [2009-07-10 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS.0\system32\DRIVERS\VBoxUSBMon.sys [2009-07-10 41424]
R1 vsdatant;vsdatant; C:\WINDOWS.0\System32\vsdatant.sys [2009-02-16 353672]
R2 Aspi32;Aspi32; C:\WINDOWS.0\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 avgntflt;avgntflt; C:\WINDOWS.0\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS.0\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS.0\system32\drivers\btslbcsp.sys []
R3 3xHybrid;Cinergy 400 TV service; C:\WINDOWS.0\system32\DRIVERS\3xHybrid.sys [2006-12-04 1121536]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BTKRNL;Bluetooth-Bus-Enumerator; C:\WINDOWS.0\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS.0\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS.0\system32\drivers\RtkHDAud.sys [2009-06-16 5095936]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2001-08-18 12288]
R3 Nbdrv;NetBalancer Service; C:\WINDOWS.0\system32\DRIVERS\nbdrv.sys [2009-09-09 22528]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS.0\system32\DRIVERS\Rtenicxp.sys [2007-02-06 90880]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS.0\system32\DRIVERS\taphss.sys [2009-09-15 32768]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS.0\system32\DRIVERS\VBoxNetAdp.sys [2009-07-10 91472]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS.0\system32\DRIVERS\VBoxNetFlt.sys [2009-07-10 99472]
R3 VClone;VClone; C:\WINDOWS.0\system32\DRIVERS\VClone.sys [2009-05-23 29696]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS.0\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS.0\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS.0\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
S3 Ambfilt;Ambfilt; C:\WINDOWS.0\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 btaudio;Bluetooth-Audiogerät; C:\WINDOWS.0\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Virtueller Bluetooth-Kommunikationstreiber; C:\WINDOWS.0\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth-LAN-Zugangsserver; C:\WINDOWS.0\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwhid;btwhid; C:\WINDOWS.0\system32\DRIVERS\btwhid.sys [2005-09-19 44163]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS.0\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 CCDECODE;Untertiteldecoder; C:\WINDOWS.0\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS.0\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;BDA MPE-Filter; C:\WINDOWS.0\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS.0\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS.0\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS.0\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Programme\RivaTuner v2.11\RivaTuner32.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS.0\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA-IPSink; C:\WINDOWS.0\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver; C:\WINDOWS.0\System32\Drivers\tascusb2.sys [2007-10-31 360448]
S3 TASCAM_US144_MIDI;TASCAM US-144 WDM MIDI Device; C:\WINDOWS.0\system32\drivers\tscusb2m.sys [2007-10-31 18944]
S3 TASCAM_US144_WDM;TASCAM US-144 WDM; C:\WINDOWS.0\system32\drivers\tscusb2a.sys [2007-10-31 33792]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS.0\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS.0\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS.0\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 VBoxUSB;VirtualBox USB; C:\WINDOWS.0\System32\Drivers\VBoxUSB.sys [2009-07-10 32016]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS.0\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS.0\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 iaStor;iaStor; C:\WINDOWS.0\system32\drivers\iaStor.sys []
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS.0\system32\Pen_Tablet.exe [2008-05-02 3032360]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS.0\system32\ZoneLabs\vsmon.exe [2009-02-16 2402184]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-10-18 937984]
S3 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 btwdins;Bluetooth Service; C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2005-09-19 282624]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-04-14 14336]
S4 Bonjour Service;Bonjour-Dienst; C:\Programme\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 HotspotShieldService;Hotspot Shield Service; C:\Programme\Hotspot Shield\bin\openvpnas.exe [2009-09-15 204848]
S4 HssSrv;Hotspot Shield Routing Service; C:\Programme\Hotspot Shield\HssWPR\hsssrv.exe [2009-09-15 331824]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Programme\Hotspot Shield\bin\HssTrayService.EXE [2009-09-15 57640]
S4 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2009-10-11 153376]

-----------------EOF-----------------

Sai112 · 01.04.2010, 13:35

Ich versuche gerade mit dem virut removal von Symantec dem ganzen Herr zu werden. Ich Berichte.
:-)

Dropper.gen mit antivir gefunden

Plagegeister aller Art und deren Bekämpfung: Dropper.gen mit antivir gefunden

Dropper.gen mit antivir gefunden

Dropper.gen mit antivir gefunden

Ähnliche Themen: Dropper.gen mit antivir gefunden

01.04.2010, 13:35	#2
Sai112	Dropper.gen mit antivir gefunden Ich versuche gerade mit dem virut removal von Symantec dem ganzen Herr zu werden. Ich Berichte. :-) __________________