Exploit.PDF-JS.Gen,Trojan.Win32.GenericBT&Win32.BackdoorPoison entdeckt und entfernt - Logfile

Jayston

Gmer klappt nicht, hier die OSam (hoffe ich habs richtig gemacht):


Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 19:34:30 on 20.09.2010
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.8

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

Risk Name Publisher Full Path Status
Boot Execute
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager
|||||| "BootExecute" D:\WINDOWS\system32\lsdelete.exe File found, but it contains no detailed information
Common
%SystemRoot%\Tasks
"Ad-Aware Update (Weekly).job" "Lavasoft " D:\Programme\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe File exists
Control Panel Objects
%SystemRoot%\system32
|||||| "infocardcpl.cpl" "Microsoft Corporation" D:\WINDOWS\system32\infocardcpl.cpl File exists
|||||| "javacpl.cpl" "Sun Microsystems, Inc." D:\WINDOWS\system32\javacpl.cpl File exists
|||||| "nvtuicpl.cpl" "NVIDIA Corporation" D:\WINDOWS\system32\nvtuicpl.cpl File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
|||||| "AVG Free AVI Loader Driver x86" (AvgLdx86) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgldx86.sys File exists
|||||| "AVG Free Network Redirector" (AvgTdiX) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgtdix.sys File exists
|||||| "AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) "AVG Technologies CZ, s.r.o." D:\WINDOWS\System32\Drivers\avgmfx86.sys File exists
|||||| "Brother USB Still Image driver" (BrScnUsb) "Brother Industries Ltd." D:\WINDOWS\System32\Drivers\BrScnUsb.sys File exists
"catchme" (catchme) D:\DOKUME~1\Stan\LOKALE~1\Temp\catchme.sys File not found
"Changer" (Changer) D:\WINDOWS\system32\drivers\Changer.sys File not found
|||||| "gdrv" (gdrv) "Windows (R) 2000 DDK provider" D:\WINDOWS\gdrv.sys File exists
|||||| "GVCplDrv" (GVCplDrv) D:\WINDOWS\system32\drivers\GVCplDrv.sys File found, but it contains no detailed information
"i2omgmt" (i2omgmt) D:\WINDOWS\system32\drivers\i2omgmt.sys File not found
|||||| "JMicron Hot-Plug Driver" (JGOGO) "JMicron " D:\WINDOWS\System32\DRIVERS\JGOGO.sys File exists
|||||| "JRAID" (JRAID) "JMicron Technology Corp." D:\WINDOWS\System32\DRIVERS\jraid.sys File exists
|||||| "Lbd" (Lbd) "Lavasoft AB" D:\WINDOWS\System32\DRIVERS\Lbd.sys File exists
"lbrtfdc" (lbrtfdc) D:\WINDOWS\system32\drivers\lbrtfdc.sys File not found
|||||| "Logitech SetPoint HID Mouse Filter Driver" (LHidKe) "Logitech, Inc." D:\WINDOWS\System32\DRIVERS\LHidKE.Sys File exists
|||||| "Logitech SetPoint Mouse Filter Driver" (LMouKE) "Logitech, Inc." D:\WINDOWS\System32\DRIVERS\LMouKE.Sys File exists
|||||| "Logitech SetPoint USB Keyboard Filter" (LUsbKbd) "Logitech, Inc." D:\WINDOWS\System32\Drivers\LUsbKbd.Sys File exists
|||||| "Logitech SetPoint USB Receiver Device Driver" (LHidUsbK) "Logitech, Inc." D:\WINDOWS\System32\Drivers\LHidUsbK.Sys File exists
|||||| "pavboot" (pavboot) "Panda Security, S.L." D:\WINDOWS\System32\drivers\pavboot.sys File exists
"PCIDump" (PCIDump) D:\WINDOWS\system32\drivers\PCIDump.sys File not found
"PDCOMP" (PDCOMP) D:\WINDOWS\system32\drivers\PDCOMP.sys File not found
"PDFRAME" (PDFRAME) D:\WINDOWS\system32\drivers\PDFRAME.sys File not found
"PDRELI" (PDRELI) D:\WINDOWS\system32\drivers\PDRELI.sys File not found
"PDRFRAME" (PDRFRAME) D:\WINDOWS\system32\drivers\PDRFRAME.sys File not found
|||||| "PxHelp20" (PxHelp20) "Sonic Solutions" D:\WINDOWS\System32\Drivers\PxHelp20.sys File exists
|||||| "SASDIFSV" (SASDIFSV) "SUPERAdBlocker.com and SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASDIFSV.SYS File exists
|||||| "SASKUTIL" (SASKUTIL) "SUPERAdBlocker.com and SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASKUTIL.SYS File exists
"WDICA" (WDICA) D:\WINDOWS\system32\drivers\WDICA.sys File not found
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
|||||| {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" "Microsoft Corporation" D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
|||||| {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" "Adobe Systems, Inc." D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll File exists
HKLM\Software\Classes\Protocols\Filter
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists
|||||| {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" "Microsoft Corporation" D:\WINDOWS\system32\mscoree.dll File exists
|||||| {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File exists
HKLM\Software\Classes\Protocols\Handler
|| {F2DDE6B2-9684-4A55-86D4-E255E237B77C} "avgsecuritytoolbar" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists
|||||| {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll File exists
|||||| {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" "Skype Technologies" D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL File exists
|||||| {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgpp.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
|||||| {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" "SuperAdBlocker.com" D:\Programme\SUPERAntiSpyware\SASSEH.DLL File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
|||||| {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" "Igor Pavlov" D:\Programme\7-Zip\7-zip.dll File exists
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" File not found | COM-object registry key not found
|||||| {9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgse.dll File exists
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" deskpan.dll File not found
|||||| {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" File not found | COM-object registry key not found
|||||| {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" "Apple Inc." D:\Programme\iTunes\iTunesMiniPlayer.dll File exists
|||||| {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" "Logitech, Inc." D:\Programme\Logitech\SetPoint\kbcplext.dll File exists
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" File not found | COM-object registry key not found
|||||| {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" "Logitech, Inc." D:\Programme\Logitech\SetPoint\mcplext.dll File exists
|||||| {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" "Microsoft Corporation" D:\Programme\Microsoft Office\Office12\msohevi.dll File exists
|||||| {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL File exists
|||||| {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" "Microsoft Corporation" D:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll File exists
|||||| {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" "NVIDIA Corporation" D:\WINDOWS\system32\nvshell.dll File exists
|||||| {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" "Microsoft Corporation" D:\WINDOWS\system32\dfshim.dll File exists
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" File not found | COM-object registry key not found
|||||| {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" "Microsoft Corporation" D:\WINDOWS\system32\dfshim.dll File exists
|||||| {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL File exists
|||||| {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" "Alexander Roshal" D:\Programme\WinRAR\rarext.dll File exists
Internet Explorer
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars
|||| {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll File exists
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
"DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists
ITBar7Height "ITBar7Height" File not found | COM-object registry key not found
"ITBar7Layout" File not found | COM-object registry key not found
"ITBarLayout" File not found | COM-object registry key not found
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks
|| {A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
|||| {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
|||| {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\npjpi160_20.dll File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
|||| {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll File exists
|||| {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists
|||| "ICQ6" "ICQ, LLC." D:\Programme\ICQ6.5\ICQ.exe File exists
|| "PartyPoker.com" D:\Programme\PartyGaming\PartyPoker\RunApp.exe File exists
|| "PokerStars" "PokerStars" D:\Programme\PokerStars\PokerStarsUpdate.exe File exists
|||| {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" "Microsoft Corporation" D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
|| {CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
|||||| {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" "Adobe Systems Incorporated" D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll File exists
|||||| {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgssie.dll File exists
|| {A3BC75A2-1F87-4686-AA43-5347D756017C} "AVG Security Toolbar BHO" D:\Programme\AVG\AVG9\Toolbar\IEToolbar.dll File exists
{872b5b88-9db5-4310-bdd0-ac189557e5f5} "DVDVideoSoftTB Toolbar" "Conduit Ltd." D:\Programme\DVDVideoSoftTB\tbDVD1.dll File exists
|||| {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File exists
|||| {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File exists
|||| {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\jp2ssv.dll File exists
|||| {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" "Sun Microsystems, Inc." D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
|||||| "desktop.ini" D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini File exists
|||| "HP Digital Imaging Monitor.lnk" "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe Shortcut exists | File exists
|||| "Logitech SetPoint.lnk" "Logitech, Inc." D:\Programme\Logitech\SetPoint\SetPoint.exe Shortcut exists | File exists
%UserProfile%\Startmenü\Programme\Autostart
|||| "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" "Microsoft Corporation" D:\Programme\Microsoft Office\Office12\ONENOTEM.EXE Shortcut exists | File exists
|||||| "desktop.ini" D:\Dokumente und Einstellungen\Stan\Startmenü\Programme\Autostart\desktop.ini File exists
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|||| "ICQ" "ICQ, LLC." "D:\Programme\ICQ6.5\ICQ.exe" silent File exists
|||||| "RocketDock" "D:\Programme\RocketDock\RocketDock.exe" File found, but it contains no detailed information
|||| "Skype" "Skype Technologies S.A." "D:\Programme\Skype\\Phone\Skype.exe" /nosplash /minimized File exists
"SUPERAntiSpyware" "SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
|||| "Adobe ARM" "Adobe Systems Incorporated" "D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" File exists
|||| "Adobe Reader Speed Launcher" "Adobe Systems Incorporated" "D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" File exists
|||| "AudioDrvEmulator" "Creative Technology Ltd." "D:\Programme\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "D:\Programme\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" File exists
|||||| "AVG9_TRAY" "AVG Technologies CZ, s.r.o." D:\PROGRA~1\AVG\AVG9\avgtray.exe File exists
|||| "CTDVDDET" "Creative Technology Ltd" D:\Programme\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE File exists
|||| "CTHelper" "Creative Technology Ltd" CTHELPER.EXE File exists
|||| "CTSysVol" "Creative Technology Ltd" D:\Programme\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r File exists
|||||| "GBB36X Configure" "Gigabyte Technology Corp." D:\WINDOWS\system32\JMRaidTool.exe boot File exists
|||| "HP Software Update" "Hewlett-Packard" D:\Programme\HP\HP Software Update\HPWuSchd2.exe File exists
|||| "iTunesHelper" "Apple Inc." "D:\Programme\iTunes\iTunesHelper.exe" File exists
|||| "nwiz" "NVIDIA Corporation" nwiz.exe /install File exists
|||| "SunJavaUpdateSched" "Sun Microsystems, Inc." "D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" File exists
|||| "UpdReg" "Creative Technology Ltd." D:\WINDOWS\UpdReg.EXE File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
|||||| "Send To Microsoft OneNote Monitor" "Microsoft Corporation" D:\WINDOWS\system32\msonpmon.dll File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
|||||| ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File exists
"Anwendungsverwaltung" (AppMgmt) D:\WINDOWS\System32\appmgmts.dll File not found
|||||| "Apple Mobile Device" (Apple Mobile Device) "Apple Inc." D:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe File exists
|||||| "ASP.NET State Service" (aspnet_state) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe File exists
"Automatische Updates" (wuauserv) C:\WINDOWS\system32\wuauserv.dll File not found
|||||| "AVG Free E-mail Scanner" (avg9emc) "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgemc.exe File exists
|||||| "AVG Free WatchDog" (avg9wd) "AVG Technologies CZ, s.r.o." D:\Programme\AVG\AVG9\avgwdsvc.exe File exists
|| "AVG Security Toolbar Service" (AVG Security Toolbar Service) D:\Programme\AVG\AVG9\Toolbar\ToolbarBroker.exe File exists
|||||| "Bonjour-Dienst" (Bonjour Service) "Apple Inc." D:\Programme\Bonjour\mDNSResponder.exe File exists
|||||| "BrSplService" (Brother XP spl Service) "brother Industries Ltd" D:\WINDOWS\system32\brsvc01a.exe File exists
"HID Input Service" (HidServ) D:\WINDOWS\System32\hidserv.dll File not found
|||||| "HP CUE DeviceDiscovery Service" (hpqddsvc) "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll File exists
|||||| "hpqcxs08" (hpqcxs08) "Hewlett-Packard Co." D:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll File exists
|||||| "iPod-Dienst" (iPod Service) "Apple Inc." D:\Programme\iPod\bin\iPodService.exe File exists
|||||| "Java Quick Starter" (JavaQuickStarterService) "Sun Microsystems, Inc." D:\Programme\Java\jre6\bin\jqs.exe File exists
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) "Lavasoft" D:\Programme\Lavasoft\Ad-Aware\AAWService.exe File exists
|||||| "Logitech Bluetooth Service" (LBTServ) "Logitech, Inc." D:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe File exists
|||||| "Microsoft Office Diagnostics Service" (odserv) "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE File exists
|||||| "Net Driver HPZ12" (Net Driver HPZ12) "Hewlett-Packard" D:\WINDOWS\system32\HPZinw12.dll File exists
|||||| "Office Source Engine" (ose) "Microsoft Corporation" D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File exists
|||||| "Pml Driver HPZ12" (Pml Driver HPZ12) "Hewlett-Packard" D:\WINDOWS\system32\HPZipm12.dll File exists
|||||| "PostgreSQL Server 8.4" (postgresql-8.4) "PostgreSQL Global Development Group" D:\Programme\PostgreSQL\8.4\bin\pg_ctl.exe File exists
|||||| "Windows CardSpace" (idsvc) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe File exists
|||||| "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) "Microsoft Corporation" D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe File exists
Winlogon
HKCU\Control Panel\IOProcs
"MVB" mvfs32.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" appmgmts.dll File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
|||||| "!SASWinLogon" "SUPERAntiSpyware.com" D:\Programme\SUPERAntiSpyware\SASWINLO.DLL File exists
|||||| "avgrsstarter" "AVG Technologies CZ, s.r.o." D:\WINDOWS\system32\avgrsstx.dll File exists
|||||| "LBTWlgn" "Logitech, Inc." d:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll File exists
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
|||||| "mdnsNSP" "Apple Inc." D:\Programme\Bonjour\mdnsNSP.dll File exists

If You have questions or want to get some help, You can visit Online Solutions :: Index


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\D:
\\.\D: -> \\.\PhysicalDrive1 at offset 0x00000000`00007e00
Boot sector MD5 is: 5ddc20efcc4d1dab37c348c7db7289cf

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...