Trojaner-Board - Ständig neue Browserfenster und CPU-Auslastung bei 100%

Hallo,

ich habe seit ca. 1 Woche verschiedene merkwürdige Dinge auf meinem Notebook beobachtet. Zum einen öffnen sich beim Surfen selbständig Browserfenster (IE, Firefox, Opera), jeweils mit 4 Tabs - zwei nicht verfügbare URL und zweimal ein Pfad meiner Festplatte. Habe schon einiges im Forum darüber gelesen, aber die Lösungsansätze sind doch häufig verschieden, so dass ich mir nicht sicher bin, ob ich mit der gleichen Vorgehensweise gut beraten wäre.

Zudem verursacht eine cli.exe eine CPU-Auslastung von 100% und alles wird sehr langsam. Man kann den Prozess beenden, aber irgendwie wird er dann doch wieder gestartet, manchmal auch mehrfach. Ich habe den Prozess, der wohl mit der Grafikkarte zusammenhängt, bereits aus dem Autostart genommen. Trotzdem scheint er sich dann und wann selbständig zu starten.

Ich weiß nicht, ob die beiden Phänomene zusammenhängen oder nur zufällig gleichzeitig in Erscheinung traten.

Ich habe Avira laufen und die übliche XP-Firewall ist aktiv. Malwarebytes habe ich bereits benutzt. Es wird aber nichts gefunden.

Hier sind die Logfiles von Malwarebytes und HijackThis.

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.41

Datenbank Version: 2775

Windows 5.1.2600 Service Pack 3
 

07.12.2009 17:44:13

mbam-log-2009-12-07 (17-44-13).txt
 

Scan-Methode: Vollständiger Scan (C:\|)

Durchsuchte Objekte: 367772

Laufzeit: 2 hour(s), 34 minute(s), 47 second(s)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

HijackThis:

Code:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:14:20, on 07.12.2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IFXTCS.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programme\Avira\AntiVir Desktop\sched.exe

C:\Programme\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\IFXSPMGT.exe

C:\Programme\Java\jre6\bin\jqs.exe

C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\system32\mqsvc.exe

C:\WINDOWS\system32\mqtgsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programme\HPQ\IAM\bin\asghost.exe

C:\Programme\ProtectTools\Embedded Security Software\PSDrt.exe

C:\Programme\ProtectTools\Embedded Security Software\SpTna.exe

C:\Programme\HPQ\HP ProtectTools Security Manager\PTServs.exe

C:\Programme\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\AccelerometerSt.exe

C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Programme\Synaptics\SynTP\SynTPEnh.exe

C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\WINDOWS\SMINST\Scheduler.exe

C:\Programme\Hp\HP Software Update\HPWuSchd2.exe

C:\Programme\Avira\AntiVir Desktop\avgnt.exe

C:\Programme\Java\jre6\bin\jusched.exe

C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programme\Windows Media Player\WMPNSCFG.exe

C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE

C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe

C:\WINDOWS\PTV339\IRMONITOR.EXE

C:\WINDOWS\explorer.exe

C:\Programme\Opera\opera.exe

C:\Programme\Malwarebytes' Anti-Malware\mbam.exe

C:\Programme\Mozilla Firefox\firefox.exe

C:\Programme\Trend Micro\HijackThis\HijackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://www.hp.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.128.11:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: (no name) -  - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programme\real\realplayer\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll

O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\HPQ\IAM\Bin\ItIeAddIN.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe

O4 - HKLM\..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe

O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe

O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe

O4 - HKLM\..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BTTray.lnk = ?

O4 - Global Startup: DVD Check.lnk = C:\Programme\InterVideo\DVD Check\DVDCheck.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: PTV339 Remote Controller Service.lnk = ?

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Programme\SmarThru 4\WebCapture.dll2.htm

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Programme\SmarThru 4\WebCapture.dll1.htm

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Programme\SmarThru 4\WebCapture.dll.htm

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Programme\SmarThru 4\WebCapture.dll

O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe

O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Programme\SmarThru 4\WebCapture.dll (HKCU)

O14 - IERESET.INF: START_PAGE_URL=h**p://www.hp.com

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - h**p://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - h**p://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab

O16 - DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} (O2C-Player (ELECO Software GmbH)) - h**p://www.o2c.de/download/O2CPlayer.CAB

O18 - Protocol: haufereader - (no CLSID) - (no file)

O20 - Winlogon Notify: OneCard - C:\Programme\HPQ\IAM\Bin\AsWlnPkg.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate1c986cbe524f0ba) (gupdate1c986cbe524f0ba) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programme\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe

O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe

O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
 

--

End of file - 12629 bytes

Ich hoffe, da lässt sich noch was reparieren. Wäre echt toll.
Danke für eure Zeit.

Auch Combofix findet etwas merkwürdig an der iaStor.sys

Kann die Datei hier nicht uploaden, sie ist gepackt 170 kB groß.

Combofix-Log:

Code:

ComboFix 09-12-07.07 - gogoli 08.12.2009 11:45.1.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2047.1591 [GMT 1:00]

ausgeführt von:: c:\dokumente und einstellungen\gogoli\Desktop\ComboFix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8587ADDC-FFA4-00EF-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8596FBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {8598185C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {859F9DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85A2E9CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {85B16054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000246-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {846DFC84-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84BFA3E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84C2A1AC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84C72BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84C8BDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84DB8054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84E31DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84F065CC-FFA4-00EF-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84F58054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84F5FBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84F7C054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {84FF8054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85012054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85022BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850232F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850584C4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8505FC44-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8507BDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85082054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8509B054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8509CC44-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8509D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850AA83C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850B4DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850C5BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850C762C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850E9DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {850FF054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85105054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {851305CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85149054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85158054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85167054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8516D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {851B8054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {855E5BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85611DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8562FBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85644BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85655A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8565B984-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8565CA1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8566CDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85680054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85688BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8568F054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856A26DC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856AACA4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856D3A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856DB984-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856DBDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856F3054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856F4054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856F54B4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856FBBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856FDBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {856FEBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8570DDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8570F60C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85712BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8571F054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8572FBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8573CBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85743DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85745A64-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85756054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85761054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8576931C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8576E054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8577493C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85775054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85778054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8577B054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8577C054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85785DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8578D4F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85796A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857B0054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857C3054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857CAC04-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857D0054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857D4054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857D6054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857DF054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857E283C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857EE054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857F04B4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {857F9054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8581A054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8581F8CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85827054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85833054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85833A44-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8585D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8585F054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85867DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8587145C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85877C44-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8587C054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85883A64-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85887DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8588F054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8588FDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8589B42C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858A3054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858A7DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858BD39C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858BEC0C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858BFB64-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858C5054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858CBDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858DC054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858DC9B4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858E042C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858E3054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858E65DC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858E7054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858EA6C4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858EE5DC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {858FDBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8590EA34-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8590F4E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8591BDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8591F5CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85924054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85926C44-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85929DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8592CDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8592DB64-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8592E054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859304E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85938DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85939DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8593ABB4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8593BDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85954054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8595A85C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8595CDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85963054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85967BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8596D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85973A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85981054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859826C4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85982B54-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85983054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85989BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {8599F85C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859A44E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859A5054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859A6054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859A72D4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859AEDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859B2DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859B4A3C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859B75F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859B7A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859C6054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859C757C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859C9054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859CA054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859D1054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859D4054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859D749C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859DB054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859DE244-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859E35CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859EBDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859F2DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {859F7DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A015F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A0C5E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A0D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A0E5CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A14054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A21494-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A2D054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A3B054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A51054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A5ADDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85A65054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85ADA054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85AF86F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85AFFDDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B00054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B2CBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B2F694-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B33054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B3DBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B3E85C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B50BD4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B51C24-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B5ADDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B5C41C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B6997C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B76B64-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B78C6C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B7DBFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B89624-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B8A2CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B8B054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B8D2E4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85B95DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85BAEA1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85BD4A1C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85BEA3CC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85BF9984-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C063D4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C1484C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C50BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C59054-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85C7E9BC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D063EC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D16864-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D1DC04-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D38DDC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D48BFC-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D4B85C-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85D554F4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {85DAEBD4-FFA4-00DE-0D24-347CA8A3377C}

AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {BADB0D00-FFA4-00DE-0D24-347CA8A3377C}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programme\ATI Technologies\ATI.ACE\atIAcmxx.dll

c:\recycler\S-1-5-21-1669474771-150296836-539975905-500

c:\recycler\S-1-5-21-842925246-515967899-839522115-500

c:\windows\system32\Drivers\wfpliz.sys

c:\windows\system32\O2CPlayer.OCX

c:\windows\system32\twain_32.dll

E:\Autorun.inf
 

c:\windows\system32\DRIVERS\iaStor.sys . . . ist infiziert!!
 

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.
 

-------\Legacy_SYSREST.SYS

-------\Legacy_TDSSSERV
 
 

(((((((((((((((((((((((   Dateien erstellt von 2009-11-08 bis 2009-12-08  ))))))))))))))))))))))))))))))

.
 

2009-12-07 19:03 . 2009-12-07 19:03        --------        d-----w-        c:\windows\system32\wbem\Repository

2009-12-07 19:03 . 2009-12-07 19:03        --------        d-----w-        c:\programme\Zattoo

2009-12-07 13:53 . 2009-12-07 18:46        --------        d-----w-        C:\rsit

2009-12-06 14:10 . 2009-12-06 14:17        --------        d-----w-        c:\programme\Windows Live Safety Center

2009-12-04 10:20 . 2009-12-04 10:20        --------        d-----w-        c:\programme\CCleaner

2009-12-02 18:40 . 2009-12-03 21:10        --------        d-----w-        c:\programme\Navilog1

2009-12-02 15:15 . 2009-12-02 15:15        --------        d-----w-        c:\programme\Panda Security

2009-12-02 12:51 . 2009-12-03 21:10        --------        d-----w-        c:\programme\Spybot - Search & Destroy

2009-12-02 12:51 . 2009-12-03 21:10        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy

2009-12-01 19:57 . 2009-12-01 19:57        --------        d-----w-        C:\~$PVRTmp0$(2)

2009-12-01 17:59 . 2009-12-01 17:59        --------        d-----w-        c:\dokumente und einstellungen\NetworkService\IETldCache

2009-11-10 18:42 . 2009-12-03 21:12        --------        d-----w-        C:\NexusFont
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-08 09:05 . 2009-03-20 08:58        56816        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2009-12-08 07:56 . 2006-12-15 21:47        --------        d-----w-        c:\programme\Mozilla Thunderbird

2009-12-04 14:16 . 2006-12-13 18:39        --------        d-----w-        c:\programme\Yahoo!

2009-12-04 13:37 . 2006-12-13 13:13        --------        d-----w-        c:\programme\Google

2009-12-04 00:20 . 2007-08-08 11:03        --------        d-----w-        c:\programme\Opera

2009-12-04 00:11 . 2006-12-27 09:29        62000        ----a-w-        c:\dokumente und einstellungen\gogoli\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

2009-12-02 19:27 . 2006-12-13 21:58        --------        d-----w-        c:\programme\Java

2009-11-05 15:27 . 2006-12-21 09:37        --------        d-----w-        c:\dokumente und einstellungen\gogoli\Anwendungsdaten\WordToPDF

2009-11-04 08:29 . 2009-11-04 08:29        --------        d-----w-        c:\dokumente und einstellungen\gogoli\Anwendungsdaten\SmarThru4

2009-11-04 08:29 . 2009-11-04 08:27        --------        d-----w-        c:\programme\SmarThru 4

2009-11-04 08:28 . 2009-11-04 08:28        --------        d-----w-        c:\programme\Gemeinsame Dateien\SRC Shared

2009-11-04 08:28 . 2009-11-02 19:02        --------        d-----w-        c:\programme\Readiris10

2009-11-04 08:24 . 2009-11-04 08:24        --------        d-----w-        c:\programme\Samsung

2009-11-02 19:03 . 2006-12-13 21:58        --------        d--h--w-        c:\programme\InstallShield Installation Information

2009-10-28 10:34 . 2006-12-27 00:43        --------        d-----w-        c:\programme\DivX

2009-10-28 10:33 . 2009-10-28 10:33        --------        d-----w-        c:\programme\Gemeinsame Dateien\DivX Shared

2009-10-27 00:09 . 2004-08-07 06:04        87898        ----a-w-        c:\windows\system32\perfc007.dat

2009-10-27 00:09 . 2004-08-07 06:04        471824        ----a-w-        c:\windows\system32\perfh007.dat

2009-10-26 23:47 . 2008-08-26 14:10        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware

2009-10-22 14:01 . 2009-10-22 14:01        --------        d-----w-        c:\programme\WMVJoiner

2009-10-20 13:45 . 2007-10-15 19:05        1734        --sha-w-        c:\windows\system32\KGyGaAvL.sys

2009-09-29 07:29 . 2009-09-06 06:58        177024        ----a-w-        c:\dokumente und einstellungen\gogoli\Anwendungsdaten\Mozilla\Firefox\Profiles\vdihw474.default\FlashGot.exe

2009-09-25 16:41 . 2009-09-25 16:41        90112        ----a-w-        c:\windows\system32\dpl100.dll

2009-09-25 16:41 . 2009-09-25 16:41        856064        ----a-w-        c:\windows\system32\divx_xx0c.dll

2009-09-25 16:41 . 2009-09-25 16:41        856064        ----a-w-        c:\windows\system32\divx_xx07.dll

2009-09-25 16:41 . 2009-09-25 16:41        847872        ----a-w-        c:\windows\system32\divx_xx0a.dll

2009-09-25 16:41 . 2009-09-25 16:41        843776        ----a-w-        c:\windows\system32\divx_xx16.dll

2009-09-25 16:41 . 2009-09-25 16:41        839680        ----a-w-        c:\windows\system32\divx_xx11.dll

2009-09-25 16:41 . 2009-09-25 16:41        696320        ----a-w-        c:\windows\system32\DivX.dll

2009-09-11 14:17 . 2004-08-04 08:00        136192        ----a-w-        c:\windows\system32\msv1_0.dll

2009-09-10 13:54 . 2008-08-26 14:10        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 13:53 . 2008-08-26 14:10        19160        ----a-w-        c:\windows\system32\drivers\mbam.sys

2009-02-16 10:53 . 2009-02-15 09:27        620        ----a-w-        c:\programme\tmcalls.log

2007-11-15 12:10 . 2007-11-15 12:10        703        ----a-w-        c:\programme\Password-Finder.lnk

2009-09-25 16:41 . 2009-09-25 16:41        1044480        ----a-w-        c:\programme\mozilla firefox\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41        200704        ----a-w-        c:\programme\mozilla firefox\plugins\ssldivx.dll

2009-09-25 16:41 . 2009-09-25 16:41        1044480        ----a-w-        c:\programme\opera\program\plugins\libdivx.dll

2009-09-25 16:41 . 2009-09-25 16:41        200704        ----a-w-        c:\programme\opera\program\plugins\ssldivx.dll

2006-12-15 19:54 . 2006-12-15 19:54        56        --sha-w-        c:\windows\SMINST\hpboot.sys

2007-10-15 22:39 . 2007-10-15 19:05        88        --sh--r-        c:\windows\system32\678FB86488.sys

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]

"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]

"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2006-01-16 53248]

"PTHOSTTR"="c:\programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]

"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 761948]

"hpWirelessAssistant"="c:\programme\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]

"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]

"QlbCtrl"="c:\programme\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-07 131072]

"Cpqset"="c:\programme\HPQ\Default Settings\cpqset.exe" [2006-02-22 40960]

"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]

"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]

"WatchDog"="c:\programme\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]

"HP Software Update"="c:\programme\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]

"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2008-11-04 413696]

"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2009-09-10 198160]

"Malwarebytes Anti-Malware (reboot)"="c:\programme\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-21 536576]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Adobe Reader - Schnellstart.lnk - c:\programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2006-2-15 581693]

DVD Check.lnk - c:\programme\InterVideo\DVD Check\DVDCheck.exe [2006-12-13 184320]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]

PTV339 Remote Controller Service.lnk - c:\windows\PTV339\IRMONITOR.EXE [2008-1-17 245760]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IfxWlxEN]

2005-08-19 13:52        389120        ----a-w-        c:\windows\system32\IfxWlxEN.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]

2005-07-25 18:41        40960        ----a-w-        c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Lexware Info Service.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Lexware Info Service.lnk

backup=c:\windows\pss\Lexware Info Service.lnkCommon Startup
 

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MediaTV Monitor.lnk]

path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\MediaTV Monitor.lnk

backup=c:\windows\pss\MediaTV Monitor.lnkCommon Startup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4500w Scan2PC]

2008-01-08 02:07        491520        ----a-r-        c:\windows\twain_32\Samsung\SCX4500W\Scan2Pc.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

2008-04-01 11:21        61440        ----a-r-        c:\programme\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 06:58        611712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

2005-08-12 12:43        45056        ----a-w-        c:\programme\ATI Technologies\ATI.ACE\CLI.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2008-11-20 12:20        290088        ----a-w-        c:\programme\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]

2008-12-03 11:47        1205760        ----a-w-        c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"LightScribeService"=2 (0x2)

"iPod Service"=3 (0x3)

"ICQ Service"=2 (0x2)

"HRService"=3 (0x3)

"Apple Mobile Device"=2 (0x2)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\mqsvc.exe"=

"c:\\WINDOWS\\SMINST\\Scheduler.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"c:\\Programme\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=

"c:\\Programme\\Bonjour\\mDNSResponder.exe"=

"c:\\Programme\\Haufe\\iDesk\\iDeskService\\pythonw.exe"=

"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=

"c:\\Programme\\MSN Messenger\\livecall.exe"=

"c:\\Programme\\iTunes\\iTunes.exe"=

"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Programme\\ICQ6.5\\ICQ.exe"=

"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Programme\\Java\\jre6\\bin\\java.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Sscan2io.exe"=

"c:\\WINDOWS\\twain_32\\Samsung\\SCX4500W\\Scan2Pc.exe"=

"c:\\Programme\\Opera\\opera.exe"=
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:TCP"= 5353:TCP:Adobe CSI CS4
 

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [25.10.2005 19:10 35488]

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [20.03.2009 09:58 108289]

R2 ASChannel;Lokaler Verbindungskanal;c:\windows\System32\svchost.exe -k Cognizance [04.08.2004 09:00 14336]

R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [23.05.2006 22:56 87936]

R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [10.06.2005 14:26 35968]

S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [24.09.2007 10:44 515803]

S2 gupdate1c986cbe524f0ba;Google Update Service (gupdate1c986cbe524f0ba);c:\programme\Google\Update\GoogleUpdate.exe [04.02.2009 14:24 133104]

S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [16.12.2006 09:10 223232]

S3 PTV339;Mini DualTV USB;c:\windows\system32\drivers\PTV339.SYS [20.07.2007 14:54 289664]

S4 HRService;Haufe iDesk-Service in c:\programme\Haufe\iDesk\iDeskService\Zope;c:\programme\Haufe\iDesk\iDeskService\ideskservice.exe [23.10.2006 02:39 71072]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Cognizance        REG_MULTI_SZ           ASChannel

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/

uInternet Settings,ProxyServer = 165.228.128.11:80

uInternet Settings,ProxyOverride = *.local

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: SmarThru4 Capture Selection - c:\programme\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Save as HTML - c:\programme\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\programme\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\programme\SmarThru 4\WebCapture.dll

DPF: {B1953AD6-C50E-11D3-B020-00A0C9251384} - hxxp://www.o2c.de/download/O2CPlayer.CAB

FF - ProfilePath - c:\dokumente und einstellungen\gogoli\Anwendungsdaten\Mozilla\Firefox\Profiles\vdihw474.default\

FF - prefs.js: browser.search.selectedEngine - DasÃ–rtliche

FF - prefs.js: browser.startup.homepage - hxxp://www.psd-tutorials.de/ | http://digitalesdresden.de/web/

FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=

FF - component: c:\dokumente und einstellungen\gogoli\Anwendungsdaten\Mozilla\Firefox\Profiles\vdihw474.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - component: c:\programme\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll

FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\programme\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programme\Mozilla Firefox\plugins\npdevalvr_.dll

FF - plugin: c:\programme\Opera\program\plugins\npdivx32.dll

FF - plugin: c:\programme\Virtual Earth 3D\npVE3D.dll
 

---- FIREFOX Richtlinien ----

FF - user.js: yahoo.homepage.dontask - truec:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-Corel Reminder - (no file)

AddRemove-Adobe SVG Viewer - c:\programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fc:\programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AddRemove-HaufeReader - c:\windows\IsUn0407.exe -fc:\programme\Haufe\HaufeReader\HaufeReader.isu

AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe -fc:\windows\orun32.isu

AddRemove-TAX_06 - c:\windows\IsUn0407.exe -fc:\programme\LEXWARE\TAXMAN2006\TAX_06\TAX_06.isu

AddRemove-Xaldon WebSpider 2 - c:\windows\unin0407.exe -fc:\programme\Xaldon\WebSpider 2\DeIsL1.isu  -cc:\programme\Xaldon\WebSpider 2\_ISREG32.DLL

AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\programme\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-08 12:36

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  Cpqset = c:\programme\HPQ\Default Settings\cpqset.exe?????????? ???@???????????????@??????|??????(?@???????@ 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
 

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys >>UNKNOWN [0x8A8C0E07]<< 

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebf28

\Driver\ACPI -> ACPI.sys @ 0xf735dcb8

\Driver\atapi -> atapi.sys @ 0xf72d1852

\Driver\iaStor -> iaStor.sys @ 0xf7207b58

IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8

NDIS: Intel(R) PRO/Wireless 3945ABG Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf70debb0

 PacketIndicateHandler -> NDIS.sys @ 0xf70eba21

 SendHandler -> NDIS.sys @ 0xf70c987b

user & kernel MBR OK 
 

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{90C9B227-00E9-ED2B-D8335C00663422E2}\{BA143829-6513-6AB3-17B76E63BBBF825B}\{B7811D8F-B091-6828-D848878685722533}*]

"LBML3FZBDBDV3BUIEQZJ1CU1HB1"=hex:01,00,01,00,00,00,00,00,46,4e,90,ef,91,22,f2,

   65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AB53ABC9-60C7-8B2C-A2AB126EB1F03A59}\{6511FF0A-0202-CA71-9BBA47A5377501DE}\{CE12CB05-B8C7-0E6B-6DC342F04A20B600}*]

"LBML3FZBDBDV3BUIEQZJ1CU1HB1"=hex:01,00,01,00,00,00,00,00,46,4e,90,ef,91,22,f2,

   65,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'winlogon.exe'(912)

c:\windows\system32\Ati2evxx.dll

c:\programme\HPQ\IAM\Bin\AsWlnPkg.dll

c:\programme\HPQ\IAM\Bin\ASChnl.dll

c:\programme\HPQ\IAM\Bin\ItMsg.dll

c:\windows\system32\IfxWlxEN.dll
 

- - - - - - - > 'explorer.exe'(2532)

c:\programme\HPQ\IAM\Bin\SFSShell.dll

c:\programme\HPQ\IAM\bin\ItMsg.dll

c:\programme\HPQ\IAM\bin\1031\SFSShell.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL

c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr

c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\programme\Gemeinsame Dateien\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\IFXTCS.exe

c:\windows\system32\DllHost.exe

c:\windows\System32\SCardSvr.exe

c:\windows\system32\msdtc.exe

c:\programme\Avira\AntiVir Desktop\avguard.exe

c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\windows\system32\IFXSPMGT.exe

c:\programme\Java\jre6\bin\jqs.exe

c:\programme\ProtectTools\Embedded Security Software\PSDsrvc.EXE

c:\programme\Hewlett-Packard\Shared\hpqwmiex.exe

c:\windows\system32\mqsvc.exe

c:\programme\Windows Media Player\WMPNetwk.exe

c:\windows\system32\mqtgsvc.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\wscntfy.exe

c:\programme\HPQ\IAM\bin\asghost.exe

c:\programme\ProtectTools\Embedded Security Software\PSDrt.exe

c:\programme\ProtectTools\Embedded Security Software\SpTna.exe

c:\progra~1\HPQ\Shared\HPQTOA~1.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2009-12-08 12:49 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2009-12-08 11:49
 

Vor Suchlauf: 17 Verzeichnis(se), 18.367.807.488 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 18.723.643.392 Bytes frei
 

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
 

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - CE86AC4ED9C6436B56C2B48CD9688FAE