Trojaner-Board - TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung (https://www.trojaner-board.de/90198-tr-banker-multibanker-vt-tr-dropper-gen-malwarebytes-auswertung.html)

TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung

Combofix Logfile:

Code:

ComboFix 10-08-29.04 - HP_Besitzer 31.08.2010 18:53:38.3.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.118 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

 

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AcroIEHelpe019.dll

c:\windows\system32\UAs

c:\windows\system32\UAs\firefox.exe_UAs001.dat

c:\windows\system32\UAs\java.exe_UAs001.dat

D:\Autorun.inf

 

.

((((((((((((((((((((((( Dateien erstellt von 2010-07-28 bis 2010-08-31 ))))))))))))))))))))))))))))))

.

 

2010-08-30 20:59 . 2010-08-30 21:31    --------    d-----w-    C:\Combo-Fix

2010-08-29 18:11 . 2010-08-29 18:11    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes

2010-08-29 18:10 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-29 18:10 . 2010-08-29 18:10    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-08-29 18:10 . 2010-08-29 19:47    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware

2010-08-29 18:10 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys

2010-08-22 16:26 . 2010-08-22 16:26    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help

2010-08-22 16:11 . 2010-08-22 16:11    799    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll

2010-08-22 15:06 . 2010-08-22 15:06    --------    d-----w-    c:\programme\Unlocker

2010-08-21 12:36 . 2010-08-22 14:19    --------    d-----w-    c:\programme\iKnowPS

2010-08-19 13:56 . 2010-08-19 13:56    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters

2010-08-19 13:55 . 2010-08-19 13:55    --------    d-----w-    c:\programme\Fighters

 

.

 

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-30 17:01 . 2010-07-02 18:31    217    ----a-w-    c:\windows\system32\urhtps.dat

2010-08-29 15:23 . 2006-11-19 11:48    --------    d-----w-    c:\programme\PokerStars

2010-08-29 14:52 . 2010-06-06 17:46    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue

2010-08-29 14:52 . 2010-06-06 17:46    --------    d-----w-    c:\programme\Uniblue

2010-08-29 14:39 . 2010-08-22 16:11    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan

2010-08-27 18:26 . 2006-05-06 15:53    --------    d-----w-    c:\programme\Mozilla Thunderbird

2010-08-22 16:26 . 2010-08-22 16:11    --------    d-----w-    c:\programme\Security Task Manager

2010-08-22 16:11 . 2010-08-22 16:11    57    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll

2010-08-22 16:11 . 2010-08-22 16:11    116    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll

2010-08-22 16:11 . 2010-08-22 16:11    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll

2010-08-22 16:11 . 2010-08-22 16:11    6205    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll

2010-08-22 16:11 . 2010-08-22 16:11    699    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll

2010-08-22 16:11 . 2010-08-22 16:11    55    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll

2010-08-22 16:11 . 2010-08-22 16:11    3356    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll

2010-08-22 16:11 . 2010-08-22 16:11    210    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll

2010-08-22 16:11 . 2010-08-22 16:11    2056    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll

2010-08-22 16:11 . 2010-08-22 16:11    1055    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll

2010-08-22 16:11 . 2010-08-22 16:11    58    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll

2010-08-22 16:11 . 2010-08-22 16:11    833    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll

2010-08-18 13:06 . 2004-11-02 18:10    64650    ----a-w-    c:\windows\system32\perfc007.dat

2010-08-18 13:06 . 2004-11-02 18:10    392842    ----a-w-    c:\windows\system32\perfh007.dat

2010-08-17 15:54 . 2009-04-18 15:46    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW

2010-07-01 20:12 . 2010-07-01 20:12    112    ----a-w-    c:\windows\system32\srvblck2.tmp

2010-06-30 12:28 . 2004-08-04 04:00    149504    ----a-w-    c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-04 04:00    916480    ----a-w-    c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 04:00    1852032    ------w-    c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 04:00    354304    ------w-    c:\windows\system32\drivers\srv.sys

2010-06-18 20:07 . 2009-02-07 13:34    160    ----a-w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

2010-06-17 14:03 . 2004-08-04 04:00    80384    ------w-    c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 04:00    744448    ------w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 04:00    1172480    ----a-w-    c:\windows\system32\msxml3.dll

2008-12-09 15:23 . 2008-12-09 15:23    47616    --sh--r-    c:\windows\system32\appconf32.exe

.

 

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]

"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632]

Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680]

HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

 

R2 Automatisches LiveUpdate - Scheduler;Automatisches LiveUpdate - Scheduler;c:\programme\Symantec\LiveUpdate\AluSchedulerSvc.exe [07.02.2009 16:33 100032]

S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232]

.

 

.

------- Zusätzlicher Suchlauf -------

.

IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html

IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-08-31 19:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Scanne versteckte Prozesse... 

 

Scanne versteckte Autostarteinträge... 

 

Scanne versteckte Dateien... 

 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Data]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NET CLR Networking]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\.NETFramework]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Abiosdsk]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\abp480n5]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPI]

"ImagePath"="system32\DRIVERS\ACPI.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ACPIEC]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\adpu160m]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aec]

"ImagePath"="system32\drivers\aec.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AFD]

"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Aha154x]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78u2]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aic78xx]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALCXWDM]

"ImagePath"="system32\drivers\ALCXWDM.SYS"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Alerter]

"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ALG]

"ImagePath"="%SystemRoot%\System32\alg.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AliIde]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AmdK8]

"ImagePath"="system32\DRIVERS\AmdK8.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\amsint]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirScheduler]

"ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\sched.exe\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AntiVirService]

"ImagePath"="\"c:\programme\Avira\AntiVir PersonalEdition Classic\avguard.exe\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AppMgmt]

"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Arp1394]

"ImagePath"="system32\DRIVERS\arp1394.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3350p]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\asc3550]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ASP.NET_1.1.4322]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aspnet_state]

"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AsyncMac]

"ImagePath"="system32\DRIVERS\asyncmac.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\atapi]

"ImagePath"="system32\DRIVERS\atapi.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atdisk]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ati HotKey Poller]

"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ati2mtag]

"ImagePath"="system32\DRIVERS\ati2mtag.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atierecord]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Atmarpc]

"ImagePath"="system32\DRIVERS\atmarpc.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AudioSrv]

"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\audstub]

"ImagePath"="system32\DRIVERS\audstub.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Automatisches LiveUpdate - Scheduler]

"ImagePath"="\"c:\programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AvgArCln]

"ImagePath"="System32\DRIVERS\AvgArCln.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgio]

"ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgio.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avgntflt]

"ImagePath"="\??\c:\programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\avipbb]

"ImagePath"="system32\DRIVERS\avipbb.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BattC]

"MofImagePath"="System32\Drivers\battc.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Beep]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\BITS]

"ServiceDll"="%systemroot%\system32\qmgr.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Browser]

"ServiceDll"="%SystemRoot%\System32\browser.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme]

"ImagePath"="\??\c:\dokume~1\HP_BES~1.NAM\LOKALE~1\Temp\catchme.sys

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cbidf2k]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\cd20xrnt]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdaudio]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdfs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cdrom]

"ImagePath"="system32\DRIVERS\cdrom.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Changer]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CiSvc]

"ImagePath"="%SystemRoot%\system32\cisvc.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ClipSrv]

"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CmdIde]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\COMSysApp]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentFilter]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ContentIndex]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Cpqarray]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\CryptSvc]

"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac2w2k]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dac960nt]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DcomLaunch]

"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dhcp]

"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Disk]

"ImagePath"="system32\DRIVERS\disk.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmadmin]

"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmboot]

"ImagePath"="System32\drivers\dmboot.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmio]

"ImagePath"="System32\drivers\dmio.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmload]

"ImagePath"="System32\drivers\dmload.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dmserver]

"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DMusic]

"ImagePath"="system32\drivers\DMusic.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dnscache]

"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Dot3svc]

"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dpti2o]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\drmkaud]

"ImagePath"="system32\drivers\drmkaud.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EapHost]

"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ERSvc]

"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Eventlog]

"ImagePath"="%SystemRoot%\system32\services.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EventSystem]

"ServiceDll"="c:\windows\system32\es.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fastfat]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FastUserSwitchingCompatibility]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fax]

"ImagePath"="%systemroot%\system32\fxssvc.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fdc]

"ImagePath"="system32\DRIVERS\fdc.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fips]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Flpydisk]

"ImagePath"="system32\DRIVERS\flpydisk.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FltMgr]

"ImagePath"="system32\drivers\fltmgr.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Fs_Rec]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ftdisk]

"ImagePath"="system32\DRIVERS\ftdisk.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Gpc]

"ImagePath"="system32\DRIVERS\msgpc.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\helpsvc]

"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HidServ]

"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hidusb]

"ImagePath"="system32\DRIVERS\hidusb.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hkmsvc]

"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\hpn]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTP]

"ImagePath"="System32\Drivers\HTTP.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\HTTPFilter]

"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omgmt]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i2omp]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\i8042prt]

"ImagePath"="system32\DRIVERS\i8042prt.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IDriverT]

"ImagePath"="\"c:\programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Imapi]

"ImagePath"="system32\DRIVERS\imapi.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ImapiService]

"ImagePath"="%systemroot%\system32\imapi.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\inetaccs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ini910u]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Inport]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IntelIde]

"ImagePath"="system32\DRIVERS\intelide.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\intelppm]

"ImagePath"="system32\DRIVERS\intelppm.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ip6Fw]

"ImagePath"="system32\drivers\ip6fw.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpFilterDriver]

"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpInIp]

"ImagePath"="system32\DRIVERS\ipinip.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IpNat]

"ImagePath"="system32\DRIVERS\ipnat.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IPSec]

"ImagePath"="system32\DRIVERS\ipsec.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\IRENUM]

"ImagePath"="system32\DRIVERS\irenum.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ISAPISearch]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\isapnp]

"ImagePath"="system32\DRIVERS\isapnp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\JavaQuickStarterService]

"ImagePath"="\"c:\programme\Java\jre6\bin\jqs.exe\" -service -config \"c:\programme\Java\jre6\lib\deploy\jqs\jqs.conf\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Kbdclass]

"ImagePath"="system32\DRIVERS\kbdclass.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kbdhid]

"ImagePath"="system32\DRIVERS\kbdhid.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\kmixer]

"ImagePath"="system32\drivers\kmixer.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\KSecDD]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanserver]

"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lanmanworkstation]

"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\lbrtfdc]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ldap]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LicenseService]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate]

"ImagePath"="\"c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LiveUpdate Notice Service]

"ImagePath"="\"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /m \"c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\LmHosts]

"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Messenger]

"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmdd]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mnmsrvc]

"ImagePath"="c:\windows\system32\mnmsrvc.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Modem]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mouclass]

"ImagePath"="system32\DRIVERS\mouclass.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mouhid]

"ImagePath"="system32\DRIVERS\mouhid.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MountMgr]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mraid35x]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxDAV]

"ImagePath"="system32\DRIVERS\mrxdav.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MRxSmb]

"ImagePath"="system32\DRIVERS\mrxsmb.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Msfs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSIServer]

"ImagePath"="%systemroot%\system32\msiexec.exe /V"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSKSSRV]

"ImagePath"="system32\drivers\MSKSSRV.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPCLOCK]

"ImagePath"="system32\drivers\MSPCLOCK.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MSPQM]

"ImagePath"="system32\drivers\MSPQM.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mssmbios]

"ImagePath"="system32\DRIVERS\mssmbios.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Mup]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\napagent]

"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDIS]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisTapi]

"ImagePath"="system32\DRIVERS\ndistapi.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ndisuio]

"ImagePath"="system32\DRIVERS\ndisuio.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NdisWan]

"ImagePath"="system32\DRIVERS\ndiswan.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NDProxy]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBIOS]

"ImagePath"="system32\DRIVERS\netbios.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetBT]

"ImagePath"="system32\DRIVERS\netbt.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDE]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NetDDEdsdm]

"ImagePath"="%SystemRoot%\system32\netdde.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netlogon]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Netman]

"ServiceDll"="%SystemRoot%\System32\netman.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIC1394]

"ImagePath"="system32\DRIVERS\nic1394.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Nla]

"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Npfs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ntfs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtLmSsp]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NtmsSvc]

"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Null]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFlt]

"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NwlnkFwd]

"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ohci1394]

"ImagePath"="system32\DRIVERS\ohci1394.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Parport]

"ImagePath"="system32\DRIVERS\parport.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PartMgr]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ParVdm]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCI]

"ImagePath"="system32\DRIVERS\pci.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIDump]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCIIde]

"ImagePath"="system32\DRIVERS\pciide.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pcmcia]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDCOMP]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDFRAME]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRELI]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PDRFRAME]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\perc2hib]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfDisk]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfNet]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfOS]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PerfProc]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PlugPlay]

"ImagePath"="%SystemRoot%\system32\services.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Pml Driver HPZ12]

"ImagePath"="c:\windows\system32\HPZipm12.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PolicyAgent]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PptpMiniport]

"ImagePath"="system32\DRIVERS\raspptp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Processor]

"ImagePath"="system32\DRIVERS\processr.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ProtectedStorage]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ps2]

"ImagePath"="system32\DRIVERS\PS2.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PSched]

"ImagePath"="system32\DRIVERS\psched.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ptilink]

"ImagePath"="system32\DRIVERS\ptilink.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PxHelp20]

"ImagePath"="System32\Drivers\PxHelp20.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1080]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Ql10wnt]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql12160]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1240]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ql1280]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAcd]

"ImagePath"="system32\DRIVERS\rasacd.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasAuto]

"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rasl2tp]

"ImagePath"="system32\DRIVERS\rasl2tp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasMan]

"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RasPppoe]

"ImagePath"="system32\DRIVERS\raspppoe.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Raspti]

"ImagePath"="system32\DRIVERS\raspti.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Rdbss]

"ImagePath"="system32\DRIVERS\rdbss.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPCDD]

"ImagePath"="System32\DRIVERS\RDPCDD.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPDD]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPNP]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDPWD]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RDSessMgr]

"ImagePath"="c:\windows\system32\sessmgr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\redbook]

"ImagePath"="system32\DRIVERS\redbook.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RemoteAccess]

"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcLocator]

"ImagePath"="%SystemRoot%\system32\locator.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RpcSs]

"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RSVP]

"ImagePath"="%SystemRoot%\system32\rsvp.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\RTL8023xp]

"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rtl8139]

"ImagePath"="system32\DRIVERS\RTL8139.SYS"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SamSs]

"ImagePath"="%SystemRoot%\system32\lsass.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SCardSvr]

"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Schedule]

"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ScsiPort]

"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SE4501D]

"ImagePath"="system32\DRIVERS\SE4501D.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Secdrv]

"ImagePath"="system32\DRIVERS\secdrv.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\seclogon]

"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SENS]

"ServiceDll"="%SystemRoot%\system32\sens.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\serenum]

"ImagePath"="system32\DRIVERS\serenum.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Serial]

"ImagePath"="system32\DRIVERS\serial.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sfloppy]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SharedAccess]

"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ShellHWDetection]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Simbad]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Sparrow]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\splitter]

"ImagePath"="system32\drivers\splitter.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Spooler]

"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sr]

"ImagePath"="system32\DRIVERS\sr.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\srservice]

"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Srv]

"ImagePath"="system32\DRIVERS\srv.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SSDPSRV]

"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ssmdrv]

"ImagePath"="system32\DRIVERS\ssmdrv.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\stisvc]

"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swenum]

"ImagePath"="system32\DRIVERS\swenum.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swmidi]

"ImagePath"="system32\drivers\swmidi.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SwPrv]

"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{49ECC87E-722F-4CFD-ADDA-0BC30D854B7D}"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\swwd]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc810]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\symc8xx]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_hi]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sym_u3]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\sysaudio]

"ImagePath"="system32\drivers\sysaudio.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SysmonLog]

"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TapiSrv]

"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip]

"ImagePath"="system32\DRIVERS\tcpip.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDPIPE]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDTCP]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermDD]

"ImagePath"="system32\DRIVERS\termdd.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TermService]

"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Themes]

"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TlntSvr]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TosIde]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TrkWks]

"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TSDDD]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Udfs]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ultra]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Update]

"ImagePath"="system32\DRIVERS\update.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\upnphost]

"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UPS]

"ImagePath"="%SystemRoot%\System32\ups.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usb]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbccgp]

"ImagePath"="system32\DRIVERS\usbccgp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbehci]

"ImagePath"="system32\DRIVERS\usbehci.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbhub]

"ImagePath"="system32\DRIVERS\usbhub.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbohci]

"ImagePath"="system32\DRIVERS\usbohci.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbstor]

"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\usbuhci]

"ImagePath"="system32\DRIVERS\usbuhci.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VgaSave]

"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ViaIde]

"ImagePath"="system32\DRIVERS\viaide.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VolSnap]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\VSS]

"ImagePath"="%SystemRoot%\System32\vssvc.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\W3SVC]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wanarp]

"ImagePath"="system32\DRIVERS\wanarp.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WDICA]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wdmaud]

"ImagePath"="system32\drivers\wdmaud.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Winsock]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinSock2]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WinTrust]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmdmPmSN]

"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Wmi]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApRpl]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WmiApSrv]

"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WMPNetworkSvc]

"ImagePath"="\"c:\programme\Windows Media Player\WMPNetwk.exe\""

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WS2IFSL]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\wuauserv]

"ServiceDll"="c:\windows\system32\wuauserv.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfPf]

"ImagePath"="system32\DRIVERS\WudfPf.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfRd]

"ImagePath"="system32\DRIVERS\wudfrd.sys"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WudfSvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\WZCSVC]

"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\xmlprov]

"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{5BDFA431-22ED-4E47-BF65-951D1CF79944}]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{7EA1D9EA-25EB-4E5E-B554-E4B089DE3C32}]

 

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{91C349D8-C3BC-4331-BE67-B82CCBE94DE2}]

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

 

- - - - - - - > 'winlogon.exe'(656)

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2010-08-31 19:09:28

ComboFix-quarantined-files.txt 2010-08-31 17:09

 

Vor Suchlauf: 9 Verzeichnis(se), 133.596.569.600 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 133.718.683.648 Bytes frei

 

- - End Of File - - AF991E549B4A1D528AD1DA4A501186E1

--- --- ---

Antwort folgt morgen :)

Schritt 1

Combofix mit Skript laufen lassen

Denke daran, während des Laufs von Combofix Dein Antiviren-Programm temporär abzustellen.
Danach wieder anstellen nicht vergessen!
Wichtig: Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.

Anwendung

Öffne notepad (Start => Ausführen => notepad (reinschreiben) => ok) oder einen Editor Deiner Wahl und kopiere alles aus der nachfolgenden Codebox in ein leeres Dokument:

Code:

File:: c:\windows\system32\urhtps.dat c:\windows\system32\appconf32.exe Registry:: [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{5BDFA431-22ED-4E47-BF65-951D1CF79944}] [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{74037B92-63E7-40CD-96A6-F0EF1D14DABA}] [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{7EA1D9EA-25EB-4E5E-B554-E4B089DE3C32}] [-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{91C349D8-C3BC-4331-BE67-B82CCBE94DE2}]
Speichere dies als CFScript.txt auf Deinem Desktop. Achte darauf, dass bei Dateityp "All types" aktiv ist.
.
http://i94.photobucket.com/albums/l8...Script_ani.gif
.
In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt.
Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
Bitte füge es hier als Antwort ein.

Hinweis für Mitleser: Obiges Combofix-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Schritt 2

Wie läufts? Noch Meldungen?

TR/Banker.MultiBanker.VT und TR/Dropper.Gen, Malwarebytes Auswertung

ich hab die combo-Fix datei, kanns aber wieder weder als Code noch als Anhang hier reinstellen

Combo-Fix Datei:Combofix Logfile:

Code:

ComboFix 10-08-29.04 - HP_Besitzer 03.09.2010 18:57:20.4.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.446.214 [GMT 2:00]

ausgeführt von:: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\Combo-Fix.exe

Benutzte Befehlsschalter :: c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Desktop\CFScript.txt

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

* Neuer Wiederherstellungspunkt wurde erstellt

 

FILE ::

"c:\windows\system32\appconf32.exe"

"c:\windows\system32\urhtps.dat"

.

 

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\appconf32.exe

c:\windows\system32\urhtps.dat

 

.

((((((((((((((((((((((( Dateien erstellt von 2010-08-03 bis 2010-09-03 ))))))))))))))))))))))))))))))

.

 

2010-08-30 20:59 . 2010-08-30 21:31    --------    d-----w-    C:\Combo-Fix

2010-08-29 18:11 . 2010-08-29 18:11    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Malwarebytes

2010-08-29 18:10 . 2010-04-29 10:19    38224    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-29 18:10 . 2010-08-29 18:10    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes

2010-08-29 18:10 . 2010-08-29 19:47    --------    d-----w-    c:\programme\Malwarebytes' Anti-Malware

2010-08-29 18:10 . 2010-04-29 10:19    20952    ----a-w-    c:\windows\system32\drivers\mbam.sys

2010-08-22 16:26 . 2010-08-22 16:26    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\Help

2010-08-22 16:11 . 2010-08-22 16:11    799    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_2425543A0EAD32542824DF2807A6FBB4.dll

2010-08-22 15:06 . 2010-08-22 15:06    --------    d-----w-    c:\programme\Unlocker

2010-08-21 12:36 . 2010-08-22 14:19    --------    d-----w-    c:\programme\iKnowPS

2010-08-19 13:56 . 2010-08-19 13:56    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\Fighters

2010-08-19 13:55 . 2010-08-19 13:55    --------    d-----w-    c:\programme\Fighters

 

.

(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-02 17:40 . 2006-11-19 11:48    --------    d-----w-    c:\programme\PokerStars

2010-08-29 14:52 . 2010-06-06 17:46    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\Uniblue

2010-08-29 14:52 . 2010-06-06 17:46    --------    d-----w-    c:\programme\Uniblue

2010-08-29 14:39 . 2010-08-22 16:11    --------    d-----w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan

2010-08-27 18:26 . 2006-05-06 15:53    --------    d-----w-    c:\programme\Mozilla Thunderbird

2010-08-22 16:26 . 2010-08-22 16:11    --------    d-----w-    c:\programme\Security Task Manager

2010-08-22 16:11 . 2010-08-22 16:11    57    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_200845A2240938042A076B4737ED0137.dll

2010-08-22 16:11 . 2010-08-22 16:11    116    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_20481667D97199646AB63D155C4963CB.dll

2010-08-22 16:11 . 2010-08-22 16:11    10    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_24E9EE35BCEC29C4FB67C96AD5FAF8C1.dll

2010-08-22 16:11 . 2010-08-22 16:11    6205    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1FCF3F43B71816D46BFA919D84A6EF0A.dll

2010-08-22 16:11 . 2010-08-22 16:11    699    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1E32C765085758148B2C0308657792C7.dll

2010-08-22 16:11 . 2010-08-22 16:11    55    ----a-w-

 

weiter:

 

c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0FF2F75B52A523345B3054293B070CF2.dll

2010-08-22 16:11 . 2010-08-22 16:11    3356    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1F972D4B9034cc944A5BA3D0E2957C5B.dll

2010-08-22 16:11 . 2010-08-22 16:11    210    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D034B0FAA6BD374B960AAD30DF10D8B.dll

2010-08-22 16:11 . 2010-08-22 16:11    2056    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_06AFB87E393583C428BA8E10E964E44B.dll

2010-08-22 16:11 . 2010-08-22 16:11    1055    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_1D227AB21D84E6041932A85E34D136FE.dll

2010-08-22 16:11 . 2010-08-22 16:11    58    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_0132103250E35A64889A6CBCACCBCA97.dll

2010-08-22 16:11 . 2010-08-22 16:11    833    ----a-w-    c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan\icn_000021599B0090400000000000F01FEC.dll

2010-08-18 13:06 . 2004-11-02 18:10    64650    ----a-w-    c:\windows\system32\perfc007.dat

2010-08-18 13:06 . 2004-11-02 18:10    392842    ----a-w-    c:\windows\system32\perfh007.dat

2010-08-17 15:54 . 2009-04-18 15:46    --------    d-----w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Anwendungsdaten\BSW

2010-07-01 20:12 . 2010-07-01 20:12    112    ----a-w-    c:\windows\system32\srvblck2.tmp

2010-06-30 12:28 . 2004-08-04 04:00    149504    ----a-w-    c:\windows\system32\schannel.dll

2010-06-24 12:22 . 2004-08-04 04:00    916480    ----a-w-    c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-08-04 04:00    1852032    ------w-    c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-08-04 04:00    354304    ------w-    c:\windows\system32\drivers\srv.sys

2010-06-18 20:07 . 2009-02-07 13:34    160    ----a-w-    c:\dokumente und einstellungen\HP_Besitzer.NAME-CD5FDA878D\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

2010-06-17 14:03 . 2004-08-04 04:00    80384    ------w-    c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-08-04 04:00    744448    ------w-    c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:41 . 2004-08-04 04:00    1172480    ----a-w-    c:\windows\system32\msxml3.dll

.

 

((((((((((((((((((((((((((((( SnapShot@2010-08-31_17.05.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-09-03 16:22 . 2010-09-03 16:22    16384 c:\windows\Temp\Perflib_Perfdata_79c.dat

.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HPHUPD08"="c:\programme\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]

"HPBootOp"="c:\programme\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]

"HP Software Update"="c:\programme\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 49152]

"avgnt"="c:\programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-03-28 148888]

"Symantec PIF AlertEng"="c:\programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]

 

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\

Action Manager 32.lnk - c:\programme\ScannerU\AM32.exe [2006-12-26 69632]

Gigaset WLAN Adapter Monitor.lnk - c:\programme\Siemens\Gigaset USB Adapter 54\GigasetUSBMonitor.exe [2004-6-4 327680]

HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Programme\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Programme\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Programme\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Programme\\Mozilla Firefox\\firefox.exe"=

 

S3 SE4501D;Gigaset USB Adapter 54 Driver;c:\windows\system32\drivers\SE4501D.sys [07.02.2009 15:39 379232]

.

.

------- Zusätzlicher Suchlauf -------

.

IE: &Google-Suche - c:\programme\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Ins Deutsche übersetzen - c:\programme\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Im Cache gespeicherte Seite - c:\programme\Google\GoogleToolbar1.dll/cmcache.html

IE: Verweisseiten - c:\programme\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Ähnliche Seiten - c:\programme\Google\GoogleToolbar1.dll/cmsimilar.html

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-09-03 19:05

Windows 5.1.2600 Service Pack 3 NTFS

 

Scanne versteckte Prozesse... 

 

Scanne versteckte Autostarteinträge... 

 

Scanne versteckte Dateien... 

 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

 

**************************************************************************

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

 

- - - - - - - > 'winlogon.exe'(808)

c:\windows\system32\Ati2evxx.dll

.

Zeit der Fertigstellung: 2010-09-03 19:09:35

ComboFix-quarantined-files.txt 2010-09-03 17:09

 

Vor Suchlauf: 14 Verzeichnis(se), 133.626.843.136 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 133.615.886.336 Bytes frei

 

- - End Of File - - 8E3D7B5DADE6C637ACEE56D85219F210

--- --- ---

Nach diese Anleitung in Code-Tags gehts nicht?

wenn ich auf Datei hochladen klicke, kommt im Problembericht:

C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\firefox.exe.mdmp
C:\DOKUME~1\HP_BES~1.NAM\LOKALE~1\Temp\WERb71c.dir00\appcompat.txt

Falls dir das hilft.

Sonst habe ich momentan nichts feststellen können,
Firefox hat nach Neustart immer noch relativ lange gebraucht,
wenn auch nicht mehr ganz so lange.

ich kann kleine Tags machen

Code:

test fjdkfkjsflfkdsjklsdfjdlkfjdkfdlfdjfklffjklsdfjlksfj

aber lange Texte gehen nicht, wird der Browser geschlossen.

Schritt 1

Wende bitte CCleaner an.

Schritt 2

Programme updaten

Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor.

Cleaner hab ich gemacht.

Updates auch, er findet aber noch verschiedene alte java Versionen,
habe aber 1x geupdatet und die Meldung kommt noch.

dann hab ich eben nochmal malwarebytes laufen lassen:

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4544
 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702
 

04.09.2010 20:24:05

mbam-log-2010-09-04 (20-24-05).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 142149

Laufzeit: 8 Minute(n), 45 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 1

Infizierte Dateien: 34
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

C:\WINDOWS\system32\xmldm (Stolen.Data) -> No action taken.
 

Infizierte Dateien:

C:\WINDOWS\system32\xmldm\1384_FF_0000000117.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\1504_FF_0000000107.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000087.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000088.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000089.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000090.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000091.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000092.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\2360_FF_0000000093.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\308_FF_0000000094.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\308_FF_0000000095.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\308_FF_0000000096.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\308_FF_0000000097.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\308_FF_0000000098.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000099.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000100.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000101.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000102.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000103.frm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3416_FF_0000000104.pst (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3428_FF_0000000105.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3428_FF_0000000106.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3800_FF_0000000108_ifrm.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3800_FF_0000000109.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\3800_FF_0000000110.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4088_FF_0000000113.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4088_FF_0000000114.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4088_FF_0000000115_ifrm.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4088_FF_0000000116_ifrm.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4520_FF_0000000111.htm (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\4520_FF_0000000112.key (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\FromJava01CB35A8ADABD10C_00006992_rasphone.pbk (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\FromJava01CB35A8AF7A5940_00006992_rasphone.pbk (Stolen.Data) -> No action taken.

C:\WINDOWS\system32\xmldm\FromJava01CB372477FEA5DE_00004328_rasphone.pbk (Stolen.Data) -> No action taken.

was bedeutet das jetzt noch?

Schritt 1

TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

Schritt 2

Downloade Dir bitte RKUnhookerLE und speichere die Datei auf deinem Desktop.

Deaktiviere alle Hintergrundwächter. Besonders den deiner Anti Virensoftware.
Starte die RKUnhookerLE.exe
Klicke auf den Report Tab und danach auf Scan
Setze ein Häckchen bei
- Drivers
- Stealth Code
Entferne alle anderen Hacken
Wenn Du gefragt wirst welcher Bereich gescannt werden soll, gehe sicher das deine Systemplatte ( meistens C: ) angehackt ist.
Klicke OK
Wenn der Scan beendet wurde
File --> Save Report
klicken.
Speichere die Datei als RKU.txt auf dem Desktop.
Klicke Close

Hinweis: Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?"

einfach ignorieren.

Schritt 3

Wende bitte AVZ an und poste das Log.

TDSKiller:
Neustart gabs nicht, wurde aber auch nichts gefunden.
sorry muss wieder aufteilen

Code:

 

2010/09/05 16:48:29.0750    TDSS rootkit removing tool 2.4.2.0 Sep  3 2010 10:26:06

2010/09/05 16:48:29.0750    ================================================================================

2010/09/05 16:48:29.0750    SystemInfo:

2010/09/05 16:48:29.0750    

2010/09/05 16:48:29.0750    OS Version: 5.1.2600 ServicePack: 3.0

2010/09/05 16:48:29.0750    Product type: Workstation

2010/09/05 16:48:29.0750    ComputerName: NAME-CD5FDA878D

2010/09/05 16:48:29.0750    UserName: HP_Besitzer

2010/09/05 16:48:29.0750    Windows directory: C:\WINDOWS

2010/09/05 16:48:29.0750    System windows directory: C:\WINDOWS

2010/09/05 16:48:29.0750    Processor architecture: Intel x86

2010/09/05 16:48:29.0750    Number of processors: 1

2010/09/05 16:48:29.0750    Page size: 0x1000

2010/09/05 16:48:29.0750    Boot type: Normal boot

2010/09/05 16:48:29.0750    ================================================================================

2010/09/05 16:48:30.0218    Initialize success

2010/09/05 16:48:37.0265    ================================================================================

2010/09/05 16:48:37.0265    Scan started

2010/09/05 16:48:37.0265    Mode: Manual;

2010/09/05 16:48:37.0265    ================================================================================

2010/09/05 16:48:38.0421    ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/05 16:48:38.0468    ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/09/05 16:48:38.0578    aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/05 16:48:38.0625    AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/09/05 16:48:38.0859    ALCXWDM         (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/09/05 16:48:39.0062    AmdK8           (769844eb65df6a62aa51b886290fe51d) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2010/09/05 16:48:39.0171    Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/05 16:48:39.0343    AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/05 16:48:39.0390    atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/05 16:48:39.0500    ati2mtag        (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/09/05 16:48:39.0578    Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/05 16:48:39.0656    audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/05 16:48:39.0718    AvgArCln        (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys

2010/09/05 16:48:39.0828    avgio           (87828ecd657f81503465ac705e845076) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys

2010/09/05 16:48:39.0875    avgntflt        (fcb30820bed1d3feb55e3dd55a3f947f) C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

2010/09/05 16:48:39.0906    avipbb          (0b09df022250fb7ba91fb932eac6ea9b) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2010/09/05 16:48:39.0968    Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/05 16:48:40.0171    cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/05 16:48:40.0234    Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

 2010/09/05 16:48:40.0296    Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/05 16:48:40.0359    Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/05 16:48:40.0578    Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/05 16:48:40.0656    dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/05 16:48:40.0703    dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/05 16:48:40.0734    dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/05 16:48:40.0796    DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/05 16:48:40.0859    drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/05 16:48:40.0906    Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/05 16:48:40.0968    Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/09/05 16:48:41.0015    Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/05 16:48:41.0046    Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/09/05 16:48:41.0093    FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/09/05 16:48:41.0125    Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/05 16:48:41.0156    Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/05 16:48:41.0187    Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/05 16:48:41.0250    hidusb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/05 16:48:41.0328    HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/05 16:48:41.0437    i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/05 16:48:41.0484    Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/05 16:48:41.0562    IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/09/05 16:48:41.0593    intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/05 16:48:41.0625    Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/09/05 16:48:41.0656    IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/05 16:48:41.0687    IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/05 16:48:41.0718    IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/05 16:48:41.0765    IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/05 16:48:41.0796    IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/05 16:48:41.0828    isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/05 16:48:41.0859    Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/05 16:48:41.0890    kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/09/05 16:48:41.0937    kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/05 16:48:41.0968    KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/05 16:48:42.0078    mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/05 16:48:42.0109    Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/05 16:48:42.0140    Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/05 16:48:42.0156    mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/05 16:48:42.0203    MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/05 16:48:42.0296    MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/05 16:48:42.0343    MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/05 16:48:42.0375    Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/05 16:48:42.0406    MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/05 16:48:42.0437    MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/05 16:48:42.0468    MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/05 16:48:42.0500    mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/05 16:48:42.0531    Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/05 16:48:42.0578    NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/05 16:48:42.0609    NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/05 16:48:42.0640    Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/05 16:48:42.0671    NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/05 16:48:42.0703    NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/05 16:48:42.0734    NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/05 16:48:42.0781    NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/05 16:48:42.0859    NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/05 16:48:42.0890    Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/05 16:48:42.0953    Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/05 16:48:43.0000    Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/05 16:48:43.0046    NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/05 16:48:43.0078    NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/05 16:48:43.0109    ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/05 16:48:43.0156    Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/09/05 16:48:43.0187    PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/05 16:48:43.0234    ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/05 16:48:43.0265    PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/05 16:48:43.0312    PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/05 16:48:43.0359    Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/09/05 16:48:43.0593    PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/05 16:48:43.0625    Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/09/05 16:48:43.0671    Ps2             (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/09/05 16:48:43.0703    PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/05 16:48:43.0765    PSI             (1df21f001f3a94eba4a2950c70cc358f) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

2010/09/05 16:48:43.0796    Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

 2010/09/05 16:48:43.0828    PxHelp20        (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/05 16:48:43.0984    RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/05 16:48:44.0015    Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/05 16:48:44.0062    RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/05 16:48:44.0093    Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/05 16:48:44.0140    Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/05 16:48:44.0187    RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/05 16:48:44.0250    RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/05 16:48:44.0296    redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/05 16:48:44.0343    RTL8023xp       (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2010/09/05 16:48:44.0390    rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/09/05 16:48:44.0468    SE4501D         (8dc9cf101d175a1daf2fd917e19a68b1) C:\WINDOWS\system32\DRIVERS\SE4501D.sys

2010/09/05 16:48:44.0531    Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/05 16:48:44.0593    serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/09/05 16:48:44.0640    Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/09/05 16:48:44.0703    Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/05 16:48:44.0828    splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/05 16:48:44.0875    sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/05 16:48:44.0937    Srv             (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/05 16:48:44.0984    ssmdrv          (71d609c5dff067906d930bde031c4cfe) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2010/09/05 16:48:45.0062    swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/05 16:48:45.0093    swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/05 16:48:45.0234    sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/05 16:48:45.0296    Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/05 16:48:45.0343    TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/05 16:48:45.0390    TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/05 16:48:45.0421    TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/05 16:48:45.0531    Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/05 16:48:45.0609    Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/05 16:48:45.0671    usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/05 16:48:45.0734    usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/05 16:48:45.0765    usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/05 16:48:45.0812    usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/09/05 16:48:45.0859    usbstor         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/05 16:48:45.0906    usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/05 16:48:45.0937    VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/05 16:48:45.0968    ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/09/05 16:48:46.0015    VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/05 16:48:46.0078    Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/05 16:48:46.0140    wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/05 16:48:46.0265    WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/05 16:48:46.0328    WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/05 16:48:46.0375    ================================================================================

2010/09/05 16:48:46.0375    Scan finished

2010/09/05 16:48:46.0375    ================================================================================

RKU 1. Teil:

Code:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xF6DDA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 3645440 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0xBF0BF000 C:\WINDOWS\System32\ati3duag.dll 2412544 bytes (ATI Technologies Inc. , ati3duag.dll)

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069120 bytes (Microsoft Corporation, NT-Kernel und -System)

0x804D7000 PnpManager 2069120 bytes

0x804D7000 RAW 2069120 bytes

0x804D7000 WMIxWDM 2069120 bytes

0xBF800000 Win32k 1855488 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)

0xF71F1000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1368064 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)

0xBF30C000 C:\WINDOWS\System32\ativvaxx.dll 602112 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)

0xF73CE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF26AB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF688C000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF2617000 C:\WINDOWS\system32\DRIVERS\SE4501D.sys 380928 bytes (Siemens AG, Siemens Wireless NDIS 5.1 Driver)

0xF27B8000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEFE75000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xEF286000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 258048 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)

0xBF051000 C:\WINDOWS\System32\ati2cqag.dll 233472 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)

0xBF08A000 C:\WINDOWS\System32\atikvmag.dll 217088 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)

0xF74EC000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)

0xF73A1000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xF2743000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF2790000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF2685000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF25F3000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF6DB6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF718B000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF7168000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF276E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806D1000 ACPI_HAL 131840 bytes

0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7484000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF74BC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)

0xF7387000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF74A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF25DB000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes

0xF745B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6D8B000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xF000A000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF001F000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys 81920 bytes (Avira GmbH, Avira Minifilter Driver)

0xF6DA2000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Treiber für parallelen Anschluss)

0xF7154000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 81920 bytes (Realtek Semiconductor Corporation                           , Realtek 10/100/1000 NDIS 5.1 Driver                         )

0xF71DD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF2811000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7472000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)

0xF2674000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 69632 bytes (Avira GmbH, Avira Driver for RootKit Detection)

0xF74DB000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)

0xF6D7A000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF784C000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)

 0xEFD9D000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF786C000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF788C000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF762C000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF77AC000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF76AC000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF787C000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)

0xF03B3000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF774C000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF763C000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF765C000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)

0xF767C000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF76BC000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber)

0xF76CC000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF76EC000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF778C000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)

0xF785C000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF764C000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF76DC000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF761C000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)

0xF771C000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF770C000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF766C000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF76FC000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF775C000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xEEFE3000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF779C000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF79DC000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7984000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF79C4000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF799C000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)

0xF789C000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF79EC000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF798C000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)

0xF79E4000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (AVIRA GmbH, AVIRA SnapShot Driver)

0xF79CC000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF79D4000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF78A4000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF7994000 C:\WINDOWS\system32\DRIVERS\PS2.sys 20480 bytes (Hewlett-Packard Company, PS2 SYS)

0xF79AC000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF78AC000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF79B4000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)

0xF79A4000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF797C000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)

0xF79FC000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xF7AFC000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xF043F000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF7A2C000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF7AD4000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF7AEC000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF734B000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF7B54000 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)

0xF7B4C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF7B56000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes

0xF7B4A000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7B22000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Treiber)

0xF7B1C000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7B4E000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF7B50000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7B46000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7B48000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF7B20000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7B1E000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7CEB000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7C63000 C:\WINDOWS\System32\DRIVERS\AvgArCln.sys 4096 bytes (GRISOFT, s.r.o., AVG7 Clean Driver)

0xF7C72000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7C62000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7BE4000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)

==============================================

>Stealth

==============================================

bei dem AVZ kann ich die exe datei nicht in 1111111.com umbenennen ist das wichtig?

Ja das umbenennen ist wichtig. In einen andeen namen geht auch nicht?

ich konnte es doch noch umbenennen, indem ich die datei kurz in nen anderen ordner geschoben habe.

Ich habe gelesen, dass so ein AVZ Scan sehr lange dauern kann...

Kannst du mir ne Durchschnittslaufzeit ca. sagen?

Wenns wirklich mehr als 6 h dauert dann verschieb ichs aufn Samstag.

Es liegt an Dir. Ich würde Dir aber empfehlen das System bis zum Scan nicht zu nutzen.