Trojaner Tr/reg Kobaface.89+tr/atraps.gen+den Wurm Koobaface eingefangen

#0
12.11.2009, 09:28
Member

Beiträge: 34
#1 Hallo zusammen habe mir die im Titel aufgelisteten Trojaner und den Wurm eingefangen des weiteren auch noch das Backdoorprogramm BDS/BACKDOOR Gen und ebenfalls noch den Trojaner TR/Crypt ZPACK Gen, sie werden von Avira erkannt doch ich kann sie nicht löschen. Auswirkungen merke ich direkt keine aber ich will sie natürlich von meinem Rechner enmtfernen.

Ich habe hier die Log files die ihr braucht:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6001 Service Pack 1

11.11.2009 17:56:33
mbam-log-2009-11-11 (17-56-24).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 307537
Laufzeit: 1 hour(s), 18 minute(s), 54 second(s)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
C:\Windows\freddy73.exe (Worm.KoobFace) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysfbtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Worm.KoobFace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Captcha7 (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysmstray (Worm.KoobFace) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\freddy73.exe (Worm.KoobFace) -> No action taken.
C:\Windows\ld15.exe (Worm.KoobFace) -> No action taken.
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:15:46, on 12.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
C:\Program Files\WinTV\EPG Services\System\EPGClient.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\svchost.exe
C:\Windows\ld15.exe
C:\Windows\freddy73.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 5.0\AolTbServer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysldtray] C:\Windows\ld15.exe
O4 - HKLM\..\Run: [sysfbtray] C:\Windows\freddy73.exe
O4 - HKLM\..\Run: [Captcha7] rundll "C:\Program Files\captcha.dll",captcha
O4 - HKLM\..\Run: [SySmstray] C:\Windows\mstre22.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 15905 bytes


Hoffe es geht auch so ansonsten einfach angeben was ich noch alles machen muss.


Grüsse Muloo und Danke
Seitenanfang Seitenende
12.11.2009, 10:31
Member
Avatar Chris4You

Beiträge: 694
#2 Hi,

Also:
Anleitung Avenger (by swandog46)

1.) Lade dir das Tool (http://swandog46.geekstogo.com/avenger.exe)Avenger und speichere es auf dem Desktop:



2.) Das Programm so einstellen wie es auf dem Bild zu sehen ist.

Kopiere nun folgenden Text in das weiße Feld:
(bei -> "input script here")


Code

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysldtray
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysfbtray
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Captcha7
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SySmstray


Files to delete:
C:\Windows\ld15.exe
C:\Windows\freddy73.exe
C:\Windows\mstre22.exe
C:\Program Files\captcha.dll
3.) Schliesse nun alle Programme (vorher notfalls abspeichern!) und Browser-Fenster, nach dem Ausführen des Avengers wird das System neu gestartet.

4.) Um den Avenger zu starten klicke auf -> Execute
Dann bestätigen mit "Yes" das der Rechner neu startet!

5.) Nachdem das System neu gestartet ist, findest du hier einen Report vom Avenger -> C:\avenger.txt
Öffne die Datei mit dem Editor und kopiere den gesamten Text in deinen Beitrag hier am Trojaner-Board.

Hijackthis, fixen:
öffne das HijackThis -- Button "scan" -- vor den nachfolgenden Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten
Beim fixen müssen alle Programme geschlossen sein!

Code

O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect .cab
Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Fullscan und alles bereinigen lassen! Log posten.

RSIT
Random's System Information Tool (RSIT) von random/random liest Systemdetails aus und erstellt ein aussagekräftiges Logfile.
* Lade Random's System Information Tool (RSIT) herunter (http://images.malwareremoval.com/random/RSIT.exe)
* speichere es auf Deinem Desktop.
* Starte mit Doppelklick die RSIT.exe.
* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro (http://de.trendmicro.com/de/home) für HJT akzeptieren "I accept".
* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Gmer:
http://virus-protect.org/artikel/tools/gmer.html
Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte gmer und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. Ist dieser beendet, wähle Copy und füge den Bericht ein.


Chris
Seitenanfang Seitenende
12.11.2009, 16:11
Member

Themenstarter

Beiträge: 34
#3 Also:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Windows\ld15.exe" deleted successfully.
File "C:\Windows\freddy73.exe" deleted successfully.

Error: file "C:\Windows\mstre22.exe" not found!
Deletion of file "C:\Windows\mstre22.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Program Files\captcha.dll" not found!
Deletion of file "C:\Program Files\captcha.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysldtray" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|sysfbtray" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Captcha7" deleted successfully.
Registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SySmstray" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

dann:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6001 Service Pack 1

12.11.2009 15:52:54
mbam-log-2009-11-12 (15-52-49).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 309880
Laufzeit: 1 hour(s), 36 minute(s), 37 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\mmsmark2.dat (KoobFace.Trace) -> No action taken.
dann:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Muloo at 2009-11-12 15:56:40
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 352 GB (76%) free of 465 GB
Total RAM: 3038 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:02, on 12.11.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mobile Partner\Mobile Partner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Muloo\Desktop\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Muloo.exe
C:\Windows\system32\svchost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETZWERKDIENST')
O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 5124 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AirCardEnabler"= []
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater"
""=""
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a229d2b-9632-11de-b8f0-00269e0a2f87}]
shell\AutoRun\command - G:\WIN\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f87bc97-acba-11de-b9d7-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\kwdfo.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{455cb053-b305-11de-9f4c-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\kbvda.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d242656-a0ff-11de-aba1-00a0d5ffffa9}]
shell\AutoRun\command - H:\
shell\open\command - rundll32.exe .\\sulwoa.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90006693-961e-11de-9644-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91755891-be02-11de-9a6c-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\hvifil32.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5aab-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ac5-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ad9-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - H:\RECYCLERS\runmgr.exe
shell\open\command - H:\RECYCLERS\runmgr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fa67fb35-ccfd-11de-a7a6-00269e0a2f87}]
shell\AutoRun\command - F:\AutoRun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-11-12 15:56:40 ----D---- C:\rsit
2009-11-12 13:32:50 ----D---- C:\Avenger
2009-11-12 13:32:50 ----A---- C:\avenger.txt
2009-11-12 09:15:31 ----D---- C:\Program Files\Trend Micro
2009-11-11 12:03:45 ----D---- C:\Windows\Minidump
2009-11-11 09:06:07 ----D---- C:\Users\Muloo\AppData\Roaming\Malwarebytes
2009-11-11 09:05:43 ----D---- C:\ProgramData\Malwarebytes
2009-11-11 09:05:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-11 08:22:52 ----A---- C:\Windows\system32\WSDApi.dll
2009-11-10 16:50:16 ----A---- C:\Windows\SGDetectionTool.dll
2009-11-10 16:50:16 ----A---- C:\Windows\BDTSupport.dll
2009-11-10 16:50:15 ----A---- C:\Windows\PCTBDRes.dll
2009-11-10 16:50:15 ----A---- C:\Windows\PCTBDCore.dll
2009-11-10 16:45:30 ----D---- C:\Users\Muloo\AppData\Roaming\PC Tools
2009-11-10 16:45:30 ----D---- C:\ProgramData\PC Tools
2009-11-10 16:45:30 ----D---- C:\Program Files\Spyware Doctor
2009-11-10 16:45:30 ----D---- C:\Program Files\Common Files\PC Tools
2009-11-10 15:15:56 ----D---- C:\ProgramData\Avira
2009-11-10 15:15:56 ----D---- C:\Program Files\Avira
2009-11-04 08:23:11 ----A---- C:\Windows\system32\mshtml.dll
2009-10-30 08:03:01 ----D---- C:\Program Files\Mobile Partner
2009-10-28 10:10:58 ----A---- C:\Windows\system32\wmp.dll
2009-10-28 10:10:56 ----A---- C:\Windows\system32\unregmp2.exe
2009-10-28 10:10:52 ----A---- C:\Windows\system32\wmploc.DLL
2009-10-22 09:16:10 ----D---- C:\ProgramData\NOS
2009-10-22 09:16:10 ----D---- C:\Program Files\NOS
2009-10-22 06:34:27 ----A---- C:\Windows\system32\wininet.dll
2009-10-22 06:34:27 ----A---- C:\Windows\system32\urlmon.dll
2009-10-22 06:34:27 ----A---- C:\Windows\system32\iertutil.dll
2009-10-22 06:34:27 ----A---- C:\Windows\system32\ieframe.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\occache.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeedssync.exe
2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\msfeeds.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\jsproxy.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\ieUnatt.exe
2009-10-22 06:34:26 ----A---- C:\Windows\system32\ieui.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\iesysprep.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\iesetup.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\iernonce.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\iepeers.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\iedkcs32.dll
2009-10-22 06:34:26 ----A---- C:\Windows\system32\ie4uinit.exe
2009-10-19 07:11:03 ----A---- C:\Windows\system32\msv1_0.dll
2009-10-19 07:11:00 ----A---- C:\Windows\system32\ntoskrnl.exe
2009-10-19 07:11:00 ----A---- C:\Windows\system32\ntkrnlpa.exe
2009-10-19 07:10:44 ----A---- C:\Windows\system32\EncDec.dll
2009-10-19 07:10:43 ----A---- C:\Windows\system32\psisdecd.dll
2009-10-19 07:10:31 ----A---- C:\Windows\system32\msasn1.dll
2009-10-19 07:10:23 ----A---- C:\Windows\system32\WMSPDMOD.DLL

======List of files/folders modified in the last 1 months======

2009-11-12 15:57:01 ----D---- C:\Windows\Temp
2009-11-12 15:56:52 ----D---- C:\Windows\Prefetch
2009-11-12 15:54:59 ----AD---- C:\ProgramData\Temp
2009-11-12 15:52:58 ----D---- C:\Windows
2009-11-12 15:44:44 ----SHD---- C:\System Volume Information
2009-11-12 14:38:23 ----D---- C:\Program Files\StarWarsGalaxies
2009-11-12 14:05:29 ----D---- C:\Windows\System32
2009-11-12 14:05:29 ----D---- C:\Windows\inf
2009-11-12 14:05:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-11-12 13:57:15 ----SD---- C:\Windows\Downloaded Program Files
2009-11-12 13:57:15 ----D---- C:\Program Files\SystemRequirementsLab
2009-11-12 13:57:15 ----D---- C:\Program Files\Download Manager
2009-11-12 13:49:07 ----A---- C:\ProgramData\HPWALog.txt
2009-11-12 13:35:09 ----RD---- C:\Program Files
2009-11-12 13:34:54 ----HD---- C:\ProgramData
2009-11-12 13:32:50 ----D---- C:\Windows\system32\drivers
2009-11-12 03:31:54 ----D---- C:\Windows\winsxs
2009-11-12 03:21:44 ----D---- C:\Windows\system32\catroot
2009-11-12 03:19:05 ----D---- C:\Program Files\Windows Mail
2009-11-12 03:03:53 ----SHD---- C:\Windows\Installer
2009-11-12 03:03:46 ----D---- C:\ProgramData\Microsoft Help
2009-11-12 03:00:33 ----D---- C:\Windows\system32\catroot2
2009-11-10 16:45:30 ----D---- C:\Program Files\Common Files
2009-11-10 16:39:27 ----D---- C:\Program Files\Mozilla Firefox
2009-11-09 08:28:28 ----D---- C:\Windows\ModemLogs
2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe
2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-29 09:09:40 ----D---- C:\Windows\rescache
2009-10-28 15:00:03 ----D---- C:\Program Files\Internet Explorer
2009-10-28 14:59:44 ----D---- C:\Windows\system32\it-IT
2009-10-28 14:59:44 ----D---- C:\Windows\system32\fr-FR
2009-10-28 14:59:44 ----D---- C:\Windows\system32\de-DE
2009-10-28 14:59:44 ----D---- C:\Program Files\Windows Media Player
2009-10-23 06:48:00 ----D---- C:\Windows\system32\migration
2009-10-20 07:22:13 ----D---- C:\Windows\Microsoft.NET
2009-10-20 07:22:06 ----RSD---- C:\Windows\assembly
2009-10-20 06:51:21 ----D---- C:\Windows\ehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 04:02:55]; \??\C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 87536]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2008-03-27 34664]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-12-31 4172288]
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl6.sys [2009-07-20 1331192]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
R3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2008-12-13 102784]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-08-06 124928]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2008-10-26 391168]
R3 swivsp;AC8xx Virtual Serial Port; C:\Windows\system32\DRIVERS\swivspnt.sys [2007-03-26 20352]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-07-24 201264]
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2008-01-21 31616]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-02-21 23040]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-02-21 507904]
S3 BTHUSB;USB-Treiber für Bluetooth-Sender; C:\Windows\System32\Drivers\BTHUSB.sys [2009-02-21 30208]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-06-23 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2008-06-23 81960]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2008-06-23 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2009-02-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-02-21 149504]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S3 swmsflt;swmsflt; C:\Windows\System32\drivers\swmsflt.sys [2008-07-08 26760]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80); C:\Windows\system32\DRIVERS\swnc8u80.sys [2008-05-20 167040]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\Windows\system32\DRIVERS\swumx20.sys []
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80); C:\Windows\system32\DRIVERS\swumx80.sys [2008-05-20 143360]
S3 usb_rndisx;USB-RNDIS-Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2008-01-21 15872]
S3 USB28xxBGA;WinTV HVR-900; C:\Windows\system32\DRIVERS\emBDA.sys [2008-09-25 559616]
S3 USB28xxOEM;WinTV OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-09-25 132224]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-12-31 724992]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 DpHost;@C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2008-12-10 322624]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2008-03-18 19456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2008-10-26 237657]
R2 TVCapSvc;TV Background Capture Service (TVBCS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-02-09 296320]
R2 TVSched;TV Task Scheduler (TVTS); C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-02-09 116096]
R2 vfsFPService;Validity Fingerprint Service; C:\Windows\system32\vfsFPService.exe [2008-11-18 599344]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 getPlusHelper;@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-14 182768]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
S4 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S4 EPGService;EPGService; C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2008-08-27 442880]
S4 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-07-17 250616]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S4 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232]
S4 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S4 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-12-17 365952]

-----------------EOF-----------------
und dann:

info.txt logfile of random's system information tool 1.06 2009-11-12 15:57:05

======Uninstall list======

-->"C:\Program Files\HP Games\Agatha Christie - Death on the Nile\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Escape the Museum\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Gem Shop\Uninstall.exe"
-->"C:\Program Files\HP Games\Granny in Paradise\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Magic Academy\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mahjongg Artifacts\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy - Treasure Hunter 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds Legends\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - A New Home\Uninstall.exe"
-->"C:\Program Files\HP Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Download Manager-->"C:\Windows\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A90000000001}
Adobe Shockwave Player-->MsiExec.exe /X{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}
AOL Toolbar 5.0-->"C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{187817E2-6407-461C-B59B-56CE73363D34}
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
CyberLink DVD Suite-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
DigitalPersona Personal 4.0-->MsiExec.exe /I{9DCD625E-B0C1-47EA-B905-6108279623F8}
Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
ESU for Microsoft Vista-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
FUSSBALL MANAGER 09-->C:\Program Files\EA SPORTS\FUSSBALL MANAGER 09\eauninstall.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hattrick Organizer (remove only)-->C:\HattrickOrganizer\Uninstall.exe
Hauppauge German Help Files and Resources-->C:\PROGRA~1\WinTV\UNHLPdeu.EXE C:\PROGRA~1\WinTV\WTV2Kdeu.LOG
Hauppauge MCE XP/Vista Software Encoder (2.0.26268)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
Hauppauge WinTV DVB-T EPG Service-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\UnEPGService.LOG
Hauppauge WinTV Infrared Remote-->C:\PROGRA~1\WinTV\UNir32.EXE C:\PROGRA~1\WinTV\ir32.LOG
Hauppauge WinTV Location Manager-->C:\Windows\System32\UNWISE.EXE C:\Windows\System32\UnhcwLocMgr.LOG
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\\SCHEDU~1\uniSCHED.log
Hauppauge WinTV Soft PVR-->C:\PROGRA~1\WinTV\UNSftPVR.EXE C:\PROGRA~1\WinTV\softpvr.LOG
Hauppauge WinTV-->C:\PROGRA~1\WinTV\UNTV6.EXE C:\PROGRA~1\WinTV\WINTV6.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Common Access Service Library-->MsiExec.exe /I{732A3F80-008B-4350-BD58-EC5AE98707B8}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /I{0054A0F6-00C9-4498-B821-B5C9578F433E}
HP Integrated Module with Bluetooth wireless technology 6.0.1.6204-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart DVD-->"C:\Program Files\InstallShield Installation Information\{DCCAD079-F92C-44DA-B258-624FC6517A5A}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall
HP MediaSmart Music/Photo/Video-->"C:\Program Files\InstallShield Installation Information\{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}\setup.exe" /z-uninstall /zMS
HP MediaSmart SmartMenu-->MsiExec.exe /I{A7AC8E69-01FF-494E-9A2C-423B82CEA604}
HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall
HP MediaSmart TV-->"C:\Program Files\InstallShield Installation Information\{67626E09-5366-4480-8F1E-93FADF50CA15}\Setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
HP MediaSmart Webcam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall /z
HP Quick Launch Buttons 6.40 L1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0007 uninst
HP Total Care Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{95A747E0-DF19-46CB-A622-20A0107201BD}\setup.exe" -l0x9 -removeonly
HP Update-->MsiExec.exe /X{47F36D92-E58E-456D-B73C-3382737E4C42}
HP User Guides 0134-->MsiExec.exe /X{6ABE0E28-3A8E-4ADC-A050-784064B76236}
HP Wireless Assistant-->MsiExec.exe /X{E5E29403-3D25-40C6-892B-F9FEE2A95585}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
IDT Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\setup.exe" -l0x7 -remove -removeonly
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JMicron JMB38X Flash Media Controller Driver-->"C:\Windows\JMCR_DIR\setup.exe" delpkg
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LightScribe System Software 1.14.17.1-->MsiExec.exe /X{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Works-->MsiExec.exe /I{39D0E034-1042-4905-BECB-5502909FCB7C}
Mobile Partner-->C:\Program Files\Mobile Partner\uninst.exe
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton Internet Security-->MsiExec.exe /I{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
ProtectSmart Hard Drive Protection-->MsiExec.exe /X{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}
Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0007 -removeonly
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Sierra Wireless 3G Watcher-->MsiExec.exe /I{B4DBD782-CA1F-40FE-845D-3ABD5B206BC3}
Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Station Launcher-->C:\Program Files\Sony\Station\Station Launcher\uninstall.exe
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
System Requirements Lab-->MsiExec.exe /I{9EBDAF91-DADA-47CE-94F2-F5B004007934}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update für Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}
Update für Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {EA160DA3-E9B5-4D03-A518-21D306665B96}
Update für Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {38472199-D7B6-4833-A949-10E4EE6365A1}
Validity Sensors software-->MsiExec.exe /X{F65B8208-5221-43D9-AA12-DDEA64EC4AF6}
Windows-Treiberpaket - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\Windows\System32\DriverStore\FileRepository\enecir.inf_1a3c82dd\enecir.inf

=====HijackThis Backups=====

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-11-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12]
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2009-11-12]
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-11-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12]
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-12]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_ch&c=91&bd=Pavilion&pf=cnnb [2009-11-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-11-12]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-11-12]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = [2009-11-12]
O1 - Hosts: ::1 localhost [2009-11-12]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ [2009-11-12]
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-12]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2009-11-12]
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [2009-11-12]
O4 - HKLM\..\Run: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-11-12]
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab [2009-11-12]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-12]
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [2009-11-12]
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [2009-11-12]
O4 - HKLM\..\Run: [EPGServiceTool] C:\PROGRA~1\WinTV\EPG Services\System\EPGClient.exe [2009-11-12]
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [2009-11-12]
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2009-11-12]
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-11-12]
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-12]
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-11-12]
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2009-11-12]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab [2009-11-12]
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [2009-11-12]
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-12]
O4 - Global Startup: BTTray.lnk = ? [2009-11-12]
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') [2009-11-12]
O13 - Gopher Prefix: [2009-11-12]
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe [2009-11-12]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2009-11-12]
O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-11-12]
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [2009-11-12]
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-11-12]
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2009-11-12]
O4 - HKLM\..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2009-11-12]
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2009-11-12]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-12]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-11-12]
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [2009-11-12]
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" [2009-11-12]
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12]
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" [2009-11-12]
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" [2009-11-12]
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') [2009-11-12]
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-11-12]
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [2009-11-12]
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [2009-11-12]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-12]
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2009-11-12]
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-12]
O4 - HKLM\..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground [2009-11-12]
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12]
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html [2009-11-12]
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-12]
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [2009-11-12]
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background [2009-11-12]
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [2009-11-12]
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') [2009-11-12]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-12]
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2009-11-12]
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-11-12]
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2009-11-12]
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe [2009-11-12]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2009-11-12]
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe [2009-11-12]
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2009-11-12]
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-11-12]
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2009-11-12]
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-11-12]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-12]
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-12]
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-11-12]
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-12]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3 [2009-11-12]
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) [2009-11-12]
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe [2009-11-12]
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-11-12]
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe [2009-11-12]
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-12]
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-11-12]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-12]
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-12]
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-12]
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-11-12]
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2009-11-12]
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12]
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe [2009-11-12]
O4 - Global Startup: BTTray.lnk = ? [2009-11-12]
O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-CH\local\search.html [2009-11-12]
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') [2009-11-12]
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab [2009-11-12]
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll [2009-11-12]
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2009-11-12]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [2009-11-12]
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 [2009-11-12]
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') [2009-11-12]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL [2009-11-12]
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-12]
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2009-11-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [2009-11-12]
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork [2009-11-12]
O13 - Gopher Prefix: [2009-11-12]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [2009-11-12]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab [2009-11-12]
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') [2009-11-12]
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-11-12]
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2009-11-12]
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-12]
O17 - HKLM\System\CCS\Services\Tcpip\..\{7419F3E3-06FB-4E83-8B99-22A88BAFC6F3}: NameServer = 195.141.56.5 193.192.227.3 [2009-11-12]
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-11-12]
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-12]
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe [2009-11-12]
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [2009-11-12]
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-11-12]
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-12]
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe [2009-11-12]
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-11-12]
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe [2009-11-12]
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-12]
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-12]
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing) [2009-11-12]
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-11-12]
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-11-12]
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-11-12]
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe [2009-11-12]
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2009-11-12]
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe [2009-11-12]
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-11-12]
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-12]

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Muloo-PC
Event Code: 7036
Message: Dienst "Windows Mobile-basierte Geräteverbindung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36753
Source Name: Service Control Manager
Time Written: 20091112145651.000000-000
Event Type: Informationen
User:

Computer Name: Muloo-PC
Event Code: 7036
Message: Dienst "TPM-Basisdienste" befindet sich jetzt im Status "Beendet".
Record Number: 36754
Source Name: Service Control Manager
Time Written: 20091112145651.000000-000
Event Type: Informationen
User:

Computer Name: Muloo-PC
Event Code: 537
Message: Auf diesem Computer konnte kein kompatibles TPM-Sicherheitsgerät (Trusted Platform Module) gefunden werden. TBS konnte nicht gestartet werden.
Record Number: 36755
Source Name: Microsoft-Windows-TBS
Time Written: 20091112145651.253771-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Muloo-PC
Event Code: 7036
Message: Dienst "Windows Update" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36756
Source Name: Service Control Manager
Time Written: 20091112145705.000000-000
Event Type: Informationen
User:

Computer Name: Muloo-PC
Event Code: 7036
Message: Dienst "Windows Mobile 2003-basierte Geräteverbindung" befindet sich jetzt im Status "Ausgeführt".
Record Number: 36757
Source Name: Service Control Manager
Time Written: 20091112145705.000000-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: Muloo-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 4480
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20091112145541.598771-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: Muloo-PC
Event Code: 1
Message: Der Zertifikatdiensteclient wurde erfolgreich gestartet.
Record Number: 4481
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20091112145551.300771-000
Event Type: Informationen
User: Muloo-PC\Muloo

Computer Name: Muloo-PC
Event Code: 1
Message: Windows Mobile-Legacygeräteverbindung wurde gestartet.
Record Number: 4482
Source Name: RapiMgr
Time Written: 20091112145651.000000-000
Event Type: Informationen
User:

Computer Name: Muloo-PC
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 4483
Source Name: LightScribeService
Time Written: 20091112145704.000000-000
Event Type: Informationen
User:

Computer Name: Muloo-PC
Event Code: 1
Message: Windows Mobile-Legacygeräteverbindung wurde gestartet.
Record Number: 4484
Source Name: WcesComm
Time Written: 20091112145705.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: Muloo-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7099
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112145700.677771-000
Event Type: Überwachung gescheitert
User:

Computer Name: Muloo-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7100
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112145700.746771-000
Event Type: Überwachung gescheitert
User:

Computer Name: Muloo-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7101
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112145700.839771-000
Event Type: Überwachung gescheitert
User:

Computer Name: Muloo-PC
Event Code: 5038
Message: Die Codeintegrität hat festgestellt, dass der Abbildhash einer Datei nicht gültig ist. Die Datei wurde möglicherweise durch eine nicht autorisierte Änderung beschädigt. Dieses Problem kann auch auf einen potenziellen Fehler des Datenträgergeräts hinweisen.

Dateiname: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7102
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112145700.909771-000
Event Type: Überwachung gescheitert
User:

Computer Name: Muloo-PC
Event Code: 5032
Message: Der Windows-Firewalldienst konnte den Benutzer nicht darüber benachrichtigen, dass eine Anwendung blockiert wurde und keine eingehenden Verbindungen im Netzwerk annehmen kann.

Fehlercode: 2
Record Number: 7103
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091112145710.322771-000
Event Type: Überwachung gescheitert
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion

-----------------EOF-----------------
GMER funz immer noch nicht bei jedem scan stürzt mir die Kiste ab ;)
Seitenanfang Seitenende
12.11.2009, 17:42
Member
Avatar Chris4You

Beiträge: 694
#4 Hi,

Whow, da ist ein munterer Zoo zu Gast...

Deine externen USB-Platten/Sticks dürften verseucht sein, jede Menge verseuchter Mountpoints...

Code

...

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f87bc97-acba-11de-b9d7-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\kwdfo.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{455cb053-b305-11de-9f4c-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\kbvda.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d242656-a0ff-11de-aba1-00a0d5ffffa9}]
shell\AutoRun\command - H:\
shell\open\command - rundll32.exe .\\sulwoa.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90006693-961e-11de-9644-806e6f6e6963}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91755891-be02-11de-9a6c-00a0d5ffffa9}]
shell\AutoRun\command - G:\
shell\open\command - rundll32.exe .\\hvifil32.dll,InstallM

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5aab-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ac5-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e18a5ad9-c45e-11de-bf6d-00269e0a2f87}]
shell\AutoRun\command - H:\RECYCLERS\runmgr.exe
shell\open\command - H:\RECYCLERS\runmgr.exe
...
Das Gmer abstürzt deutet auf eine bestimmte TDSS-Variante (Rootkit) hin...

Gehe wie folgt vor:
CF runterladen (siehe unten), alle externen Datenträger mit gedrückter Shift - Taste gedrückt halten anschließen:

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.
Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report angezeigt, den bitte kopieren und in deinem Thread einfuegen.

Danach noch bitte das hier:
http://ad13.geekstogo.com/RootRepeal.zip
Auspacken und laufen lassen, Log hier posten...
http://www.technibble.com/articlecontent/2009/07/rootrepeal.gif
Scan und dann Save Report

chris
Dieser Beitrag wurde am 12.11.2009 um 17:54 Uhr von Chris4You editiert.
Seitenanfang Seitenende
13.11.2009, 09:57
Member

Themenstarter

Beiträge: 34
#5 ComboFix 09-11-13.04 - Muloo 13.11.2009 8:18.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.41.1031.18.3038.1899 [GMT 1:00]
ausgeführt von:: c:\users\Muloo\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-189395816-1449435903-107672537-500
c:\$recycle.bin\S-1-5-21-2766002659-4142239451-994073670-500
c:\windows\010112010146101105.rx
c:\windows\010112010146116101.xxe
c:\windows\0101120101465050.xxe
c:\windows\0101120101465150.xxe
c:\windows\0101120101465155.xxe
c:\windows\bk23567.dat
c:\windows\system32\oem10.inf

.
((((((((((((((((((((((( Dateien erstellt von 2009-10-13 bis 2009-11-13 ))))))))))))))))))))))))))))))
.

2009-11-13 07:36 . 2009-11-13 07:37 -------- d-----w- c:\users\Muloo\AppData\Local\temp
2009-11-13 07:36 . 2009-11-13 07:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-12 14:56 . 2009-11-12 14:57 -------- d-----w- C:\rsit
2009-11-12 08:15 . 2009-11-12 08:15 -------- d-----w- c:\program files\Trend Micro
2009-11-11 16:48 . 2009-11-11 16:48 27 ----a-w- c:\windows\bk20856.dat
2009-11-11 08:06 . 2009-11-11 08:06 -------- d-----w- c:\users\Muloo\AppData\Roaming\Malwarebytes
2009-11-11 08:05 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 08:05 . 2009-11-11 08:06 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 08:05 . 2009-11-11 08:05 -------- d-----w- c:\programdata\Malwarebytes
2009-11-11 08:05 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 07:23 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 07:22 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 15:55 . 2009-11-10 15:55 -------- d-----w- c:\users\Muloo\AppData\Local\Threat Expert
2009-11-10 15:45 . 2009-11-10 15:45 -------- d-----w- c:\users\Muloo\AppData\Roaming\PC Tools
2009-11-10 15:45 . 2009-11-10 15:45 -------- d-----w- c:\programdata\PC Tools
2009-11-10 14:15 . 2009-07-28 15:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-10 14:15 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-11-10 14:15 . 2009-11-10 14:15 -------- d-----w- c:\programdata\Avira
2009-11-10 14:15 . 2009-11-10 14:15 -------- d-----w- c:\program files\Avira
2009-10-30 07:03 . 2009-02-17 19:38 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-10-30 07:03 . 2008-12-30 10:57 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-10-30 07:03 . 2008-12-13 10:27 102784 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-10-30 07:03 . 2008-04-14 08:36 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-10-30 07:03 . 2007-08-09 03:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-10-30 07:03 . 2009-10-30 07:04 40960 d-----w- c:\program files\Mobile Partner
2009-10-28 09:10 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 09:10 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 08:16 . 2009-10-23 05:49 4096 d-----w- c:\programdata\NOS
2009-10-22 08:16 . 2009-10-22 08:16 -------- d-----w- c:\program files\NOS
2009-10-19 15:09 . 2009-10-19 15:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2009-10-19 06:11 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-19 06:11 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-19 06:11 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-19 06:10 . 2009-08-31 13:55 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-10-19 06:10 . 2009-08-31 13:55 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-10-19 06:10 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
2009-10-19 06:10 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-19 06:10 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 07:38 . 2009-11-10 15:45 40960 d-----w- c:\program files\Spyware Doctor
2009-11-13 07:12 . 2009-02-21 09:18 653034 ----a-w- c:\windows\system32\perfh010.dat
2009-11-13 07:12 . 2009-02-21 09:18 119750 ----a-w- c:\windows\system32\perfc010.dat
2009-11-13 07:12 . 2009-02-21 09:13 618442 ----a-w- c:\windows\system32\perfh007.dat
2009-11-13 07:12 . 2009-02-21 09:13 122842 ----a-w- c:\windows\system32\perfc007.dat
2009-11-13 07:12 . 2009-02-21 09:08 659180 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-13 07:12 . 2009-02-21 09:08 122976 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-12 19:50 . 2009-07-20 01:15 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-12 13:38 . 2009-08-31 14:06 131072 d-----w- c:\program files\StarWarsGalaxies
2009-11-12 12:57 . 2009-10-07 12:10 -------- d-----w- c:\program files\SystemRequirementsLab
2009-11-12 12:57 . 2009-09-29 06:33 4096 d-----w- c:\program files\Download Manager
2009-11-12 02:19 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 02:03 . 2009-08-31 13:12 8192 d-----w- c:\programdata\Microsoft Help
2009-11-10 15:50 . 2009-11-10 15:45 -------- d-----w- c:\program files\Common Files\PC Tools
2009-11-02 19:42 . 2009-10-05 06:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 07:00 . 2009-09-07 14:30 6836 ----a-w- c:\users\Muloo\AppData\Local\d3d9caps.dat
2009-10-08 10:31 . 2009-11-10 15:50 149456 ----a-w- c:\windows\SGDetectionTool.dll
2009-10-08 10:31 . 2009-11-10 15:50 165840 ----a-w- c:\windows\PCTBDRes.dll
2009-10-08 10:31 . 2009-11-10 15:50 1636304 ----a-w- c:\windows\PCTBDCore.dll
2009-10-08 10:31 . 2009-11-10 15:50 767952 ----a-w- c:\windows\BDTSupport.dll
2009-10-07 12:00 . 2009-02-21 02:55 4096 d-----w- c:\program files\Java
2009-10-06 15:31 . 2009-11-10 15:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-02 13:19 . 2009-11-10 15:50 1152470 ----a-w- c:\windows\UDB.zip
2009-09-29 06:33 . 2009-09-29 06:33 -------- d-----w- c:\users\Muloo\AppData\Roaming\IGN_DLM
2009-09-24 07:55 . 2009-11-10 15:45 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2009-09-24 07:55 . 2009-11-10 15:45 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 15:10 . 2009-11-10 15:45 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-23 11:01 . 2009-09-23 11:01 -------- d-----w- c:\program files\Sun
2009-09-17 05:56 . 2009-02-21 02:25 4096 d-----w- c:\programdata\CyberLink
2009-09-17 05:53 . 2009-07-20 02:06 36864 ----a-w- c:\programdata\Temp\{67626E09-5366-4480-8F1E-93FADF50CA15}\PostBuild.exe
2009-09-16 02:20 . 2009-11-10 15:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-09-15 07:21 . 2009-09-15 07:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdRapi_01_00_00.Wdf
2009-09-15 05:20 . 2009-11-10 15:45 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2009-09-15 01:12 . 2009-11-10 15:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2009-09-15 00:01 . 2009-11-10 15:45 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2009-09-14 12:00 . 2009-09-14 12:00 -------- d-----w- c:\program files\Google
2009-09-03 08:45 . 2009-11-10 15:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 14:03 . 2009-09-01 14:02 15235224 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\de\Installers\SetupGamesClient.exe
2009-09-01 13:36 . 2009-09-01 13:36 0 ----a-w- c:\windows\nsreg.dat
2009-08-31 16:05 . 2009-08-31 13:22 75264 ----a-w- c:\users\Muloo\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-31 14:31 . 2009-08-31 14:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-28 12:39 . 2009-09-03 06:14 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-28 10:15 . 2009-09-03 06:14 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-27 05:22 . 2009-10-22 05:34 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-22 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-22 05:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-22 05:34 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-02-21 09:42 . 2009-02-21 09:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{472734EA-242A-422B-ADF8-83D1E48CC825}"= "c:\program files\Spyware Doctor\BDT\PCTBrowserDefender.dll" [2009-10-08 395216]

[HKEY_CLASSES_ROOT\clsid\{472734ea-242a-422b-adf8-83d1e48cc825}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{175B7885-28AB-4D18-8773-7A13A99980A4}]
[HKEY_CLASSES_ROOT\BrowserDefender.BDToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-22 1243088]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [10.11.2009 16:45 207280]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 04:02];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [28.11.2008 17:04 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe [20.07.2009 02:23 77824]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [10.11.2009 15:15 108289]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21.01.2008 03:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [18.03.2008 15:24 19456]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10.11.2009 16:45 358600]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [09.02.2009 17:14 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [09.02.2009 17:14 116096]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\System32\vfsFPService.exe [18.11.2008 05:09 599344]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [04.09.2008 18:47 54784]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [23.10.2008 10:42 107360]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\System32\drivers\swivspnt.sys [26.03.2007 13:18 20352]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [21.01.2008 03:23 21504]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\System32\drivers\swnc8u80.sys [20.05.2008 15:24 167040]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\System32\drivers\swumx80.sys [20.05.2008 15:25 143360]
S4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [10.11.2009 16:50 112592]
S4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [21.02.2009 02:45 222512]
S4 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [02.09.2009 14:15 442880]
S4 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [21.02.2009 04:27 365952]

--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PCTSDInjDriver32
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: {7419F3E3-06FB-4E83-8B99-22A88BAFC6F3} = 195.141.56.5 193.192.227.3
FF - ProfilePath - c:\users\Muloo\AppData\Roaming\Mozilla\Firefox\Profiles\sur41b9x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-AirCardEnabler - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 08:37
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-189395816-1449435903-107672537-1000\Software\SecuROM\License information*]
"datasecu"=hex:a1,cb,b2,6c,fa,0c,c4,4a,8f,c3,5b,ab,ca,13,74,d1,6d,44,88,5b,e8,
9b,2b,cb,08,9e,b3,87,f6,52,00,43,6c,55,7a,6c,66,ce,6c,20,e7,ba,f3,03,13,35,\
"rkeysecu"=hex:b3,37,c4,c2,0c,ce,58,3a,47,79,85,69,d7,ac,80,ff

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\DPPWDFLT.dll
.
Zeit der Fertigstellung: 2009-11-13 08:42
ComboFix-quarantined-files.txt 2009-11-13 07:42

Vor Suchlauf: 10 Verzeichnis(se), 368'982'106'112 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 370'026'553'344 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 36258E219BDF4F9788BB64F5CFF535EF


ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/13 09:54
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: 000.fcl
Image Path: C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl
Address: 0x9DE07000 Size: 180224 File Visible: - Signed: -
Status: -

Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8F37A000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Accelerometer.sys
Image Path: C:\Windows\system32\DRIVERS\Accelerometer.sys
Address: 0x8F62F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x8068A000 Size: 286720 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x8220A000 Size: 3907584 File Visible: - Signed: -
Status: -

Name: adp94xx.sys
Image Path: C:\Windows\system32\drivers\adp94xx.sys
Address: 0x82D71000 Size: 434176 File Visible: - Signed: -
Status: -

Name: adpahci.sys
Image Path: C:\Windows\system32\drivers\adpahci.sys
Address: 0x82E0B000 Size: 311296 File Visible: - Signed: -
Status: -

Name: adpu160m.sys
Image Path: C:\Windows\system32\drivers\adpu160m.sys
Address: 0x82E57000 Size: 110592 File Visible: - Signed: -
Status: -

Name: adpu320.sys
Image Path: C:\Windows\system32\drivers\adpu320.sys
Address: 0x82E98000 Size: 155648 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8FB8E000 Size: 294912 File Visible: - Signed: -
Status: -

Name: aliide.sys
Image Path: C:\Windows\system32\drivers\aliide.sys
Address: 0x807EF000 Size: 28672 File Visible: - Signed: -
Status: -

Name: amdide.sys
Image Path: C:\Windows\system32\drivers\amdide.sys
Address: 0x807F6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: arc.sys
Image Path: C:\Windows\system32\drivers\arc.sys
Address: 0x82ED2000 Size: 90112 File Visible: - Signed: -
Status: -

Name: arcsas.sys
Image Path: C:\Windows\system32\drivers\arcsas.sys
Address: 0x82EE8000 Size: 90112 File Visible: - Signed: -
Status: -

Name: asyncmac.sys
Image Path: C:\Windows\system32\DRIVERS\asyncmac.sys
Address: 0x9DE63000 Size: 36864 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x82CDB000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x82CE3000 Size: 122880 File Visible: - Signed: -
Status: -

Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8EC0E000 Size: 6180864 File Visible: - Signed: -
Status: -

Name: avgio.sys
Image Path: C:\Program Files\Avira\AntiVir Desktop\avgio.sys
Address: 0x8FEEF000 Size: 6144 File Visible: - Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\Windows\system32\DRIVERS\avgntflt.sys
Address: 0x8FFD2000 Size: 81920 File Visible: - Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\Windows\system32\DRIVERS\avipbb.sys
Address: 0x8FED3000 Size: 114688 File Visible: - Signed: -
Status: -

Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x80777000 Size: 40960 File Visible: - Signed: -
Status: -

Name: bcmwl6.sys
Image Path: C:\Windows\system32\DRIVERS\bcmwl6.sys
Address: 0x8F200000 Size: 1343488 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8FAFE000 Size: 28672 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x80487000 Size: 32768 File Visible: - Signed: -
Status: -

Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x9B79D000 Size: 102400 File Visible: - Signed: -
Status: -

Name: catchme.sys
Image Path: C:\Users\Muloo\AppData\Local\Temp\catchme.sys
Address: 0x9DE6E000 Size: 31744 File Visible: No Signed: -
Status: -

Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x97840000 Size: 57344 File Visible: - Signed: -
Status: -

Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x8FF66000 Size: 90112 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8F60E000 Size: 98304 File Visible: - Signed: -
Status: -

Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804D0000 Size: 917504 File Visible: - Signed: -
Status: -

Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8F746000 Size: 57344 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x82C0A000 Size: 135168 File Visible: - Signed: -
Status: -

Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x8048F000 Size: 266240 File Visible: - Signed: -
Status: -

Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8B409000 Size: 14208 File Visible: - Signed: -
Status: -

Name: cmdide.sys
Image Path: C:\Windows\system32\drivers\cmdide.sys
Address: 0x805B0000 Size: 32768 File Visible: - Signed: -
Status: -

Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80774000 Size: 10496 File Visible: - Signed: -
Status: -

Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8FF7C000 Size: 53248 File Visible: - Signed: -
Status: -

Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x8B5CA000 Size: 36864 File Visible: - Signed: -
Status: -

Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8FEBC000 Size: 94208 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x8B5B9000 Size: 69632 File Visible: - Signed: -
Status: -

Name: djsvs.sys
Image Path: C:\Windows\system32\drivers\djsvs.sys
Address: 0x82EBE000 Size: 81920 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8FA32000 Size: 151552 File Visible: - Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8FF89000 Size: 45056 File Visible: No Signed: -
Status: -

Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8FF94000 Size: 40960 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8FF9E000 Size: 40960 File Visible: - Signed: -
Status: -

Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8B320000 Size: 651264 File Visible: - Signed: -
Status: -

Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x8B589000 Size: 159744 File Visible: - Signed: -
Status: -

Name: elxstor.sys
Image Path: C:\Windows\system32\drivers\elxstor.sys
Address: 0x82EFE000 Size: 606208 File Visible: - Signed: -
Status: -

Name: enecir.sys
Image Path: C:\Windows\system32\DRIVERS\enecir.sys
Address: 0x82DDB000 Size: 98304 File Visible: - Signed: -
Status: -

Name: ewusbmdm.sys
Image Path: C:\Windows\system32\DRIVERS\ewusbmdm.sys
Address: 0x8FF3A000 Size: 102784 File Visible: - Signed: -
Status: -

Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x8AD67000 Size: 65536 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x806D9000 Size: 204800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8FAEE000 Size: 36864 File Visible: - Signed: -
Status: -

Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8B2F6000 Size: 110592 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x825C4000 Size: 208896 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8B3BF000 Size: 73728 File Visible: - Signed: -
Status: -

Name: HdAudio.sys
Image Path: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x8F7B0000 Size: 258048 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8FAC6000 Size: 65536 File Visible: - Signed: -
Status: -

Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x8FABB000 Size: 45056 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8FAD6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8FEF9000 Size: 36864 File Visible: - Signed: -
Status: -

Name: hpcisss.sys
Image Path: C:\Windows\system32\drivers\hpcisss.sys
Address: 0x82D66000 Size: 45056 File Visible: - Signed: -
Status: -

Name: hpdskflt.sys
Image Path: C:\Windows\system32\DRIVERS\hpdskflt.sys
Address: 0x8B5B0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HpqKbFiltr.sys
Image Path: C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
Address: 0x8F3B8000 Size: 16768 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9B715000 Size: 438272 File Visible: - Signed: -
Status: -

Name: i2omp.sys
Image Path: C:\Windows\system32\drivers\i2omp.sys
Address: 0x82F92000 Size: 40960 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x8F3A5000 Size: 77824 File Visible: - Signed: -
Status: -

Name: iastorv.sys
Image Path: C:\Windows\system32\drivers\iastorv.sys
Address: 0x82C3A000 Size: 659456 File Visible: - Signed: -
Status: -

Name: iirsp.sys
Image Path: C:\Windows\system32\drivers\iirsp.sys
Address: 0x82F9C000 Size: 65536 File Visible: - Signed: -
Status: -

Name: intelide.sys
Image Path: C:\Windows\system32\drivers\intelide.sys
Address: 0x807DA000 Size: 28672 File Visible: - Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8B311000 Size: 61440 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: C:\Windows\system32\drivers\isapnp.sys
Address: 0x8073A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: iteatapi.sys
Image Path: C:\Windows\system32\drivers\iteatapi.sys
Address: 0x82FAC000 Size: 49152 File Visible: - Signed: -
Status: -

Name: iteraid.sys
Image Path: C:\Windows\system32\drivers\iteraid.sys
Address: 0x82FB8000 Size: 49152 File Visible: - Signed: -
Status: -

Name: jmcr.sys
Image Path: C:\Windows\system32\DRIVERS\jmcr.sys
Address: 0x8F388000 Size: 118784 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x8F3BD000 Size: 45056 File Visible: - Signed: -
Status: -

Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8FADD000 Size: 36864 File Visible: - Signed: -
Status: -

Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x8040E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8F71C000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x8B00C000 Size: 462848 File Visible: - Signed: -
Status: -

Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x9B6BE000 Size: 65536 File Visible: - Signed: -
Status: -

Name: lsi_fc.sys
Image Path: C:\Windows\system32\drivers\lsi_fc.sys
Address: 0x82FC4000 Size: 106496 File Visible: - Signed: -
Status: -

Name: lsi_sas.sys
Image Path: C:\Windows\system32\drivers\lsi_sas.sys
Address: 0x82FDE000 Size: 98304 File Visible: - Signed: -
Status: -

Name: lsi_scsi.sys
Image Path: C:\Windows\system32\drivers\lsi_scsi.sys
Address: 0x82D01000 Size: 106496 File Visible: - Signed: -
Status: -

Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8FFB7000 Size: 110592 File Visible: - Signed: -
Status: -

Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x80416000 Size: 393216 File Visible: - Signed: -
Status: -

Name: megasas.sys
Image Path: C:\Windows\system32\drivers\megasas.sys
Address: 0x82FF6000 Size: 40960 File Visible: - Signed: -
Status: -

Name: megasr.sys
Image Path: C:\Windows\system32\drivers\megasr.sys
Address: 0x8AC01000 Size: 749568 File Visible: - Signed: -
Status: -

Name: modem.sys
Image Path: C:\Windows\system32\drivers\modem.sys
Address: 0x8F67B000 Size: 53248 File Visible: - Signed: -
Status: -

Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8FFA8000 Size: 61440 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8B3E0000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8FAE6000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x805B8000 Size: 65536 File Visible: - Signed: -
Status: -

Name: mpio.sys
Image Path: C:\Windows\system32\drivers\mpio.sys
Address: 0x80749000 Size: 114688 File Visible: - Signed: -
Status: -

Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x9B7B6000 Size: 86016 File Visible: - Signed: -
Status: -

Name: mraid35x.sys
Image Path: C:\Windows\system32\drivers\mraid35x.sys
Address: 0x8ACB8000 Size: 45056 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x9B7CB000 Size: 131072 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8FBD6000 Size: 126976 File Visible: - Signed: -
Status: -

Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x9CE06000 Size: 233472 File Visible: - Signed: -
Status: -

Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x9CE3F000 Size: 98304 File Visible: - Signed: -
Status: -

Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x82D5C000 Size: 40960 File Visible: - Signed: -
Status: -

Name: msdsm.sys
Image Path: C:\Windows\system32\drivers\msdsm.sys
Address: 0x805C8000 Size: 106496 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8FB42000 Size: 45056 File Visible: - Signed: -
Status: -

Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x8070B000 Size: 32768 File Visible: - Signed: -
Status: -

Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8F63A000 Size: 188416 File Visible: - Signed: -
Status: -

Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x8B188000 Size: 176128 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8F754000 Size: 40960 File Visible: - Signed: -
Status: -

Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x8B57A000 Size: 61440 File Visible: - Signed: -
Status: -

Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x8B07D000 Size: 1093632 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8F69F000 Size: 45056 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x9B6F8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8F6AA000 Size: 143360 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8F79F000 Size: 69632 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8FE4F000 Size: 57344 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8FE07000 Size: 204800 File Visible: - Signed: -
Status: -

Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x8B1B3000 Size: 237568 File Visible: - Signed: -
Status: -

Name: nfrd960.sys
Image Path: C:\Windows\system32\drivers\nfrd960.sys
Address: 0x8ACC3000 Size: 57344 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8FB4D000 Size: 57344 File Visible: - Signed: -
Status: -

Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8FEB2000 Size: 40960 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x8B40D000 Size: 1110016 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x8220A000 Size: 3907584 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8FAF7000 Size: 28672 File Visible: - Signed: -
Status: -

Name: nvraid.sys
Image Path: C:\Windows\system32\drivers\nvraid.sys
Address: 0x805E2000 Size: 110592 File Visible: - Signed: -
Status: -

Name: nvstor.sys
Image Path: C:\Windows\system32\drivers\nvstor.sys
Address: 0x8ACD1000 Size: 53248 File Visible: - Signed: -
Status: -

Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x9B6CE000 Size: 172032 File Visible: - Signed: -
Status: -

Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8F36A000 Size: 61952 File Visible: - Signed: -
Status: -

Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8FE39000 Size: 90112 File Visible: - Signed: -
Status: -

Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80765000 Size: 61440 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x80713000 Size: 159744 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: C:\Windows\system32\drivers\pciide.sys
Address: 0x82C2B000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x807E1000 Size: 57344 File Visible: - Signed: -
Status: -

Name: PCTCore.sys
Image Path: C:\Windows\system32\drivers\PCTCore.sys
Address: 0x8AD77000 Size: 225280 File Visible: - Signed: -
Status: -

Name: PCTSDInj32.sys
Image Path: C:\Program Files\Spyware Doctor\PCTSDInj32.sys
Address: 0x9DE5C000 Size: 26944 File Visible: - Signed: -
Status: -

Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9CEE2000 Size: 909312 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x8220A000 Size: 3907584 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8FA05000 Size: 184320 File Visible: - Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS
Address: 0x9DE6C000 Size: 7872 File Visible: No Signed: -
Status: -

Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x80476000 Size: 69632 File Visible: - Signed: -
Status: -

Name: ql2300.sys
Image Path: C:\Windows\system32\drivers\ql2300.sys
Address: 0x8AE06000 Size: 1277952 File Visible: - Signed: -
Status: -

Name: ql40xx.sys
Image Path: C:\Windows\system32\drivers\ql40xx.sys
Address: 0x8AF3E000 Size: 348160 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8FB5B000 Size: 36864 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8F688000 Size: 94208 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8F6CD000 Size: 61440 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8F6DC000 Size: 81920 File Visible: - Signed: -
Status: -

Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8F6F0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x8220A000 Size: 3907584 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8FE76000 Size: 245760 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8FB32000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8FB3A000 Size: 32768 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\Windows\System32\Drivers\RootMdm.sys
Address: 0x8F673000 Size: 32768 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9DE7C000 Size: 49152 File Visible: No Signed: -
Status: -

Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x9B702000 Size: 77824 File Visible: - Signed: -
Status: -

Name: Rtlh86.sys
Image Path: C:\Windows\system32\DRIVERS\Rtlh86.sys
Address: 0x8F348000 Size: 139264 File Visible: - Signed: -
Status: -

Name: sbp2port.sys
Image Path: C:\Windows\system32\drivers\sbp2port.sys
Address: 0x8B565000 Size: 86016 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\Windows\system32\drivers\SCSIPORT.SYS
Address: 0x82E72000 Size: 155648 File Visible: - Signed: -
Status: -

Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9CFC0000 Size: 40960 File Visible: - Signed: -
Status: -

Name: sisraid2.sys
Image Path: C:\Windows\system32\drivers\sisraid2.sys
Address: 0x8AF93000 Size: 53248 File Visible: - Signed: -
Status: -

Name: sisraid4.sys
Image Path: C:\Windows\system32\drivers\sisraid4.sys
Address: 0x8AFA0000 Size: 86016 File Visible: - Signed: -
Status: -

Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8FB7A000 Size: 81920 File Visible: - Signed: -
Status: -

Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x8B55D000 Size: 32768 File Visible: - Signed: -
Status: -

Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x9B60F000 Size: 716800 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9CE7E000 Size: 311296 File Visible: - Signed: -
Status: -

Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x9CE57000 Size: 159744 File Visible: - Signed: -
Status: -

Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9B780000 Size: 118784 File Visible: - Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\Windows\system32\DRIVERS\ssmdrv.sys
Address: 0x8FE70000 Size: 23040 File Visible: - Signed: -
Status: -

Name: storport.sys
Image Path: C:\Windows\system32\drivers\storport.sys
Address: 0x82D1B000 Size: 266240 File Visible: - Signed: -
Status: -

Name: stwrt.sys
Image Path: C:\Windows\system32\DRIVERS\stwrt.sys
Address: 0x8FA57000 Size: 409600 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8F71A000 Size: 4992 File Visible: - Signed: -
Status: -

Name: swivspnt.sys
Image Path: C:\Windows\system32\DRIVERS\swivspnt.sys
Address: 0x8F705000 Size: 20352 File Visible: - Signed: -
Status: -

Name: sym_hi.sys
Image Path: C:\Windows\system32\drivers\sym_hi.sys
Address: 0x8AFC1000 Size: 45056 File Visible: - Signed: -
Status: -

Name: sym_u3.sys
Image Path: C:\Windows\system32\drivers\sym_u3.sys
Address: 0x8AFCC000 Size: 45056 File Visible: - Signed: -
Status: -

Name: symc8xx.sys
Image Path: C:\Windows\system32\drivers\symc8xx.sys
Address: 0x8AFB5000 Size: 49152 File Visible: - Signed: -
Status: -

Name: SynTP.sys
Image Path: C:\Windows\system32\DRIVERS\SynTP.sys
Address: 0x8F3C8000 Size: 194560 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8B20D000 Size: 954368 File Visible: - Signed: -
Status: -

Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9CFCA000 Size: 49152 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8F668000 Size: 45056 File Visible: - Signed: -
Status: -

Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8FB64000 Size: 90112 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8F70A000 Size: 65536 File Visible: - Signed: -
Status: -

Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x97820000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x8B400000 Size: 36864 File Visible: - Signed: -
Status: -

Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x8B5F5000 Size: 45056 File Visible: - Signed: -
Status: -

Name: uliahci.sys
Image Path: C:\Windows\system32\drivers\uliahci.sys
Address: 0x8ACDE000 Size: 245760 File Visible: - Signed: -
Status: -

Name: ulsata.sys
Image Path: C:\Windows\system32\drivers\ulsata.sys
Address: 0x8AFD7000 Size: 135168 File Visible: - Signed: -
Status: -

Name: ulsata2.sys
Image Path: C:\Windows\system32\drivers\ulsata2.sys
Address: 0x8AD1A000 Size: 180224 File Visible: - Signed: -
Status: -

Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8F75E000 Size: 53248 File Visible: - Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8FF02000 Size: 94208 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8F3F8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8B3D1000 Size: 61440 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8F76B000 Size: 212992 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8ADAE000 Size: 253952 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x8FF54000 Size: 73728 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8EC00000 Size: 45056 File Visible: - Signed: -
Status: -

Name: usbvideo.sys
Image Path: C:\Windows\System32\Drivers\usbvideo.sys
Address: 0x8FF19000 Size: 134016 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8FB05000 Size: 49152 File Visible: - Signed: -
Status: -

Name: viaide.sys
Image Path: C:\Windows\system32\drivers\viaide.sys
Address: 0x82C32000 Size: 32768 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\Windows\System32\drivers\VIDEOPRT.SYS
Address: 0x8FB11000 Size: 135168 File Visible: - Signed: -
Status: -

Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x80781000 Size: 61440 File Visible: - Signed: -
Status: -

Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x80790000 Size: 303104 File Visible: - Signed: -
Status: -

Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x8B524000 Size: 233472 File Visible: - Signed: -
Status: -

Name: vsmraid.sys
Image Path: C:\Windows\system32\drivers\vsmraid.sys
Address: 0x8AD46000 Size: 135168 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8FE5D000 Size: 77824 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8F1F3000 Size: 53248 File Visible: - Signed: -
Status: -

Name: wd.sys
Image Path: C:\Windows\system32\drivers\wd.sys
Address: 0x8B51C000 Size: 32768 File Visible: - Signed: -
Status: -

Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x80601000 Size: 507904 File Visible: - Signed: -
Status: -

Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x8067D000 Size: 53248 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0x97600000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x97600000 Size: 2105344 File Visible: - Signed: -
Status: -

Name: WinUSB.sys
Image Path: C:\Windows\system32\DRIVERS\WinUSB.sys
Address: 0x8FEF1000 Size: 31616 File Visible: - Signed: -
Status: -

Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8F626000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D0000 Size: 36864 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x8220A000 Size: 3907584 File Visible: - Signed: -
Status: -

Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9DE48000 Size: 73728 File Visible: - Signed: -
Status: -

Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9DE33000 Size: 83328 File Visible: - Signed: -
Status: -

So bitte schön
Seitenanfang Seitenende
13.11.2009, 14:05
Member
Avatar Chris4You

Beiträge: 694
#6 Hi,

hattest Du die externen Datenträger angeschlossen?

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
Als erstes versteckte Dateien (http://www.trojaner-board.de/54791-anleitung-uploadchannel-trojaner-board.html#post349565) anzeigen lassen! (nur Punkt 1 durchführen!)Suche die Seite (http://www.virustotal.com/)Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code

C:\Windows\System32\drivers\tcpip.sys
c:\windows\system32\ieUnatt.exe
c:\windows\system32\DPPWDFLT.dll
C:\Windows\system32\drivers\atapi.sys
Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.) Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Avira
Stelle Avira wie folgt ein: http://www.trojaner-board.de/54192-anleitung-avira-antivir-agressive-einstellungen.html
Führe einen Systemscan durch und poste das Ergebnis!

chris
Seitenanfang Seitenende
13.11.2009, 18:48
Member

Themenstarter

Beiträge: 34
#7 Habe keine externen Datenträger.

Datei tcpip.sys empfangen 2009.11.13 17:09:06 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2943 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 -
Microsoft 1.5202 2009.11.13 -
NOD32 4604 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
weitere Informationen
File size: 897608 bytes
MD5...: 8a7ad2a214233f684242f289ed83ebc3
SHA1..: 8117da2499694a2cc518653ef306d63beeb5ab16
SHA256: 2437b9a6378c9d80efe58f49a55c4ea125ca47170eb19669734d882e91ed452d
ssdeep: 24576:+jYhY8Vh2ADPJkAZEsn9IhFA1RdAqE/b0rn6y+w/z+5/:7Ue1RbFa5/

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xdd1b9
timedatestamp.....: 0x4a8571aa (Fri Aug 14 14:16:10 2009)
machinetype.......: 0x14c (I386)

( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xba696 0xba800 6.56 e172f42a37d5627bf6456f7a8bd7cba0
.rdata 0xbc000 0xa624 0xa800 5.97 cb0cb6325e35161293cd9bfd62833a8c
.data 0xc7000 0x128fc 0x8200 0.74 e5831448aaa5366b87efbbf879ace005
PAGE 0xda000 0x998 0xa00 6.23 0599c883c682124b4a8a78f2d4fdbbb9
.edata 0xdb000 0x49 0x200 0.85 936f4d20f849cbe84b238192180e3e54
PAGECONS 0xdc000 0x78 0x200 1.24 e55f42a50e6d2516227666da201ea002
INIT 0xdd000 0x3e4a 0x4000 5.86 7430a9a6b15bdffe9c85019baba53105
.rsrc 0xe1000 0x3e0 0x400 3.35 3a67ffe29d9aa4a98b186edfe6200e8c
.reloc 0xe2000 0x6de0 0x6e00 6.80 06f20001f2d32e09eb27fb021cc2b0d1

( 8 imports )
> ntoskrnl.exe: RtlIpv4AddressToStringExW, MmUnlockPages, MmUserProbeAddress, PsGetCurrentProcessId, ExAcquireResourceExclusiveLite, KeEnterCriticalRegion, KeLeaveCriticalRegion, ExReleaseResourceLite, ExDeleteResourceLite, ExInitializeResourceLite, RtlUnwind, RtlAnsiCharToUnicodeChar, MmProbeAndLockPages, RtlInitializeBitMap, RtlSetBit, RtlSetBits, ExInitializeLookasideListEx, ExDeleteLookasideListEx, KeBugCheckEx, DbgPrint, RtlSubAuthoritySid, ObOpenObjectByPointer, ZwQueryInformationToken, ExGetPreviousMode, ExUuidCreate, ExAllocatePoolWithQuotaTag, KeBugCheck, KeDelayExecutionThread, KeTickCount, IoGetCurrentProcess, KeInitializeMutex, SeSetAuditParameter, SeReportSecurityEventWithSubCategory, DbgBreakPoint, MmSizeOfMdl, MmUnmapLockedPages, ObLogSecurityDescriptor, SeCaptureSubjectContextEx, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAccessCheck, SeUnlockSubjectContext, SeReleaseSubjectContext, RtlCreateSecurityDescriptor, SeExports, RtlLengthSid, RtlCreateAcl, RtlAddAccessAllowedAceEx, RtlSetDaclSecurityDescriptor, ExInterlockedFlushSList, KeInitializeSemaphore, ExAllocatePoolWithTagPriority, RtlIpv6AddressToStringExW, RtlVerifyVersionInfo, KeInitializeTimerEx, ExGetCurrentProcessorCounts, KeSetTimerEx, KeQueryActiveProcessors, KeQueryInterruptTime, KeFlushQueuedDpcs, KeCancelTimer, KeInitializeDpc, KeSetTargetProcessorDpc, KeSetImportanceDpc, KeWaitForMultipleObjects, KeInsertQueueDpc, IoAllocateWorkItem, IoQueueWorkItem, IoFreeWorkItem, MmBuildMdlForNonPagedPool, RtlInitializeGenericTableAvl, RtlGetVersion, KeQuerySystemTime, RtlLookupElementGenericTableFullAvl, ObDereferenceSecurityDescriptor, IoAllocateErrorLogEntry, IoWriteErrorLogEntry, ExNotifyCallback, KeQueryMaximumProcessorCount, KeIsExecutingDpc, PsGetProcessSessionId, InterlockedPushEntrySList, InterlockedPopEntrySList, KefAcquireSpinLockAtDpcLevel, IoAllocateMdl, IoBuildPartialMdl, KefReleaseSpinLockFromDpcLevel, IoFreeMdl, PsGetProcessId, MmMapLockedPagesSpecifyCache, ZwQuerySystemInformation, KeTestSpinLock, KeAcquireInStackQueuedSpinLockAtDpcLevel, KeReleaseInStackQueuedSpinLockFromDpcLevel, ObReferenceSecurityDescriptor, KeReleaseSemaphore, ExCreateCallback, IoBuildDeviceIoControlRequest, IoGetDeviceObjectPointer, ObfReferenceObject, PsGetCurrentProcess, PsIsSystemThread, PsGetThreadProcess, KeGetCurrentThread, KeInitializeEvent, KeSetEvent, RtlEnumerateGenericTableLikeADirectory, RtlTimeToTimeFields, ExDeleteNPagedLookasideList, ExInitializeNPagedLookasideList, RtlLengthRequiredSid, RtlInitializeSid, RtlAddAccessAllowedAce, ObSetSecurityObjectByPointer, RtlValidSid, RtlCopySid, IoCreateDevice, IoDeleteDevice, KeReadStateEvent, KeWaitForSingleObject, KeQueryActiveProcessorCount, KeReleaseMutex, ObfDereferenceObject, ZwOpenEvent, ObReferenceObjectByHandle, ZwClose, IofCompleteRequest, IofCallDriver, IoWMIRegistrationControl, RtlCompareMemory, RtlInitUnicodeString, MmGetSystemRoutineAddress, ZwEnumerateKey, RtlQueryRegistryValues, RtlIpv4StringToAddressW, RtlSubAuthorityCountSid, RtlIntegerToUnicodeString, RtlConvertSidToUnicodeString, RtlFreeUnicodeString, ZwQueryValueKey, RtlUnicodeStringToInteger, ZwOpenKey, RtlCompareUnicodeString, PsSetCreateProcessNotifyRoutineEx, SeLocateProcessImageName, ZwCreateFile, RtlDowncaseUnicodeString, ZwOpenProcess, KeStackAttachProcess, ZwDuplicateToken, KeUnstackDetachProcess, IoDeleteSymbolicLink, IoCreateSymbolicLink, KeQueryTimeIncrement, PsReferenceImpersonationToken, PsDereferencePrimaryToken, PsReferencePrimaryToken, PsDereferenceImpersonationToken, ObCloseHandle, VerSetConditionMask, RtlFindSetBits, RtlAreBitsClear, RtlFindClearBits, RtlClearBits, ExAcquireResourceSharedLite, RtlClearBit, RtlClearAllBits, SeOpenObjectAuditAlarmForNonObObject, RtlTestBit, RtlEqualSid, RtlIpv6StringToAddressW, memset, memcpy, ExAllocatePoolWithTag, IoWMIWriteEvent, SeQueryInformationToken, ExFreePoolWithTag
> NETIO.SYS: FsbAllocateAtDpcLevel, RtlInitializeTimerWheelEntry, NetioShutdownWorkQueue, RtlComputeToeplitzHash, RtlLookupEntryHashTable, RtlGetNextEntryHashTable, RtlInsertEntryHashTable, RtlRemoveEntryHashTable, RtlCleanupTimerWheelEntry, RtlEndEnumerationHashTable, RtlEnumerateEntryHashTable, RtlInitEnumerationHashTable, RtlReturnTimerWheelEntry, RtlGetNextExpiredTimerWheelEntry, RtlDeleteElementGenericTableBasicAvl, NetioInitializeWorkQueue, RtlInsertElementGenericTableBasicAvl, FsbAllocate, NetioAdvanceToLocationInNetBuffer, RtlCopyMdlToMdlIndirect, RtlUpdateCurrentTimerWheelTick, RtlEndTimerWheelEnumeration, RtlEnumerateNextTimerWheelEntry, RtlInitializeTimerWheelEnumeration, RtlCleanupTimerWheel, RtlDeleteHashTable, RtlCreateHashTable, RtlInitializeTimerWheel, RtlContractHashTable, RtlExpandHashTable, NetioFreeOpaquePerProcessorContext, NetioAllocateOpaquePerProcessorContext, TlDefaultRequestQueryDispatchEndpoint, TlDefaultRequestMessage, TlDefaultRequestQueryDispatch, RtlEndWeakEnumerationHashTable, RtlWeaklyEnumerateEntryHashTable, RtlInitWeakEnumerationHashTable, NsiFreeTable, NsiAllocateAndGetTable, NsiSetAllParameters, RtlCopyMdlToBuffer, NetioFreeNetBufferAndNetBufferList, NetioAllocateAndReferenceNetBufferAndNetBufferList, RtlCopyBufferToMdl, NmrWaitForClientDeregisterComplete, NmrDeregisterClient, NmrClientDetachProviderComplete, NmrClientAttachProvider, NmrRegisterClient, NmrProviderDetachClientComplete, NmrRegisterProvider, NmrWaitForProviderDeregisterComplete, NmrDeregisterProvider, NetioRetreatNetBufferList, NetioAllocateAndReferenceCopyNetBufferListEx, NetioCompleteCopyNetBufferListChain, NetioFreeCopyNetBufferList, NetioInitializeNetBufferListContext, TlDefaultRequestCancel, TlDefaultRequestConnect, TlDefaultRequestListen, NetioReferenceNetBufferList, TlDefaultRequestIoControl, NetioDereferenceNetBufferListChain, NetioAllocateNetBufferMdlAndData, NetioAllocateAndReferenceNetBufferListNetBufferMdlAndData, NetioDereferenceNetBufferList, NetioFreeNetBuffer, NetioExtendNetBuffer, NetioFreeNetBufferList, FsbFree, RtlIndicateTimerWheelEntryTimerStart, NetioFreeMdl, NetioFreeNetBufferListNetBufferMdlAndDataPool, NetioAllocateNetBufferMdlAndDataPool, NetioAllocateNetBufferListNetBufferMdlAndDataPool, NetioFreeNetBufferMdlAndDataPool, RtlCleanupToeplitzHash, RtlInitializeToeplitzHash, WfpStartStreamShim, NetioAllocateMdl, NetioInsertWorkQueue, WfpStreamInspectRemoteDisconnect, WfpStreamInspectReceive, WfpStreamInspectDisconnect, WfpStreamInspectSend, WfpStreamEndpointCleanupBegin, NetioInitializeNetBufferListAndFirstNetBufferContext, NsiEnumerateObjectsAllParameters, NsiReferenceDefaultObjectSecurity, NsiDeregisterChangeNotification, NsiRegisterChangeNotification, NetioCompleteNetBufferListChain, RtlCopyMdlToMdl, NetioAllocateAndReferenceFragmentNetBufferList, SetWfpDeviceObject, IoctlKfdBatchUpdate, IoctlKfdDeleteIndex, IoctlKfdAddIndex, IoctlKfdAddCache, IoctlKfdResetState, IoctlKfdQueryLayerStatistics, IoctlKfdAbortTransaction, IoctlKfdCommitTransaction, IoctlKfdDeleteCache, KfdIsActiveCallout, HfCreateFactory, HfDestroyFactory, NsiSetObjectSecurity, NetioAllocateNetBuffer, NetioAllocateAndReferenceNetBufferList, PtGetNumNodes, PtCreateTable, PtDestroyTable, PtDeleteEntry, PtInsertEntry, PtGetExactMatch, PtEnumOverTable, PtGetLongestMatch, PtGetNextShorterMatch, RtlCompute37Hash, PtGetKey, PtSetData, PtGetData, NsiSetParameter, NetioCompleteNetBufferAndNetBufferListChain, NetioQueryNetBufferListTrafficClass, NetioAllocateAndReferenceVacantNetBufferList, NetioAllocateAndReferenceCloneNetBufferListEx, NetioExpandNetBuffer, NetioUpdateNetBufferListContext, NetioAllocateAndReferenceCloneNetBufferList, NetioFreeCloneNetBufferList, NsiGetParameter, KfdCheckAcceptBypass, KfdCheckAndCacheAcceptBypass, KfdCheckConnectBypass, KfdCheckAndCacheConnectBypass, KfdGetLayerActionFromEnumTemplate, KfdEnumLayer, KfdGetNextFilter, KfdDerefFilterContext, KfdFreeEnumHandle, WfpScavangeLeastRecentlyUsedList, KfdAleInitializeFlowTable, WfpSetBucketsToEmptyLru, WfpExpireEntryLru, WfpInsertEntryLru, WfpDeleteEntryLru, WfpStreamIsFilterPresent, KfdToggleFilterActivation, NsiGetAllParameters, WfpInitializeLeastRecentlyUsedList, KfdAleNotifyFlowDeletion, FwppStreamDeleteDpcQueue, WfpUninitializeLeastRecentlyUsedList, KfdAleUninitializeFlowHandles, KfdAleInitializeFlowHandles, KfdGetOffloadEpoch, KfdIsLsoOffloadPossibleV6, KfdIsLsoOffloadPossibleV4, KfdIsV6InTransportFastEmpty, KfdIsV4InTransportFastEmpty, KfdIsV6OutTransportFastEmpty, KfdIsV4OutTransportFastEmpty, WfpRefreshEntryLru, NetioAdvanceNetBufferList, KfdCheckClassifyNeededAndUpdateEpoch, KfdAleAcquireFlowHandleForFlow, KfdClassify, KfdAleReleaseFlowHandleForFlow, KfdGetLayerCacheEpoch, KfdIsLayerEmpty, FwppStreamInject, FwppStreamContinue, FwppCopyStreamDataToBuffer, FwppAdvanceStreamDataPastOffset, FwppTruncateStreamDataAfterOffset, NetioUnRegisterProcessorAddCallback, NetioUnInitializeNetBufferListLibrary, NetioInitializeNetBufferListLibrary, NetioRegisterProcessorAddCallback, RtlInvokeStartRoutines, RtlInvokeStopRoutines, FsbDestroyPool, WfpStopStreamShim, FsbCreatePool, NsiGetParameterEx
> NDIS.SYS: NdisDeregisterProtocolDriver, NdisRegisterProtocolDriver, NdisInitiateOffload, NdisInitializeTimer, NdisAcquireReadWriteLock, NdisGetSessionToCompartmentMappingEpochAndZero, NdisTerminateOffload, NdisUpdateOffload, NdisInvalidateOffload, NdisQueryOffloadState, NdisOidRequest, NdisDirectOidRequest, NdisCompleteNetPnPEvent, NdisCloseAdapterEx, NdisOpenAdapterEx, NdisSetTimer, NdisInitializeReadWriteLock, NdisCancelTimer, NdisCancelSendNetBufferLists, NdisSendNetBufferLists, NdisReleaseReadWriteLock, NdisReturnNetBufferLists, NdisOffloadTcpSend, NdisOffloadTcpReceive, NdisOffloadTcpReceiveReturn, NdisOffloadTcpDisconnect, NdisSetOptionalHandlers, NdisOffloadTcpForward, NdisGetDataBuffer, NetDmaRegisterClient, NetDmaDeregisterClient, NetDmaFreeChannel, NetDmaAllocateChannel, NdisGetProcessorInformation, NdisFreeNetBufferList, NetDmaNullTransfer, NetDmaIsDmaCopyComplete, NdisGetThreadObjectCompartmentId, NdisGetSessionCompartmentId, NdisAdjustNetBufferCurrentMdl, NdisAdvanceNetBufferDataStart, NdisRetreatNetBufferDataStart
> FLTMGR.SYS: FltGetFileNameInformationUnsafe, FltReleaseFileNameInformation
> fwpkclnt.sys: FwpsCalloutUnregisterByKey0, FwpmBfeStateSubscribeChangesWithoutDevice0, FwpmBfeStateUnsubscribeChanges0, FwpsClassifyOptionSet0, FwpmEngineClose0, FwpmEngineOpen0, FwpmSecureSocketDeleteByKeyAsync0, FwpmSecureSocketAddAsync0, FwpmEventProviderIsNetEventTypeEnabled0, FwpsRequestEndpointDeleteNotification0, FwppDispatchDevCtl0, IPsecDriverExpire, IPsecDriverInitiateAcquire, FwpmEventProviderFireNetEvent0, FwpsTcpIpDispatchTableClear0, FwpmEventProviderDestroy0, FwpmEventProviderCreate0, FwpsTcpIpDispatchTableSet0, FwpsCalloutRegisterWithoutDevice0
> HAL.dll: KeGetCurrentIrql, KfReleaseSpinLock, KfLowerIrql, KfAcquireSpinLock, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, KeRaiseIrqlToDpcLevel, ExReleaseFastMutex, ExAcquireFastMutex, KfRaiseIrql, KeQueryPerformanceCounter
> ksecdd.sys: BCryptDestroyHash, BCryptDecrypt, BCryptCloseAlgorithmProvider, BCryptOpenAlgorithmProvider, BCryptSetProperty, BCryptGetProperty, BCryptGenRandom, BCryptHashData, BCryptEncrypt, BCryptGenerateSymmetricKey, BCryptDestroyKey, BCryptFinishHash, BCryptCreateHash
> msrpc.sys: NdrMesTypeDecode2, MesHandleFree, I_RpcExceptionFilter, MesDecodeBufferHandleCreate

( 1 exports )
EQoSTestHook

RDS...: NSRL Reference Data Set
-
pdfid.: -
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: TCP/IP Driver
original name: tcpip.sys
internal name: tcpip.sys
file version.: 6.0.6001.18311 (vistasp1_gdr.090814-0321)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

trid..: Win64 Executable Generic (87.2%)
Win32 Executable Generic (8.6%)
Generic Win/DOS Executable (2.0%)
DOS Executable Generic (2.0%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Datei ieUnatt.exe empfangen 2009.11.13 17:13:18 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 1.
Geschätzte Startzeit ist zwischen 43 und 62 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.10 -
AhnLab-V3 5.0.0.2 2009.11.06 -
AntiVir 7.9.1.61 2009.11.10 -
Antiy-AVL 2.0.3.7 2009.11.10 -
Authentium 5.2.0.5 2009.11.10 -
Avast 4.8.1351.0 2009.11.10 -
AVG 8.5.0.423 2009.11.10 -
BitDefender 7.2 2009.11.10 -
CAT-QuickHeal 10.00 2009.11.10 -
ClamAV 0.94.1 2009.11.10 -
Comodo 2905 2009.11.10 -
DrWeb 5.0.0.12182 2009.11.10 -
eSafe 7.0.17.0 2009.11.10 -
eTrust-Vet 35.1.7113 2009.11.10 -
F-Prot 4.5.1.85 2009.11.10 -
F-Secure 9.0.15370.0 2009.11.09 -
Fortinet 3.120.0.0 2009.11.10 -
GData 19 2009.11.10 -
Ikarus T3.1.1.74.0 2009.11.10 -
Jiangmin 11.0.800 2009.11.10 -
K7AntiVirus 7.10.892 2009.11.09 -
Kaspersky 7.0.0.125 2009.11.10 -
McAfee 5797 2009.11.09 -
McAfee+Artemis 5797 2009.11.09 -
McAfee-GW-Edition 6.8.5 2009.11.10 -
Microsoft 1.5202 2009.11.10 -
NOD32 4592 2009.11.10 -
Norman 6.03.02 2009.11.09 -
nProtect 2009.1.8.0 2009.11.10 -
Panda 10.0.2.2 2009.11.09 -
PCTools 7.0.3.5 2009.11.10 -
Prevx 3.0 2009.11.13 -
Rising 22.21.01.09 2009.11.10 -
Sophos 4.47.0 2009.11.10 -
Sunbelt 3.2.1858.2 2009.11.10 -
Symantec 1.4.4.12 2009.11.10 -
TheHacker 6.5.0.2.064 2009.11.09 -
TrendMicro 9.0.0.1003 2009.11.10 -
VBA32 3.12.10.11 2009.11.09 -
ViRobot 2009.11.10.2029 2009.11.10 -
VirusBuster 4.6.5.0 2009.11.09 -
weitere Informationen
File size: 133632 bytes
MD5...: 6d24c843a385b12865a21f44e43cd52f
SHA1..: 1cb4385af0cf0d1c6c33c669a6ba2396611007e4
SHA256: 5c6cdc2bb9c2b6f4469d0a2a835a82e0360625438f06fbc7c2f43804b19df2c4
ssdeep: 3072:88Xrf81VIbVNUrutgrWM0iM80sF+EXab3iTQU8FFd3m4xnghRo5EiUDQ+q:
88o0heabSTQU8FFA4xghRoWil+q

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd8ab
timedatestamp.....: 0x4a9600a4 (Thu Aug 27 03:42:28 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1924c 0x19400 5.86 2d97a744f510532226a4e2aa4d231958
.data 0x1b000 0x4810 0x3e00 1.94 ca3278edf042a9bca576590597f543e3
.rsrc 0x20000 0x7e0 0x800 4.33 8152d3d511d6cd891147fc71a148fe52
.reloc 0x21000 0x2a0e 0x2c00 4.21 f2b748f1b5b2eedbe93c1f71cff31bf7

( 11 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryInfoKeyW, RegDeleteKeyW, RegEnumKeyExW, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegEnumValueW, SetSecurityDescriptorOwner, RegSetKeySecurity, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSecurityDescriptorOwner, CryptReleaseContext, CryptDestroyHash, CryptDestroyKey, CryptDecrypt, CryptEncrypt, CryptGetHashParam, CryptGenRandom, CryptDeriveKey, CryptHashData, CryptCreateHash, CryptAcquireContextW, SetSecurityInfo, GetSecurityInfo, IsValidSid, LookupAccountSidW, LookupAccountNameW, GetUserNameW, RegFlushKey, RegDeleteValueW, RegUnLoadKeyW, RegLoadKeyW, InitializeSecurityDescriptor, OpenThreadToken, GetTokenInformation, GetLengthSid, InitializeAcl, AddAccessAllowedAce, EqualSid, SetSecurityDescriptorDacl, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, SetNamedSecurityInfoW
> KERNEL32.dll: MoveFileExW, MoveFileW, CopyFileW, GlobalSize, GlobalFree, GlobalUnlock, GlobalLock, GlobalAlloc, HeapWalk, HeapValidate, HeapCompact, GlobalMemoryStatus, GetVersionExW, GetDriveTypeW, ResetEvent, CreateThread, WaitForMultipleObjects, CreateEventW, FreeLibrary, SetEvent, RemoveDirectoryW, GetTempFileNameW, ReadFile, HeapDestroy, HeapCreate, GetLogicalDriveStringsW, IsDebuggerPresent, OutputDebugStringA, MultiByteToWideChar, FlushFileBuffers, CreateDirectoryW, DebugBreak, DuplicateHandle, SetFileAttributesW, GetTempPathW, GetShortPathNameW, CreateProcessW, CreateProcessA, OpenProcess, GetVolumeInformationW, SetFileTime, SetEndOfFile, OpenEventW, GetComputerNameW, GetOverlappedResult, GetFileType, GetDiskFreeSpaceW, GetDiskFreeSpaceExW, GetPrivateProfileStringW, LoadLibraryW, GetExitCodeProcess, GetLocaleInfoW, VirtualAlloc, VirtualFree, DeviceIoControl, GetLogicalDrives, HeapSize, lstrlenW, lstrcmpiW, WritePrivateProfileStringW, GetCommandLineW, LocalFree, GetLastError, GetVersionExA, InterlockedExchange, Sleep, InterlockedCompareExchange, GetStartupInfoA, SetUnhandledExceptionFilter, GetModuleHandleA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, LocalAlloc, ExpandEnvironmentStringsW, GetFileAttributesW, SetErrorMode, GetFullPathNameW, FindClose, FindNextFileW, FindFirstFileW, GetWindowsDirectoryW, GetProcessHeap, HeapFree, VirtualQuery, MapViewOfFile, CreateFileMappingW, GetFileSize, UnmapViewOfFile, TlsAlloc, GetLocalTime, HeapReAlloc, TlsSetValue, HeapAlloc, TlsGetValue, SetLastError, FormatMessageW, RaiseException, ExitProcess, TlsFree, GetWindowsDirectoryA, CloseHandle, GetCurrentThread, ReleaseMutex, WaitForSingleObject, SetFilePointer, WriteFile, GetModuleFileNameA, CreateMutexW, CreateFileW, GetModuleFileNameW, DeleteFileW, GetVersion, GetSystemInfo, CreateMutexA, CreateFileMappingA, CreateFileA, DeleteFileA, LoadLibraryA, ExpandEnvironmentStringsA, GetProcAddress, GetModuleHandleW, InitializeCriticalSection, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection
> msvcrt.dll: towlower, free, __CxxFrameHandler3, __1type_info@@UAE@XZ, _XcptFilter, _exit, _vsnwprintf, __3@YAXPAX@Z, __2@YAPAXI@Z, memset, _wcsnicmp, wcsncmp, _wfopen, fgetws, feof, fclose, wcstok, _wtoi, iswctype, _wcsicmp, _purecall, wcsrchr, _vsnprintf, memcpy, _ismbblead, exit, _acmdln, _initterm, _amsg_exit, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _terminate@@YAXXZ, _except_handler4_common, _controlfp, _unlock, __dllonexit, _lock, _onexit, swscanf_s, _cexit, __getmainargs, _itow_s
> ole32.dll: GetHGlobalFromStream, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitializeEx, CoInitialize, CoCreateGuid, CreateStreamOnHGlobal
> SHELL32.dll: ExtractIconExW, ShellExecuteExW, SHGetFolderPathW, -, CommandLineToArgvW
> SHLWAPI.dll: PathAppendW, StrCmpW, StrChrW, -
> USER32.dll: MessageBoxA, LoadStringW, LoadIconW, UnregisterClassA, MessageBoxW
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, WSAIoctl, -, -
> dbghelp.dll: MiniDumpWriteDump
> IPHLPAPI.DLL: GetIpAddrTable
> OLEAUT32.dll: -, -, -

( 66 exports )
__0_$CDynamicArray@EPAE@@QAE@I@Z, __0_$CDynamicArray@EPAUSKey@@@@QAE@I@Z, __0_$CDynamicArray@EPAUSValue@@@@QAE@I@Z, __0_$CDynamicArray@GPAG@@QAE@I@Z, __0_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@I@Z, __0_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@I@Z, __0_$CDynamicArray@_KPA_K@@QAE@I@Z, __1_$CDynamicArray@EPAE@@QAE@XZ, __1_$CDynamicArray@EPAUSKey@@@@QAE@XZ, __1_$CDynamicArray@EPAUSValue@@@@QAE@XZ, __1_$CDynamicArray@GPAG@@QAE@XZ, __1_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAE@XZ, __1_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAE@XZ, __1_$CDynamicArray@_KPA_K@@QAE@XZ, __4_$CDynamicArray@EPAE@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSKey@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@EPAUSValue@@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@GPAG@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAV0@ABV0@@Z, __4_$CDynamicArray@_KPA_K@@QAEAAV0@ABV0@@Z, __A_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEAAPAUSEnumBinContext@@I@Z, __A_$CDynamicArray@_KPA_K@@QAEAA_KI@Z, __B_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __B_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, __B_$CDynamicArray@GPAG@@QBEPAGXZ, __C_$CDynamicArray@EPAUSKey@@@@QBEPAUSKey@@XZ, __C_$CDynamicArray@EPAUSValue@@@@QBEPAUSValue@@XZ, ___F_$CDynamicArray@EPAE@@QAEXXZ, ___F_$CDynamicArray@EPAUSKey@@@@QAEXXZ, ___F_$CDynamicArray@EPAUSValue@@@@QAEXXZ, ___F_$CDynamicArray@GPAG@@QAEXXZ, ___F_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, ___F_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, ___F_$CDynamicArray@_KPA_K@@QAEXXZ, _Add@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHAAPAUSEnumBinContext@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@@Z, _Add@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHAAUSKeeperEntry@CBlackboardFactory@@AAI@Z, _Add@_$CDynamicArray@_KPA_K@@QAEHAA_K@Z, _ElementAt@_$CDynamicArray@GPAG@@QAEAAGI@Z, _ElementAt@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEAAUSKeeperEntry@CBlackboardFactory@@I@Z, _GetBuffer@_$CDynamicArray@EPAE@@QAEPAEI@Z, _GetBuffer@_$CDynamicArray@EPAUSValue@@@@QAEPAUSValue@@I@Z, _GetBuffer@_$CDynamicArray@GPAG@@QAEPAGI@Z, _GetSize@_$CDynamicArray@EPAE@@QBEIXZ, _GetSize@_$CDynamicArray@GPAG@@QBEIXZ, _GetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QBEIXZ, _GetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QBEIXZ, _GetSize@_$CDynamicArray@_KPA_K@@QBEIXZ, _Init@_$CDynamicArray@EPAE@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSKey@@@@IAEXI@Z, _Init@_$CDynamicArray@EPAUSValue@@@@IAEXI@Z, _Init@_$CDynamicArray@GPAG@@IAEXI@Z, _Init@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@IAEXI@Z, _Init@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@IAEXI@Z, _Init@_$CDynamicArray@_KPA_K@@IAEXI@Z, _RemoveAll@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEXXZ, _RemoveAll@_$CDynamicArray@_KPA_K@@QAEXXZ, _RemoveItemFromTail@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEXXZ, _SetSize@_$CDynamicArray@EPAE@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSKey@@@@QAEHK@Z, _SetSize@_$CDynamicArray@EPAUSValue@@@@QAEHK@Z, _SetSize@_$CDynamicArray@GPAG@@QAEHK@Z, _SetSize@_$CDynamicArray@PAUSEnumBinContext@@PAPAU1@@@QAEHK@Z, _SetSize@_$CDynamicArray@USKeeperEntry@CBlackboardFactory@@PAU12@@@QAEHK@Z, _SetSize@_$CDynamicArray@_KPA_K@@QAEHK@Z

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Windows_ Internet Explorer
description..: IE 7.0 Unattended Install Utility
original name: IEUNATT.EXE
internal name: IEUNATT
file version.: 8.00.6001.18828 (longhorn_ie8_gdr.090826-1700)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Datei DpPwdFlt.dll empfangen 2009.11.13 17:19:05 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 0/41 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: ___.
Geschätzte Startzeit ist zwischen ___ und ___ .
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2943 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 -
Microsoft 1.5202 2009.11.13 -
NOD32 4604 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
weitere Informationen
File size: 150592 bytes
MD5...: 86c2658d05b7f2caa105c1058497d2f5
SHA1..: f227984449bb5fbcde805b6e0f0420533bb3cc1f
SHA256: 214261efc548e71cd3f97fbfefd87afd83cecae0a98fef6736b09bc365ac8bfd
ssdeep: 3072:3glu8r8tqD+bTiwOL2bRmM0E7FLc6c05bTPZ/M6E6:wlu8QtqYvbXaSTPZU
E

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9fff
timedatestamp.....: 0x49408876 (Thu Dec 11 03:26:46 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1628c 0x17000 6.55 97df29b3076ddd486c85b8eabd6656f1
.rdata 0x18000 0x5338 0x6000 4.70 1539746d863d2d2cfb6a09d27de641df
.data 0x1e000 0x32dc 0x2000 2.93 65c8acc69e234a5db810d47d23b6753e
.rsrc 0x22000 0x528 0x1000 1.50 9e7fbdae03f0e610d2c75ec143df8cce
.reloc 0x23000 0x2276 0x3000 3.66 fb228f6a5030ea516ed1333eac171e51

( 5 imports )
> KERNEL32.dll: GetLocalTime, InitializeCriticalSection, DeleteCriticalSection, GetProcAddress, LoadLibraryW, MultiByteToWideChar, GetCurrentThreadId, SetFilePointer, FindClose, FindFirstFileW, CreateDirectoryW, InterlockedExchange, GetTickCount, GetModuleFileNameA, FreeLibrary, GetComputerNameA, GetFileSize, CreateFileW, WriteFile, IsDebuggerPresent, WideCharToMultiByte, CloseHandle, GetCurrentProcessId, ProcessIdToSessionId, GetVersionExA, LocalFree, LeaveCriticalSection, EnterCriticalSection, GetComputerNameExW, lstrcmpiW, lstrlenW, lstrcatW, FlushFileBuffers, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetConsoleMode, GetConsoleCP, GetModuleFileNameW, SetLastError, GetLastError, LocalAlloc, LoadLibraryA, RaiseException, GetACP, GetLocaleInfoA, GetThreadLocale, RtlUnwind, HeapAlloc, HeapFree, HeapReAlloc, ExitThread, ResumeThread, CreateThread, VirtualProtect, VirtualAlloc, GetModuleHandleA, GetSystemInfo, VirtualQuery, GetCommandLineA, GetProcessHeap, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, InterlockedDecrement, GetCPInfo, GetOEMCP, LCMapStringA, LCMapStringW, VirtualFree, HeapDestroy, HeapCreate, ExitProcess, GetStdHandle, Sleep, HeapSize, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW
> ADVAPI32.dll: RegEnumValueW, RegCreateKeyExW, RegOpenKeyExA, RegEnumKeyA, RegQueryValueExA, RegCloseKey, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW
> ole32.dll: CoUninitialize, CoInitialize
> OLEAUT32.dll: -, -, -, -, -
> CRYPT32.dll: CryptEncodeObject, CryptDecodeObject

( 5 exports )
DllRegisterServer, DllUnregisterServer, InitializeChangeNotify, PasswordChangeNotify, PasswordFilter

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: DigitalPersona, Inc.
copyright....: Copyright (c) DigitalPersona, Inc. 1996-2008
product......: DPPwdFlt Module
description..: DPPwdFlt Module
original name: DPPwdFlt.DLL
internal name: DPPwdFlt
file version.: 4.3.0.3691
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned

Datei atapi.sys empfangen 2009.11.13 17:20:52 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt


Ergebnis: 1/41 (2.44%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 52 und 75 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Drucken der Ergebnisse Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.
SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist. Email:


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.41 2009.11.13 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.13 -
Avast 4.8.1351.0 2009.11.13 -
AVG 8.5.0.425 2009.11.13 -
BitDefender 7.2 2009.11.13 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.13 -
Comodo 2943 2009.11.13 -
DrWeb 5.0.0.12182 2009.11.13 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7119 2009.11.13 -
F-Prot 4.5.1.85 2009.11.13 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.13 -
GData 19 2009.11.13 -
Ikarus T3.1.1.74.0 2009.11.13 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.13 -
McAfee 5800 2009.11.12 -
McAfee+Artemis 5800 2009.11.12 -
McAfee-GW-Edition 6.8.5 2009.11.13 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5202 2009.11.13 -
NOD32 4604 2009.11.13 -
Norman 6.03.02 2009.11.13 -
nProtect 2009.1.8.0 2009.11.13 -
Panda 10.0.2.2 2009.11.13 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.13 -
Rising 22.21.04.09 2009.11.13 -
Sophos 4.47.0 2009.11.13 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.13 -
TheHacker 6.5.0.2.067 2009.11.12 -
TrendMicro 9.0.0.1003 2009.11.13 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.13.2035 2009.11.13 -
VirusBuster 4.6.5.0 2009.11.13 -
weitere Informationen
File size: 21560 bytes
MD5...: 9c0e70031905adbf94edb9ea14af943b
SHA1..: 69097979d1c1e25325018cba21c9f1f8f8c5754b
SHA256: 88e4a250c22e919decedf1d59566265c473cdfac97440f25a6d05e6200223194
ssdeep: 384:mzY0Vgd1RrKzBoW3UwWkhy/jso9uT+quEOjBMI:mz/Vgd1gz/Hy/jso5zMI

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5005
timedatestamp.....: 0x48449a09 (Tue Jun 03 01:10:33 2008)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x19b0 0x1a00 6.30 4ac8c9f82cf23d85316bd85d3d8e4efb
.rdata 0x3000 0xae 0x200 1.52 789da2a578c587add39868b7c67dcb8b
.data 0x4000 0xc 0x200 0.18 7c80b151582aa6280e754b477343e54e
INIT 0x5000 0x364 0x400 4.51 f238fffd3a9917d72f4888f4276b3b06
.rsrc 0x6000 0x3f8 0x400 3.41 bcf1072aa34a8a498b8bedc81661ffa5
.reloc 0x7000 0x8a 0x200 1.37 064d7db7c16955d4dc6d3f7afb703e06

( 2 imports )
> ataport.SYS: AtaPortNotification, AtaPortWritePortUchar, AtaPortWritePortUlong, AtaPortGetPhysicalAddress, AtaPortConvertPhysicalAddressToUlong, AtaPortGetScatterGatherList, AtaPortReadPortUchar, AtaPortStallExecution, AtaPortGetParentBusType, AtaPortRequestCallback, AtaPortWritePortBufferUshort, AtaPortGetUnCachedExtension, AtaPortCompleteRequest, AtaPortMoveMemory, AtaPortCompleteAllActiveRequests, AtaPortReleaseRequestSenseIrb, AtaPortBuildRequestSenseIrb, AtaPortReadPortUshort, AtaPortReadPortBufferUshort, AtaPortInitialize, AtaPortGetDeviceBase, AtaPortDeviceStateChange
> NTOSKRNL.exe: KeTickCount

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: ATAPI IDE Miniport Driver
original name: atapi.sys
internal name: atapi.sys
file version.: 6.0.6001.22193 (vistasp1_ldr.080602-1506)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Ich poste das Antivir Log am Montag morgen da ich den PC im Büro habe und nun Feierabend mache hoffe das ist ok ;)
Seitenanfang Seitenende
14.11.2009, 21:39
Member
Avatar Chris4You

Beiträge: 694
#8 Hi,

ja ist Okay, sieht gut aus, das eine sollte ein Fehlalarm sein...

chris
Seitenanfang Seitenende
16.11.2009, 07:36
Member

Themenstarter

Beiträge: 34
#9 Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Freitag, 13. November 2009 18:26

Es wird nach 1902582 Virenstämmen gesucht.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows Vista
Windowsversion : (Service Pack 1) [6.0.6001]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : MULOO-PC

Versionsinformationen:
BUILD.DAT : 9.0.0.410 18074 Bytes 25.09.2009 11:51:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 13:36:08
AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 12:04:10
LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 11:35:44
LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 10:41:59
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 12:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 09:21:42
ANTIVIR2.VDF : 7.1.6.222 5998592 Bytes 11.11.2009 14:41:06
ANTIVIR3.VDF : 7.1.6.234 120320 Bytes 13.11.2009 14:48:21
Engineversion : 8.2.1.65
AEVDF.DLL : 8.1.1.2 106867 Bytes 10.11.2009 14:19:23
AESCRIPT.DLL : 8.1.2.44 586107 Bytes 10.11.2009 14:19:22
AESCN.DLL : 8.1.2.5 127346 Bytes 10.11.2009 14:19:21
AERDL.DLL : 8.1.3.2 479604 Bytes 10.11.2009 14:19:19
AEPACK.DLL : 8.2.0.3 422261 Bytes 10.11.2009 14:19:17
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 09:59:39
AEHEUR.DLL : 8.1.0.180 2093432 Bytes 10.11.2009 14:19:15
AEHELP.DLL : 8.1.7.0 237940 Bytes 10.11.2009 14:19:11
AEGEN.DLL : 8.1.1.74 364917 Bytes 13.11.2009 14:48:22
AEEMU.DLL : 8.1.1.0 393587 Bytes 10.11.2009 14:19:07
AECORE.DLL : 8.1.8.2 184694 Bytes 10.11.2009 14:19:04
AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 14:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 08:47:56
AVPREF.DLL : 9.0.3.0 44289 Bytes 13.11.2009 14:48:30
AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 14:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 15:25:04
AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 15:05:37
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 10:37:04
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 15:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 08:21:28
NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 15:41:21
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 15:35:17
RCTEXT.DLL : 9.0.37.0 87809 Bytes 17.04.2009 10:13:12

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Freitag, 13. November 2009 18:26

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '136581' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'EXCEL.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'notepad.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Mobile Partner.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsTray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVSched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TVCapSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'pctsAuxs.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEstSrv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wlanext.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DpHostW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vfsFPService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'stacsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '59' Prozesse mit '59' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
[INFO] Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '32' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\hiberfil.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
[HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei.
[HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
Beginne mit der Suche in 'D:\' <RECOVERY>


Ende des Suchlaufs: Freitag, 13. November 2009 20:27
Benötigte Zeit: 2:01:15 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

32301 Verzeichnisse wurden überprüft
497484 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
2 Dateien konnten nicht durchsucht werden
497482 Dateien ohne Befall
2561 Archive wurden durchsucht
2 Warnungen
2 Hinweise
136581 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

so wie versprochen noch der avira report.
Seitenanfang Seitenende
16.11.2009, 10:35
Member
Avatar Chris4You

Beiträge: 694
#10 Hi,

ist ok!

chris
Seitenanfang Seitenende
16.11.2009, 10:51
Member

Themenstarter

Beiträge: 34
#11 Super dann kann ich nun wieder normal arbeiten danke sehr ihr seid echt super hier ;)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: