| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: RootKit.0Access/Trojan.ZaccessWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
18.07.2012, 22:52
| #1 |
| |  RootKit.0Access/Trojan.Zaccess Hallo zusammen, Antivir meldet regelmäßig: In der Datei 'C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@' wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden. Malwarebytes sagt: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.15.07 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 XXX :: NB [Administrator] 15.07.2012 16:18:12 mbam-log-2012-07-15 (16-38-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 221929 Laufzeit: 20 Minute(n), Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 1 HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\n (RootKit.0Access) -> Keine Aktion durchgeführt. C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt. (Ende) |
|
18.07.2012, 22:53
| #2 |
| | RootKit.0Access/Trojan.Zaccess Ergebnis OTL
__________________Code:
ATTFilter OTL logfile created on: 18.07.2012 23:01:00 - Run 1 OTL by OldTimer - Version 3.2.54.0 Folder = C:\Downloads Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 502,05 Mb Total Physical Memory | 351,61 Mb Available Physical Memory | 70,04% Memory free 1,20 Gb Paging File | 0,93 Gb Available in Paging File | 77,19% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 52,96 Gb Total Space | 6,99 Gb Free Space | 13,20% Space Free | Partition Type: NTFS Computer Name: NB | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.18 22:54:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe PRC - [2011.06.28 21:16:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 19:27:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.04.28 15:40:18 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2005.03.28 19:04:00 | 000,188,416 | ---- | M] (Acer Inc) -- C:\Acer\ePM\EPM-DM.exe PRC - [2005.03.07 21:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE PRC - [2004.10.08 15:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2004.08.16 16:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe ========== Modules (No Company Name) ========== MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll MOD - [2001.03.15 05:18:08 | 000,065,536 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Distillr\adistres.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt) SRV - [2012.07.13 08:50:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.06.28 21:16:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 19:27:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2006.08.24 12:11:22 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service) SRV - [2004.08.16 16:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Disabled | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.06.28 21:16:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 21:16:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2005.03.24 17:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2005.01.25 15:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.01.25 15:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005.01.25 15:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.10.29 18:48:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.07.19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2004.06.25 15:31:00 | 000,276,480 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA) DRV - [2004.06.25 15:29:00 | 000,034,048 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD) DRV - [2003.09.26 11:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp) DRV - [2001.08.17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511) DRV - [2000.03.29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT) DRV - [1999.04.22 06:38:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.13 08:50:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.03 19:44:21 | 000,000,000 | ---D | M] [2009.08.13 20:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions [2012.07.01 17:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\ezsya1oq.default\extensions [2011.11.18 10:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.13 08:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.02 19:31:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.01 00:37:28 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc) O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan) O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKCU..\Run: [SansaDispatch] C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181 O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132731652921 (MUWebControl Class) O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Programme\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Programme\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR) O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Programme\AutoCAD 2002\InstFred.ocx (InstaFred) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Programme\AutoCAD 2002\AcPreview.ocx (AcPreview Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22AE209-104A-4CFD-A75F-F6E166C3824E}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005.11.23 01:31:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {B911E4B1-50EE-7BF4-41DE-E2C8FB9A52B1} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {C74984BB-AD16-7ACA-6C4B-184465658C7E} - Dynamic HTML-Datenbindung für Java ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {DABC0CAB-D081-6225-079E-F7118A5F7D1D} - Dynamic HTML-Datenbindung für Java ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: BITS - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe - (Autodesk, Inc) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^XXX^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.15 16:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes [2012.07.15 16:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.07.15 16:16:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.07.15 16:16:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.07.15 15:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss [2012.07.14 19:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.07.14 19:54:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Avira [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.18 22:20:01 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.07.18 22:19:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.07.18 22:19:56 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys [2012.07.15 16:45:09 | 000,048,128 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.07.15 16:00:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.18 22:32:53 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf [2012.07.15 16:05:24 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@ [2012.07.15 16:05:24 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@ [2012.07.15 16:05:24 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\00000001.@ [2012.07.14 21:31:18 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@ [2006.03.09 21:39:51 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.02.11 17:19:14 | 000,048,128 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.02.07 19:27:36 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2001.08.18 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\@ [2001.08.18 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\@ ========== LOP Check ========== [2006.08.24 12:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2006.01.05 15:26:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2006.08.24 12:37:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Autodesk [2009.09.13 13:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\diginet [2007.09.15 11:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\EPSON [2006.07.28 13:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\InterTrust [2010.04.28 15:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2005.11.23 00:56:07 | 000,000,000 | ---D | M] -- C:\Acer [2006.12.16 21:47:57 | 000,000,000 | ---D | M] -- C:\ArchiCAD 6.5 [2006.09.21 09:40:24 | 000,000,000 | ---D | M] -- C:\dj800 [2006.03.19 13:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2012.07.18 22:54:55 | 000,000,000 | ---D | M] -- C:\Downloads [2005.12.31 19:22:01 | 000,000,000 | ---D | M] -- C:\EPSON [2006.12.05 17:56:12 | 000,000,000 | ---D | M] -- C:\f0980c5a1d472e5c72 [2006.07.27 11:25:17 | 000,000,000 | ---D | M] -- C:\MWASPI [2012.07.15 16:16:07 | 000,000,000 | R--D | M] -- C:\Programme [2005.11.25 17:46:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2012.07.14 20:39:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.07.15 16:45:08 | 000,000,000 | ---D | M] -- C:\WINDOWS [2005.11.23 00:54:25 | 000,000,000 | ---D | M] -- C:\WUTemp < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe [2001.08.18 14:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=D1A32C0C43F7CB53050042FD631020D9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2001.08.18 14:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=56017150476C14C6BF1CF9AD97937F4A -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe [2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\regedit.exe < MD5 for: USERINIT.EXE > [2001.08.18 14:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=292F283D9E2D49A91DF039C1076ACD18 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2001.08.18 14:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=5DAC883C68D261D406489F3F990D8DDF -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-17 15:12:28 < End of report > Code:
ATTFilter 23:32:05.0984 4032 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
23:32:06.0000 4032 ============================================================
23:32:06.0000 4032 Current date / time: 2012/07/18 23:32:06.0000
23:32:06.0000 4032 SystemInfo:
23:32:06.0000 4032
23:32:06.0000 4032 OS Version: 5.1.2600 ServicePack: 2.0
23:32:06.0000 4032 Product type: Workstation
23:32:06.0000 4032 ComputerName: NB
23:32:06.0000 4032 UserName: XXX
23:32:06.0000 4032 Windows directory: C:\WINDOWS
23:32:06.0000 4032 System windows directory: C:\WINDOWS
23:32:06.0000 4032 Processor architecture: Intel x86
23:32:06.0000 4032 Number of processors: 1
23:32:06.0000 4032 Page size: 0x1000
23:32:06.0000 4032 Boot type: Normal boot
23:32:06.0000 4032 ============================================================
23:32:09.0421 4032 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:32:09.0437 4032 ============================================================
23:32:09.0437 4032 \Device\Harddisk0\DR0:
23:32:09.0437 4032 MBR partitions:
23:32:09.0437 4032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5DE2BF, BlocksNum 0x69E99C1
23:32:09.0437 4032 ============================================================
23:32:09.0484 4032 C: <-> \Device\Harddisk0\DR0\Partition0
23:32:09.0484 4032 ============================================================
23:32:09.0484 4032 Initialize success
23:32:09.0484 4032 ============================================================
23:32:10.0953 1184 ============================================================
23:32:10.0953 1184 Scan started
23:32:10.0953 1184 Mode: Manual;
23:32:10.0953 1184 ============================================================
23:32:12.0359 1184 Abiosdsk - ok
23:32:12.0359 1184 abp480n5 - ok
23:32:12.0500 1184 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:12.0500 1184 ACPI - ok
23:32:12.0593 1184 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:32:12.0593 1184 ACPIEC - ok
23:32:12.0656 1184 ADM8511 (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
23:32:12.0656 1184 ADM8511 - ok
23:32:12.0656 1184 adpu160m - ok
23:32:12.0718 1184 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:32:12.0734 1184 aec - ok
23:32:12.0812 1184 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:32:12.0812 1184 AFD - ok
23:32:12.0828 1184 Aha154x - ok
23:32:12.0843 1184 aic78u2 - ok
23:32:12.0843 1184 aic78xx - ok
23:32:12.0890 1184 Alerter (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
23:32:12.0890 1184 Alerter - ok
23:32:12.0953 1184 ALG (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
23:32:12.0953 1184 ALG - ok
23:32:12.0953 1184 AliIde - ok
23:32:12.0968 1184 amsint - ok
23:32:13.0312 1184 anbmService (c10d0fae427ea464edea2ee5dc40f056) C:\Acer\eManager\anbmServ.exe
23:32:13.0390 1184 anbmService - ok
23:32:13.0562 1184 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:32:13.0578 1184 AntiVirSchedulerService - ok
23:32:13.0671 1184 AntiVirService (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:32:13.0703 1184 AntiVirService - ok
23:32:13.0968 1184 AppMgmt - ok
23:32:14.0000 1184 asc - ok
23:32:14.0000 1184 asc3350p - ok
23:32:14.0015 1184 asc3550 - ok
23:32:14.0140 1184 aspnet_state (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:32:14.0140 1184 aspnet_state - ok
23:32:15.0265 1184 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:15.0265 1184 AsyncMac - ok
23:32:15.0890 1184 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:15.0890 1184 atapi - ok
23:32:15.0906 1184 Atdisk - ok
23:32:16.0031 1184 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:16.0046 1184 Atmarpc - ok
23:32:16.0421 1184 AudioSrv (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
23:32:16.0453 1184 AudioSrv - ok
23:32:16.0515 1184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:16.0515 1184 audstub - ok
23:32:17.0640 1184 Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
23:32:17.0703 1184 Autodesk Licensing Service - ok
23:32:17.0828 1184 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:32:17.0828 1184 avgio - ok
23:32:17.0859 1184 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:32:17.0859 1184 avgntflt - ok
23:32:17.0906 1184 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:32:17.0906 1184 avipbb - ok
23:32:17.0968 1184 bcm4sbxp (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:32:17.0984 1184 bcm4sbxp - ok
23:32:18.0031 1184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:32:18.0031 1184 Beep - ok
23:32:18.0093 1184 Browser (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
23:32:18.0093 1184 Browser - ok
23:32:18.0156 1184 CAMCAUD (baa90d983f77759fc70c65a1ce3d3566) C:\WINDOWS\system32\drivers\camcaud.sys
23:32:18.0156 1184 CAMCAUD - ok
23:32:18.0203 1184 CAMCHALA (90d9c324df48bb8e3024e79f5c181784) C:\WINDOWS\system32\drivers\camchal.sys
23:32:18.0218 1184 CAMCHALA - ok
23:32:18.0265 1184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:18.0265 1184 cbidf2k - ok
23:32:18.0265 1184 cd20xrnt - ok
23:32:18.0312 1184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:18.0312 1184 Cdaudio - ok
23:32:18.0375 1184 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:18.0375 1184 Cdfs - ok
23:32:18.0390 1184 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:18.0390 1184 Cdrom - ok
23:32:18.0390 1184 Changer - ok
23:32:18.0453 1184 cisvc (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\System32\cisvc.exe
23:32:18.0453 1184 cisvc - ok
23:32:18.0468 1184 ClipSrv (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
23:32:18.0468 1184 ClipSrv - ok
23:32:18.0500 1184 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:32:18.0500 1184 CmBatt - ok
23:32:18.0515 1184 CmdIde - ok
23:32:18.0562 1184 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:32:18.0578 1184 Compbatt - ok
23:32:18.0578 1184 COMSysApp - ok
23:32:18.0593 1184 Cpqarray - ok
23:32:18.0656 1184 CryptSvc (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
23:32:18.0656 1184 CryptSvc - ok
23:32:18.0671 1184 dac2w2k - ok
23:32:18.0671 1184 dac960nt - ok
23:32:18.0765 1184 DcomLaunch (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
23:32:18.0812 1184 DcomLaunch - ok
23:32:18.0875 1184 Dhcp (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll
23:32:18.0890 1184 Dhcp - ok
23:32:18.0968 1184 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:18.0968 1184 Disk - ok
23:32:18.0968 1184 dmadmin - ok
23:32:19.0125 1184 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:19.0234 1184 dmboot - ok
23:32:19.0312 1184 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
23:32:19.0328 1184 dmio - ok
23:32:19.0359 1184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:19.0359 1184 dmload - ok
23:32:19.0390 1184 dmserver (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
23:32:19.0390 1184 dmserver - ok
23:32:19.0421 1184 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:19.0421 1184 DMusic - ok
23:32:19.0453 1184 Dnscache (d20c5b5f0d8ac53ffec17ff9b1658a6e) C:\WINDOWS\System32\dnsrslvr.dll
23:32:19.0453 1184 Dnscache - ok
23:32:19.0468 1184 dpti2o - ok
23:32:19.0484 1184 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:19.0484 1184 drmkaud - ok
23:32:19.0546 1184 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\System32\drivers\epm-psd.sys
23:32:19.0546 1184 EpmPsd - ok
23:32:19.0562 1184 EpmShd (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\System32\drivers\epm-shd.sys
23:32:19.0562 1184 EpmShd - ok
23:32:19.0640 1184 ERSvc (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
23:32:19.0640 1184 ERSvc - ok
23:32:19.0687 1184 Eventlog (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
23:32:19.0703 1184 Eventlog - ok
23:32:19.0796 1184 EventSystem (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\System32\es.dll
23:32:19.0812 1184 EventSystem - ok
23:32:19.0890 1184 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:19.0890 1184 Fastfat - ok
23:32:19.0968 1184 FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:19.0984 1184 FastUserSwitchingCompatibility - ok
23:32:20.0000 1184 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:32:20.0000 1184 Fdc - ok
23:32:20.0062 1184 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
23:32:20.0062 1184 Fips - ok
23:32:20.0078 1184 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:32:20.0078 1184 Flpydisk - ok
23:32:20.0140 1184 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:20.0156 1184 FltMgr - ok
23:32:20.0171 1184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:20.0171 1184 Fs_Rec - ok
23:32:20.0203 1184 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:20.0218 1184 Ftdisk - ok
23:32:20.0234 1184 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:20.0234 1184 Gpc - ok
23:32:20.0359 1184 helpsvc (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:32:20.0359 1184 helpsvc - ok
23:32:20.0421 1184 HidServ (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
23:32:20.0421 1184 HidServ - ok
23:32:20.0484 1184 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:20.0484 1184 HidUsb - ok
23:32:20.0484 1184 hpn - ok
23:32:20.0500 1184 hpt3xx - ok
23:32:20.0578 1184 HSFHWICH (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:32:20.0593 1184 HSFHWICH - ok
23:32:20.0781 1184 HSF_DPV (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:32:20.0859 1184 HSF_DPV - ok
23:32:20.0968 1184 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:20.0984 1184 HTTP - ok
23:32:21.0031 1184 HTTPFilter (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
23:32:21.0031 1184 HTTPFilter - ok
23:32:21.0046 1184 i2omgmt - ok
23:32:21.0046 1184 i2omp - ok
23:32:21.0125 1184 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:21.0125 1184 i8042prt - ok
23:32:21.0328 1184 ialm (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:32:21.0390 1184 ialm - ok
23:32:21.0406 1184 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
23:32:21.0406 1184 Imapi - ok
23:32:21.0484 1184 ImapiService (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\System32\imapi.exe
23:32:21.0500 1184 ImapiService - ok
23:32:21.0515 1184 ini910u - ok
23:32:21.0515 1184 IntelIde - ok
23:32:21.0609 1184 intelppm (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:21.0609 1184 intelppm - ok
23:32:21.0640 1184 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:21.0640 1184 ip6fw - ok
23:32:21.0671 1184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:21.0671 1184 IpFilterDriver - ok
23:32:21.0718 1184 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:21.0718 1184 IpInIp - ok
23:32:21.0781 1184 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:21.0796 1184 IpNat - ok
23:32:21.0812 1184 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:21.0812 1184 IPSec - ok
23:32:21.0859 1184 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:21.0859 1184 IRENUM - ok
23:32:21.0906 1184 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:21.0906 1184 isapnp - ok
23:32:22.0046 1184 JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Programme\Java\jre6\bin\jqs.exe
23:32:22.0062 1184 JavaQuickStarterService - ok
23:32:22.0125 1184 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:22.0125 1184 Kbdclass - ok
23:32:22.0171 1184 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:22.0171 1184 kbdhid - ok
23:32:22.0250 1184 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:22.0250 1184 kmixer - ok
23:32:22.0281 1184 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:22.0281 1184 KSecDD - ok
23:32:22.0343 1184 lanmanserver (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll
23:32:22.0375 1184 lanmanserver - ok
23:32:22.0406 1184 lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
23:32:22.0421 1184 lanmanworkstation - ok
23:32:22.0437 1184 lbrtfdc - ok
23:32:22.0515 1184 LmHosts (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
23:32:22.0515 1184 LmHosts - ok
23:32:22.0562 1184 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
23:32:22.0562 1184 MASPINT - ok
23:32:22.0625 1184 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:32:22.0625 1184 mdmxsdk - ok
23:32:22.0656 1184 Messenger (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
23:32:22.0656 1184 Messenger - ok
23:32:22.0906 1184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:22.0906 1184 mnmdd - ok
23:32:22.0953 1184 mnmsrvc (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\System32\mnmsrvc.exe
23:32:22.0953 1184 mnmsrvc - ok
23:32:23.0000 1184 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
23:32:23.0015 1184 Modem - ok
23:32:23.0031 1184 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:23.0031 1184 Mouclass - ok
23:32:23.0062 1184 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:23.0062 1184 mouhid - ok
23:32:23.0109 1184 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:23.0109 1184 MountMgr - ok
23:32:23.0171 1184 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:32:23.0187 1184 MozillaMaintenance - ok
23:32:23.0203 1184 mraid35x - ok
23:32:23.0234 1184 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:23.0234 1184 MRxDAV - ok
23:32:23.0343 1184 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:23.0375 1184 MRxSmb - ok
23:32:23.0437 1184 MSDTC (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\System32\msdtc.exe
23:32:23.0437 1184 MSDTC - ok
23:32:23.0484 1184 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:23.0484 1184 Msfs - ok
23:32:23.0500 1184 MSIServer - ok
23:32:23.0531 1184 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:23.0531 1184 MSKSSRV - ok
23:32:23.0546 1184 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:23.0546 1184 MSPCLOCK - ok
23:32:23.0578 1184 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:23.0578 1184 MSPQM - ok
23:32:23.0625 1184 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:23.0625 1184 mssmbios - ok
23:32:23.0640 1184 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:32:23.0656 1184 Mup - ok
23:32:23.0703 1184 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:23.0718 1184 NDIS - ok
23:32:23.0781 1184 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:23.0781 1184 NdisTapi - ok
23:32:23.0796 1184 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:23.0796 1184 Ndisuio - ok
23:32:23.0828 1184 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:23.0843 1184 NdisWan - ok
23:32:23.0921 1184 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:23.0921 1184 NDProxy - ok
23:32:23.0937 1184 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:23.0937 1184 NetBIOS - ok
23:32:23.0984 1184 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:24.0000 1184 NetBT - ok
23:32:24.0062 1184 NetDDE (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
23:32:24.0078 1184 NetDDE - ok
23:32:24.0078 1184 NetDDEdsdm (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
23:32:24.0078 1184 NetDDEdsdm - ok
23:32:24.0125 1184 Netlogon (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:24.0125 1184 Netlogon - ok
23:32:24.0203 1184 Netman (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll
23:32:24.0218 1184 Netman - ok
23:32:24.0281 1184 Nla (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
23:32:24.0296 1184 Nla - ok
23:32:24.0328 1184 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:24.0328 1184 Npfs - ok
23:32:24.0484 1184 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:24.0531 1184 Ntfs - ok
23:32:24.0531 1184 NtLmSsp (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:24.0531 1184 NtLmSsp - ok
23:32:24.0671 1184 NtmsSvc (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
23:32:24.0703 1184 NtmsSvc - ok
23:32:24.0765 1184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:24.0765 1184 Null - ok
23:32:24.0812 1184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:24.0812 1184 NwlnkFlt - ok
23:32:24.0828 1184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:24.0828 1184 NwlnkFwd - ok
23:32:24.0875 1184 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
23:32:24.0875 1184 Parport - ok
23:32:24.0906 1184 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:24.0906 1184 PartMgr - ok
23:32:24.0953 1184 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:24.0953 1184 ParVdm - ok
23:32:25.0000 1184 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:25.0000 1184 PCI - ok
23:32:25.0015 1184 PCIDump - ok
23:32:25.0031 1184 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:25.0031 1184 PCIIde - ok
23:32:25.0046 1184 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:32:25.0046 1184 Pcmcia - ok
23:32:25.0062 1184 PDCOMP - ok
23:32:25.0062 1184 PDFRAME - ok
23:32:25.0062 1184 PDRELI - ok
23:32:25.0078 1184 PDRFRAME - ok
23:32:25.0093 1184 perc2 - ok
23:32:25.0093 1184 perc2hib - ok
23:32:25.0156 1184 PlugPlay (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
23:32:25.0156 1184 PlugPlay - ok
23:32:25.0171 1184 PolicyAgent (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:25.0171 1184 PolicyAgent - ok
23:32:25.0187 1184 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:25.0187 1184 PptpMiniport - ok
23:32:25.0203 1184 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
23:32:25.0203 1184 Processor - ok
23:32:25.0218 1184 ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
23:32:25.0218 1184 ProtectedStorage - ok
23:32:25.0234 1184 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:32:25.0234 1184 PSched - ok
23:32:25.0296 1184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:25.0296 1184 Ptilink - ok
23:32:25.0312 1184 ql1080 - ok
23:32:25.0312 1184 Ql10wnt - ok
23:32:25.0312 1184 ql12160 - ok
23:32:25.0328 1184 ql1240 - ok
23:32:25.0328 1184 ql1280 - ok
23:32:25.0375 1184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:25.0375 1184 RasAcd - ok
23:32:25.0421 1184 RasAuto (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
23:32:25.0421 1184 RasAuto - ok
23:32:25.0437 1184 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:25.0437 1184 Rasl2tp - ok
23:32:25.0515 1184 RasMan (ffc8343b35fb2df01a5767748efa5b58) C:\WINDOWS\System32\rasmans.dll
23:32:25.0546 1184 RasMan - ok
23:32:25.0562 1184 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:25.0562 1184 RasPppoe - ok
23:32:25.0578 1184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:25.0578 1184 Raspti - ok
23:32:25.0656 1184 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:25.0671 1184 Rdbss - ok
23:32:25.0687 1184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:25.0703 1184 RDPCDD - ok
23:32:25.0781 1184 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:25.0796 1184 RDPWD - ok
23:32:25.0875 1184 RDSessMgr (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
23:32:25.0890 1184 RDSessMgr - ok
23:32:25.0921 1184 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:25.0921 1184 redbook - ok
23:32:25.0968 1184 RemoteAccess (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
23:32:25.0968 1184 RemoteAccess - ok
23:32:25.0984 1184 RpcLocator (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\System32\locator.exe
23:32:25.0984 1184 RpcLocator - ok
23:32:26.0125 1184 RpcSs (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
23:32:26.0125 1184 RpcSs - ok
23:32:26.0203 1184 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
23:32:26.0234 1184 RSVP - ok
23:32:26.0234 1184 s24trans - ok
23:32:26.0296 1184 SamSs (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
23:32:26.0296 1184 SamSs - ok
23:32:26.0328 1184 SCardSvr (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
23:32:26.0328 1184 SCardSvr - ok
23:32:26.0421 1184 Schedule (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
23:32:26.0453 1184 Schedule - ok
23:32:26.0500 1184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:26.0500 1184 Secdrv - ok
23:32:26.0531 1184 seclogon (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
23:32:26.0531 1184 seclogon - ok
23:32:26.0546 1184 SENS (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
23:32:26.0546 1184 SENS - ok
23:32:26.0609 1184 Sentinel (3e7ff2405bcc1384d946dc45edc7ed61) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
23:32:26.0609 1184 Sentinel - ok
23:32:26.0671 1184 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
23:32:26.0671 1184 Serial - ok
23:32:26.0703 1184 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:32:26.0703 1184 Sfloppy - ok
23:32:26.0765 1184 ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:26.0765 1184 ShellHWDetection - ok
23:32:26.0781 1184 Simbad - ok
23:32:26.0781 1184 Sparrow - ok
23:32:26.0875 1184 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:32:26.0875 1184 splitter - ok
23:32:26.0937 1184 Spooler (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
23:32:26.0937 1184 Spooler - ok
23:32:26.0968 1184 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:26.0968 1184 sr - ok
23:32:27.0031 1184 srservice (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\System32\srsvc.dll
23:32:27.0062 1184 srservice - ok
23:32:27.0125 1184 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:27.0156 1184 Srv - ok
23:32:27.0187 1184 SSDPSRV (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
23:32:27.0187 1184 SSDPSRV - ok
23:32:27.0203 1184 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:32:27.0203 1184 ssmdrv - ok
23:32:27.0328 1184 stisvc (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll
23:32:27.0343 1184 stisvc - ok
23:32:27.0390 1184 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:27.0390 1184 swenum - ok
23:32:27.0437 1184 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:32:27.0453 1184 swmidi - ok
23:32:27.0453 1184 SwPrv - ok
23:32:27.0468 1184 symc810 - ok
23:32:27.0468 1184 symc8xx - ok
23:32:27.0484 1184 sym_hi - ok
23:32:27.0484 1184 sym_u3 - ok
23:32:27.0593 1184 SynTP (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:32:27.0609 1184 SynTP - ok
23:32:27.0640 1184 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:27.0640 1184 sysaudio - ok
23:32:27.0703 1184 SysmonLog (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
23:32:27.0703 1184 SysmonLog - ok
23:32:27.0796 1184 TapiSrv (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll
23:32:27.0812 1184 TapiSrv - ok
23:32:27.0906 1184 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:27.0937 1184 Tcpip - ok
23:32:28.0000 1184 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:28.0015 1184 TDPIPE - ok
23:32:28.0031 1184 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:28.0031 1184 TDTCP - ok
23:32:28.0062 1184 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:28.0062 1184 TermDD - ok
23:32:28.0250 1184 TermService (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
23:32:28.0328 1184 TermService - ok
23:32:28.0390 1184 Themes (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:28.0390 1184 Themes - ok
23:32:28.0406 1184 TosIde - ok
23:32:28.0421 1184 TrkWks (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
23:32:28.0453 1184 TrkWks - ok
23:32:28.0468 1184 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:32:28.0468 1184 Udfs - ok
23:32:28.0484 1184 ultra - ok
23:32:28.0593 1184 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
23:32:28.0625 1184 Update - ok
23:32:28.0718 1184 upnphost (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll
23:32:28.0734 1184 upnphost - ok
23:32:28.0781 1184 UPS (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
23:32:28.0781 1184 UPS - ok
23:32:28.0843 1184 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:28.0843 1184 usbccgp - ok
23:32:28.0906 1184 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:28.0906 1184 usbehci - ok
23:32:28.0921 1184 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:28.0921 1184 usbhub - ok
23:32:28.0984 1184 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:28.0984 1184 usbprint - ok
23:32:29.0046 1184 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:32:29.0046 1184 usbscan - ok
23:32:29.0390 1184 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:29.0406 1184 USBSTOR - ok
23:32:29.0421 1184 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:32:29.0421 1184 usbuhci - ok
23:32:29.0437 1184 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:32:29.0453 1184 VgaSave - ok
23:32:29.0453 1184 ViaIde - ok
23:32:29.0515 1184 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:29.0515 1184 VolSnap - ok
23:32:29.0609 1184 VSS (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
23:32:29.0640 1184 VSS - ok
23:32:31.0328 1184 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
23:32:31.0609 1184 w29n51 - ok
23:32:31.0796 1184 W32Time (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\System32\w32time.dll
23:32:31.0812 1184 W32Time - ok
23:32:31.0875 1184 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:31.0875 1184 Wanarp - ok
23:32:31.0890 1184 WDICA - ok
23:32:31.0953 1184 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:31.0953 1184 wdmaud - ok
23:32:32.0015 1184 WebClient (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll
23:32:32.0031 1184 WebClient - ok
23:32:32.0656 1184 winachsf (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:32:32.0718 1184 winachsf - ok
23:32:32.0859 1184 winmgmt (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:32:32.0875 1184 winmgmt - ok
23:32:32.0937 1184 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:32:32.0937 1184 WmdmPmSN - ok
23:32:33.0015 1184 WmiApSrv (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:32:33.0031 1184 WmiApSrv - ok
23:32:33.0062 1184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:32:33.0078 1184 WudfPf - ok
23:32:34.0234 1184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:32:34.0250 1184 WudfRd - ok
23:32:34.0265 1184 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:32:34.0265 1184 WudfSvc - ok
23:32:34.0375 1184 WZCSVC (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
23:32:34.0406 1184 WZCSVC - ok
23:32:34.0468 1184 xmlprov (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
23:32:34.0484 1184 xmlprov - ok
23:32:34.0546 1184 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:32:35.0234 1184 \Device\Harddisk0\DR0 - ok
23:32:35.0390 1184 Boot (0x1200) (887dff404631fca035a7ae3c0dde98dc) \Device\Harddisk0\DR0\Partition0
23:32:35.0390 1184 \Device\Harddisk0\DR0\Partition0 - ok
23:32:35.0390 1184 ============================================================
23:32:35.0390 1184 Scan finished
23:32:35.0390 1184 ============================================================
23:32:35.0406 2252 Detected object count: 0
23:32:35.0406 2252 Actual detected object count: 0
Danke im Voraus. |
|
21.07.2012, 11:18
| #3 |
| | RootKit.0Access/Trojan.Zaccess Und nun noch Gmer:
__________________Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-21 12:15:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST960821A rev.3.01
Running: i0pjinzo.exe; Driver: C:\DOKUME~1\XXX\LOKALE~1\Temp\pxtdqpow.sys
---- System - GMER 1.0.15 ----
SSDT F8C33E94 ZwClose
SSDT F8C33E4E ZwCreateKey
SSDT F8C33E9E ZwCreateSection
SSDT F8C33E44 ZwCreateThread
SSDT F8C33E53 ZwDeleteKey
SSDT F8C33E5D ZwDeleteValueKey
SSDT F8C33E8F ZwDuplicateObject
SSDT F8C33E62 ZwLoadKey
SSDT F8C33E30 ZwOpenProcess
SSDT F8C33E35 ZwOpenThread
SSDT F8C33E6C ZwReplaceKey
SSDT F8C33E67 ZwRestoreKey
SSDT F8C33EA3 ZwSetContextThread
SSDT F8C33E58 ZwSetValueKey
SSDT F8C33E3F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 428 804E2A94 1 Byte [58]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat A922FC8A
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [460] 0x45670000
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dcfbc5ea9083c1478d8433ade43f2f11
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-21 01:08:00
# local_time=2012-07-21 03:08:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 100 133054 117764301 125729 0
# compatibility_mode=8192 67108863 100 0 315 315 0 0
# scanned=76370
# found=3
# cleaned=0
# scan_time=8350
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@ a variant of Win32/Sirefef.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} Win32/Sirefef.EV trojan 00000000000000000000000000000000 I
|
|
| Themen zu RootKit.0Access/Trojan.Zaccess |
| 'tr/atraps.gen2', 800000cb.@, administrator, aktion, anti-malware, autostart, code, datei, dateien, einstellungen, explorer, gen, hallo zusammen, heuristiks/extra, heuristiks/shuriken, lokale, melde, meldet, programm, registrierung, service, service pack 2, speicher, tr/atraps.gen, trojan, unerwünschtes programm, version, virus, wbemess.dll, zusammen |
Hybrid-Darstellung
