Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   RootKit.0Access/Trojan.Zaccess (https://www.trojaner-board.de/119846-rootkit-0access-trojan-zaccess.html)

magic_balu 18.07.2012 22:52
RootKit.0Access/Trojan.Zaccess
 
Hallo zusammen,

Antivir meldet regelmäßig:

In der Datei 'C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.

Malwarebytes sagt:

Code:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
XXX :: NB [Administrator]

15.07.2012 16:18:12
mbam-log-2012-07-15 (16-38-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 221929
Laufzeit: 20 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\n.) Gut: (wbemess.dll) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\n (RootKit.0Access) -> Keine Aktion durchgeführt.
C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

magic_balu 18.07.2012 22:53
Ergebnis OTL


Code:
OTL logfile created on: 18.07.2012 23:01:00 - Run 1
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
502,05 Mb Total Physical Memory | 351,61 Mb Available Physical Memory | 70,04% Memory free
1,20 Gb Paging File | 0,93 Gb Available in Paging File | 77,19% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 52,96 Gb Total Space | 6,99 Gb Free Space | 13,20% Space Free | Partition Type: NTFS
 
Computer Name: NB | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.18 22:54:56 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2011.06.28 21:16:03 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 19:27:21 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.04.28 15:40:18 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.03.28 19:04:00 | 000,188,416 | ---- | M] (Acer Inc) -- C:\Acer\ePM\EPM-DM.exe
PRC - [2005.03.07 21:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIAEE.EXE
PRC - [2004.10.08 15:44:24 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004.08.16 16:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.06.17 15:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2001.03.15 05:18:08 | 000,065,536 | ---- | M] () -- C:\Programme\Adobe\Acrobat 5.0\Distillr\adistres.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.07.13 08:50:55 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.28 21:16:03 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 19:27:21 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006.08.24 12:11:22 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2004.08.16 16:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2011.06.28 21:16:20 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 21:16:20 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005.03.24 17:54:08 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.01.25 15:27:14 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.01.25 15:26:36 | 000,207,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005.01.25 15:26:28 | 000,703,616 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.10.29 18:48:00 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004.07.19 14:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004.06.25 15:31:00 | 000,276,480 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA)
DRV - [2004.06.25 15:29:00 | 000,034,048 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD)
DRV - [2003.09.26 11:41:12 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001.08.17 13:11:18 | 000,020,160 | ---- | M] (ADMtek Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ADM8511.SYS -- (ADM8511)
DRV - [2000.03.29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
DRV - [1999.04.22 06:38:00 | 000,073,216 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2303: C:\Programme\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1465: C:\Programme\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.13 08:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.05.03 19:44:21 | 000,000,000 | ---D | M]
 
[2009.08.13 20:13:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Extensions
[2012.07.01 17:39:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Mozilla\Firefox\Profiles\ezsya1oq.default\extensions
[2011.11.18 10:15:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.13 08:50:58 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.02 19:31:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.02.01 00:37:28 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [SansaDispatch] C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O12 - Plugin for: .spop - C:\Programme\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains:  ([]msn in Arbeitsplatz)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132731652921 (MUWebControl Class)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Programme\AutoCAD 2002\AcDcToday.ocx (AcDcToday Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} file://C:\Programme\AutoCAD 2002\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} file://C:\Programme\AutoCAD 2002\InstFred.ocx (InstaFred)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Programme\AutoCAD 2002\AcPreview.ocx (AcPreview Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22AE209-104A-4CFD-A75F-F6E166C3824E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.23 01:31:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {B911E4B1-50EE-7BF4-41DE-E2C8FB9A52B1} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {C74984BB-AD16-7ACA-6C4B-184465658C7E} - Dynamic HTML-Datenbindung für Java
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DABC0CAB-D081-6225-079E-F7118A5F7D1D} - Dynamic HTML-Datenbindung für Java
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: BITS -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acrobat Assistant.lnk - C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AutoCAD-Startbeschleuniger.lnk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\acstart16.exe - (Autodesk, Inc)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^XXX^Startmenü^Programme^Autostart^OpenOffice.org 2.0.lnk - C:\Programme\OpenOffice.org 2.0\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 16:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Malwarebytes
[2012.07.15 16:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.15 16:16:07 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.15 16:16:07 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.15 15:56:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.07.14 19:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.07.14 19:54:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Avira
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.18 22:20:01 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.18 22:19:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.18 22:19:56 | 526,503,936 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 16:45:09 | 000,048,128 | ---- | M] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.15 16:00:38 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.18 22:32:53 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2012.07.15 16:05:24 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@
[2012.07.15 16:05:24 | 000,013,312 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@
[2012.07.15 16:05:24 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\00000001.@
[2012.07.14 21:31:18 | 000,013,312 | ---- | C] () -- C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@
[2006.03.09 21:39:51 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.02.11 17:19:14 | 000,048,128 | ---- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.02.07 19:27:36 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2001.08.18 14:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\@
[2001.08.18 14:00:00 | 000,002,048 | -HS- | C] () -- C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\@
 
========== LOP Check ==========
 
[2006.08.24 12:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2006.01.05 15:26:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2006.08.24 12:37:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\Autodesk
[2009.09.13 13:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\diginet
[2007.09.15 11:23:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\EPSON
[2006.07.28 13:10:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\InterTrust
[2010.04.28 15:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXX\Anwendungsdaten\SanDisk
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2005.11.23 00:56:07 | 000,000,000 | ---D | M] -- C:\Acer
[2006.12.16 21:47:57 | 000,000,000 | ---D | M] -- C:\ArchiCAD 6.5
[2006.09.21 09:40:24 | 000,000,000 | ---D | M] -- C:\dj800
[2006.03.19 13:42:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.07.18 22:54:55 | 000,000,000 | ---D | M] -- C:\Downloads
[2005.12.31 19:22:01 | 000,000,000 | ---D | M] -- C:\EPSON
[2006.12.05 17:56:12 | 000,000,000 | ---D | M] -- C:\f0980c5a1d472e5c72
[2006.07.27 11:25:17 | 000,000,000 | ---D | M] -- C:\MWASPI
[2012.07.15 16:16:07 | 000,000,000 | R--D | M] -- C:\Programme
[2005.11.25 17:46:01 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.07.14 20:39:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.07.15 16:45:08 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2005.11.23 00:54:25 | 000,000,000 | ---D | M] -- C:\WUTemp
 
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2004.08.04 01:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\system32\dllcache\explorer.exe
[2001.08.18 14:00:00 | 001,004,032 | ---- | M] (Microsoft Corporation) MD5=D1A32C0C43F7CB53050042FD631020D9 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2001.08.18 14:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=56017150476C14C6BF1CF9AD97937F4A -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\regedit.exe
[2004.08.04 01:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2001.08.18 14:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=292F283D9E2D49A91DF039C1076ACD18 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 01:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 01:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2001.08.18 14:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) MD5=5DAC883C68D261D406489F3F990D8DDF -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-17 15:12:28

< End of report >
Und schließlich TDSSKiller:

Code:
23:32:05.0984 4032        TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
23:32:06.0000 4032        ============================================================
23:32:06.0000 4032        Current date / time: 2012/07/18 23:32:06.0000
23:32:06.0000 4032        SystemInfo:
23:32:06.0000 4032       
23:32:06.0000 4032        OS Version: 5.1.2600 ServicePack: 2.0
23:32:06.0000 4032        Product type: Workstation
23:32:06.0000 4032        ComputerName: NB
23:32:06.0000 4032        UserName: XXX
23:32:06.0000 4032        Windows directory: C:\WINDOWS
23:32:06.0000 4032        System windows directory: C:\WINDOWS
23:32:06.0000 4032        Processor architecture: Intel x86
23:32:06.0000 4032        Number of processors: 1
23:32:06.0000 4032        Page size: 0x1000
23:32:06.0000 4032        Boot type: Normal boot
23:32:06.0000 4032        ============================================================
23:32:09.0421 4032        Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0x1C80, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
23:32:09.0437 4032        ============================================================
23:32:09.0437 4032        \Device\Harddisk0\DR0:
23:32:09.0437 4032        MBR partitions:
23:32:09.0437 4032        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x5DE2BF, BlocksNum 0x69E99C1
23:32:09.0437 4032        ============================================================
23:32:09.0484 4032        C: <-> \Device\Harddisk0\DR0\Partition0
23:32:09.0484 4032        ============================================================
23:32:09.0484 4032        Initialize success
23:32:09.0484 4032        ============================================================
23:32:10.0953 1184        ============================================================
23:32:10.0953 1184        Scan started
23:32:10.0953 1184        Mode: Manual;
23:32:10.0953 1184        ============================================================
23:32:12.0359 1184        Abiosdsk - ok
23:32:12.0359 1184        abp480n5 - ok
23:32:12.0500 1184        ACPI            (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:32:12.0500 1184        ACPI - ok
23:32:12.0593 1184        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:32:12.0593 1184        ACPIEC - ok
23:32:12.0656 1184        ADM8511        (b05f2367f62552a2de7e3c352b7b9885) C:\WINDOWS\system32\DRIVERS\ADM8511.SYS
23:32:12.0656 1184        ADM8511 - ok
23:32:12.0656 1184        adpu160m - ok
23:32:12.0718 1184        aec            (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
23:32:12.0734 1184        aec - ok
23:32:12.0812 1184        AFD            (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
23:32:12.0812 1184        AFD - ok
23:32:12.0828 1184        Aha154x - ok
23:32:12.0843 1184        aic78u2 - ok
23:32:12.0843 1184        aic78xx - ok
23:32:12.0890 1184        Alerter        (1aab6c5f8376357cb9b16c38c42c4076) C:\WINDOWS\system32\alrsvc.dll
23:32:12.0890 1184        Alerter - ok
23:32:12.0953 1184        ALG            (6596dd260ffde1bdc994c1df236307bb) C:\WINDOWS\System32\alg.exe
23:32:12.0953 1184        ALG - ok
23:32:12.0953 1184        AliIde - ok
23:32:12.0968 1184        amsint - ok
23:32:13.0312 1184        anbmService    (c10d0fae427ea464edea2ee5dc40f056) C:\Acer\eManager\anbmServ.exe
23:32:13.0390 1184        anbmService - ok
23:32:13.0562 1184        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Programme\Avira\AntiVir Desktop\sched.exe
23:32:13.0578 1184        AntiVirSchedulerService - ok
23:32:13.0671 1184        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Programme\Avira\AntiVir Desktop\avguard.exe
23:32:13.0703 1184        AntiVirService - ok
23:32:13.0968 1184        AppMgmt - ok
23:32:14.0000 1184        asc - ok
23:32:14.0000 1184        asc3350p - ok
23:32:14.0015 1184        asc3550 - ok
23:32:14.0140 1184        aspnet_state    (e1a1206a4fb19b675e947b29ccd25fba) C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
23:32:14.0140 1184        aspnet_state - ok
23:32:15.0265 1184        AsyncMac        (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:32:15.0265 1184        AsyncMac - ok
23:32:15.0890 1184        atapi          (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
23:32:15.0890 1184        atapi - ok
23:32:15.0906 1184        Atdisk - ok
23:32:16.0031 1184        Atmarpc        (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:32:16.0046 1184        Atmarpc - ok
23:32:16.0421 1184        AudioSrv        (e98b8250398f6637b335a76ba8dfb602) C:\WINDOWS\System32\audiosrv.dll
23:32:16.0453 1184        AudioSrv - ok
23:32:16.0515 1184        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
23:32:16.0515 1184        audstub - ok
23:32:17.0640 1184        Autodesk Licensing Service (7cc8cd6f86054c563e47e7f063ce7a61) C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
23:32:17.0703 1184        Autodesk Licensing Service - ok
23:32:17.0828 1184        avgio          (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Programme\Avira\AntiVir Desktop\avgio.sys
23:32:17.0828 1184        avgio - ok
23:32:17.0859 1184        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
23:32:17.0859 1184        avgntflt - ok
23:32:17.0906 1184        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
23:32:17.0906 1184        avipbb - ok
23:32:17.0968 1184        bcm4sbxp        (e727776a56a51b7e6b7c87c02ea8b405) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
23:32:17.0984 1184        bcm4sbxp - ok
23:32:18.0031 1184        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
23:32:18.0031 1184        Beep - ok
23:32:18.0093 1184        Browser        (d8653dcd80cf2ebb333fc4fcc43a7def) C:\WINDOWS\System32\browser.dll
23:32:18.0093 1184        Browser - ok
23:32:18.0156 1184        CAMCAUD        (baa90d983f77759fc70c65a1ce3d3566) C:\WINDOWS\system32\drivers\camcaud.sys
23:32:18.0156 1184        CAMCAUD - ok
23:32:18.0203 1184        CAMCHALA        (90d9c324df48bb8e3024e79f5c181784) C:\WINDOWS\system32\drivers\camchal.sys
23:32:18.0218 1184        CAMCHALA - ok
23:32:18.0265 1184        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
23:32:18.0265 1184        cbidf2k - ok
23:32:18.0265 1184        cd20xrnt - ok
23:32:18.0312 1184        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
23:32:18.0312 1184        Cdaudio - ok
23:32:18.0375 1184        Cdfs            (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
23:32:18.0375 1184        Cdfs - ok
23:32:18.0390 1184        Cdrom          (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:32:18.0390 1184        Cdrom - ok
23:32:18.0390 1184        Changer - ok
23:32:18.0453 1184        cisvc          (234d52c63c67a8cf4af9becce43bfb4a) C:\WINDOWS\System32\cisvc.exe
23:32:18.0453 1184        cisvc - ok
23:32:18.0468 1184        ClipSrv        (0461868578d29dc18fb1c79933c5158a) C:\WINDOWS\system32\clipsrv.exe
23:32:18.0468 1184        ClipSrv - ok
23:32:18.0500 1184        CmBatt          (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:32:18.0500 1184        CmBatt - ok
23:32:18.0515 1184        CmdIde - ok
23:32:18.0562 1184        Compbatt        (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:32:18.0578 1184        Compbatt - ok
23:32:18.0578 1184        COMSysApp - ok
23:32:18.0593 1184        Cpqarray - ok
23:32:18.0656 1184        CryptSvc        (1a5f9db98df7955b4c7cbdbf2c638238) C:\WINDOWS\System32\cryptsvc.dll
23:32:18.0656 1184        CryptSvc - ok
23:32:18.0671 1184        dac2w2k - ok
23:32:18.0671 1184        dac960nt - ok
23:32:18.0765 1184        DcomLaunch      (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
23:32:18.0812 1184        DcomLaunch - ok
23:32:18.0875 1184        Dhcp            (7c4d218f9017725589adacab82beb0f8) C:\WINDOWS\System32\dhcpcsvc.dll
23:32:18.0890 1184        Dhcp - ok
23:32:18.0968 1184        Disk            (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
23:32:18.0968 1184        Disk - ok
23:32:18.0968 1184        dmadmin - ok
23:32:19.0125 1184        dmboot          (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
23:32:19.0234 1184        dmboot - ok
23:32:19.0312 1184        dmio            (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
23:32:19.0328 1184        dmio - ok
23:32:19.0359 1184        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
23:32:19.0359 1184        dmload - ok
23:32:19.0390 1184        dmserver        (fa2d9d1a9f6b5a88d01e1685ce2378ba) C:\WINDOWS\System32\dmserver.dll
23:32:19.0390 1184        dmserver - ok
23:32:19.0421 1184        DMusic          (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
23:32:19.0421 1184        DMusic - ok
23:32:19.0453 1184        Dnscache        (d20c5b5f0d8ac53ffec17ff9b1658a6e) C:\WINDOWS\System32\dnsrslvr.dll
23:32:19.0453 1184        Dnscache - ok
23:32:19.0468 1184        dpti2o - ok
23:32:19.0484 1184        drmkaud        (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
23:32:19.0484 1184        drmkaud - ok
23:32:19.0546 1184        EpmPsd          (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\System32\drivers\epm-psd.sys
23:32:19.0546 1184        EpmPsd - ok
23:32:19.0562 1184        EpmShd          (b2d71ba438701b5f0368b958bea2dc62) C:\WINDOWS\System32\drivers\epm-shd.sys
23:32:19.0562 1184        EpmShd - ok
23:32:19.0640 1184        ERSvc          (877a4512cc9074d6954776af47021766) C:\WINDOWS\System32\ersvc.dll
23:32:19.0640 1184        ERSvc - ok
23:32:19.0687 1184        Eventlog        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
23:32:19.0703 1184        Eventlog - ok
23:32:19.0796 1184        EventSystem    (d68ed3908c7a0db446111d34ac40dc18) C:\WINDOWS\System32\es.dll
23:32:19.0812 1184        EventSystem - ok
23:32:19.0890 1184        Fastfat        (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
23:32:19.0890 1184        Fastfat - ok
23:32:19.0968 1184        FastUserSwitchingCompatibility (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:19.0984 1184        FastUserSwitchingCompatibility - ok
23:32:20.0000 1184        Fdc            (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
23:32:20.0000 1184        Fdc - ok
23:32:20.0062 1184        Fips            (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
23:32:20.0062 1184        Fips - ok
23:32:20.0078 1184        Flpydisk        (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
23:32:20.0078 1184        Flpydisk - ok
23:32:20.0140 1184        FltMgr          (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
23:32:20.0156 1184        FltMgr - ok
23:32:20.0171 1184        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:32:20.0171 1184        Fs_Rec - ok
23:32:20.0203 1184        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:32:20.0218 1184        Ftdisk - ok
23:32:20.0234 1184        Gpc            (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:32:20.0234 1184        Gpc - ok
23:32:20.0359 1184        helpsvc        (ba85bcf1a2bcf927c3600574173403e0) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:32:20.0359 1184        helpsvc - ok
23:32:20.0421 1184        HidServ        (b647ca198b9c73056abfb0a9d8f4916d) C:\WINDOWS\System32\hidserv.dll
23:32:20.0421 1184        HidServ - ok
23:32:20.0484 1184        HidUsb          (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:32:20.0484 1184        HidUsb - ok
23:32:20.0484 1184        hpn - ok
23:32:20.0500 1184        hpt3xx - ok
23:32:20.0578 1184        HSFHWICH        (e7bcc7ec37dd2dd36a39bb9ac87a897b) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
23:32:20.0593 1184        HSFHWICH - ok
23:32:20.0781 1184        HSF_DPV        (822c60f2abee73a0e089230d94064f39) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
23:32:20.0859 1184        HSF_DPV - ok
23:32:20.0968 1184        HTTP            (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
23:32:20.0984 1184        HTTP - ok
23:32:21.0031 1184        HTTPFilter      (9ec7e866bbdbf3ecc0e67f4e0a838eb2) C:\WINDOWS\System32\w3ssl.dll
23:32:21.0031 1184        HTTPFilter - ok
23:32:21.0046 1184        i2omgmt - ok
23:32:21.0046 1184        i2omp - ok
23:32:21.0125 1184        i8042prt        (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:32:21.0125 1184        i8042prt - ok
23:32:21.0328 1184        ialm            (afbf1b43cc830bdc03b582003da439c2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
23:32:21.0390 1184        ialm - ok
23:32:21.0406 1184        Imapi          (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\drivers\Imapi.sys
23:32:21.0406 1184        Imapi - ok
23:32:21.0484 1184        ImapiService    (57d7267a9ed91ecaf4336b08c9628fca) C:\WINDOWS\System32\imapi.exe
23:32:21.0500 1184        ImapiService - ok
23:32:21.0515 1184        ini910u - ok
23:32:21.0515 1184        IntelIde - ok
23:32:21.0609 1184        intelppm        (c1c2cc1da79c5ee10457ef0a3b8568c7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:32:21.0609 1184        intelppm - ok
23:32:21.0640 1184        ip6fw          (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
23:32:21.0640 1184        ip6fw - ok
23:32:21.0671 1184        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:32:21.0671 1184        IpFilterDriver - ok
23:32:21.0718 1184        IpInIp          (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:32:21.0718 1184        IpInIp - ok
23:32:21.0781 1184        IpNat          (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:32:21.0796 1184        IpNat - ok
23:32:21.0812 1184        IPSec          (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:32:21.0812 1184        IPSec - ok
23:32:21.0859 1184        IRENUM          (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
23:32:21.0859 1184        IRENUM - ok
23:32:21.0906 1184        isapnp          (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:32:21.0906 1184        isapnp - ok
23:32:22.0046 1184        JavaQuickStarterService (11c3efb4bac41175d03b1595db1a4a4f) C:\Programme\Java\jre6\bin\jqs.exe
23:32:22.0062 1184        JavaQuickStarterService - ok
23:32:22.0125 1184        Kbdclass        (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:32:22.0125 1184        Kbdclass - ok
23:32:22.0171 1184        kbdhid          (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:32:22.0171 1184        kbdhid - ok
23:32:22.0250 1184        kmixer          (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
23:32:22.0250 1184        kmixer - ok
23:32:22.0281 1184        KSecDD          (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
23:32:22.0281 1184        KSecDD - ok
23:32:22.0343 1184        lanmanserver    (2865fa4ed4471929881c053a6e5a85f6) C:\WINDOWS\System32\srvsvc.dll
23:32:22.0375 1184        lanmanserver - ok
23:32:22.0406 1184        lanmanworkstation (f716a6f5babb6da60c0532510ab52245) C:\WINDOWS\System32\wkssvc.dll
23:32:22.0421 1184        lanmanworkstation - ok
23:32:22.0437 1184        lbrtfdc - ok
23:32:22.0515 1184        LmHosts        (4c25fadd7fe1d5bd779b20d3d0eb8d7c) C:\WINDOWS\System32\lmhsvc.dll
23:32:22.0515 1184        LmHosts - ok
23:32:22.0562 1184        MASPINT        (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
23:32:22.0562 1184        MASPINT - ok
23:32:22.0625 1184        mdmxsdk        (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
23:32:22.0625 1184        mdmxsdk - ok
23:32:22.0656 1184        Messenger      (e5215ab942c5ac5f7eb0e54871d7a27c) C:\WINDOWS\System32\msgsvc.dll
23:32:22.0656 1184        Messenger - ok
23:32:22.0906 1184        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
23:32:22.0906 1184        mnmdd - ok
23:32:22.0953 1184        mnmsrvc        (bb2470d20405b272ea47ca5e18f1c58e) C:\WINDOWS\System32\mnmsrvc.exe
23:32:22.0953 1184        mnmsrvc - ok
23:32:23.0000 1184        Modem          (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
23:32:23.0015 1184        Modem - ok
23:32:23.0031 1184        Mouclass        (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:32:23.0031 1184        Mouclass - ok
23:32:23.0062 1184        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:32:23.0062 1184        mouhid - ok
23:32:23.0109 1184        MountMgr        (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
23:32:23.0109 1184        MountMgr - ok
23:32:23.0171 1184        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:32:23.0187 1184        MozillaMaintenance - ok
23:32:23.0203 1184        mraid35x - ok
23:32:23.0234 1184        MRxDAV          (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:32:23.0234 1184        MRxDAV - ok
23:32:23.0343 1184        MRxSmb          (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:32:23.0375 1184        MRxSmb - ok
23:32:23.0437 1184        MSDTC          (d059f9c7752ef461476e83180daa5c62) C:\WINDOWS\System32\msdtc.exe
23:32:23.0437 1184        MSDTC - ok
23:32:23.0484 1184        Msfs            (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
23:32:23.0484 1184        Msfs - ok
23:32:23.0500 1184        MSIServer - ok
23:32:23.0531 1184        MSKSSRV        (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:32:23.0531 1184        MSKSSRV - ok
23:32:23.0546 1184        MSPCLOCK        (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:32:23.0546 1184        MSPCLOCK - ok
23:32:23.0578 1184        MSPQM          (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
23:32:23.0578 1184        MSPQM - ok
23:32:23.0625 1184        mssmbios        (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:32:23.0625 1184        mssmbios - ok
23:32:23.0640 1184        Mup            (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
23:32:23.0656 1184        Mup - ok
23:32:23.0703 1184        NDIS            (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
23:32:23.0718 1184        NDIS - ok
23:32:23.0781 1184        NdisTapi        (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:32:23.0781 1184        NdisTapi - ok
23:32:23.0796 1184        Ndisuio        (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:32:23.0796 1184        Ndisuio - ok
23:32:23.0828 1184        NdisWan        (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:32:23.0843 1184        NdisWan - ok
23:32:23.0921 1184        NDProxy        (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
23:32:23.0921 1184        NDProxy - ok
23:32:23.0937 1184        NetBIOS        (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
23:32:23.0937 1184        NetBIOS - ok
23:32:23.0984 1184        NetBT          (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
23:32:24.0000 1184        NetBT - ok
23:32:24.0062 1184        NetDDE          (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
23:32:24.0078 1184        NetDDE - ok
23:32:24.0078 1184        NetDDEdsdm      (f4eff57254f565f39b6029150414a0d5) C:\WINDOWS\system32\netdde.exe
23:32:24.0078 1184        NetDDEdsdm - ok
23:32:24.0125 1184        Netlogon        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:24.0125 1184        Netlogon - ok
23:32:24.0203 1184        Netman          (1e5218fbe323c375b488318950e10fb4) C:\WINDOWS\System32\netman.dll
23:32:24.0218 1184        Netman - ok
23:32:24.0281 1184        Nla            (774274c487493452df3b0126dbe7ff3b) C:\WINDOWS\System32\mswsock.dll
23:32:24.0296 1184        Nla - ok
23:32:24.0328 1184        Npfs            (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
23:32:24.0328 1184        Npfs - ok
23:32:24.0484 1184        Ntfs            (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
23:32:24.0531 1184        Ntfs - ok
23:32:24.0531 1184        NtLmSsp        (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:24.0531 1184        NtLmSsp - ok
23:32:24.0671 1184        NtmsSvc        (428aa946a8d9f32dbb4260c8e6e13377) C:\WINDOWS\system32\ntmssvc.dll
23:32:24.0703 1184        NtmsSvc - ok
23:32:24.0765 1184        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
23:32:24.0765 1184        Null - ok
23:32:24.0812 1184        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:32:24.0812 1184        NwlnkFlt - ok
23:32:24.0828 1184        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:32:24.0828 1184        NwlnkFwd - ok
23:32:24.0875 1184        Parport        (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
23:32:24.0875 1184        Parport - ok
23:32:24.0906 1184        PartMgr        (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
23:32:24.0906 1184        PartMgr - ok
23:32:24.0953 1184        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
23:32:24.0953 1184        ParVdm - ok
23:32:25.0000 1184        PCI            (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
23:32:25.0000 1184        PCI - ok
23:32:25.0015 1184        PCIDump - ok
23:32:25.0031 1184        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
23:32:25.0031 1184        PCIIde - ok
23:32:25.0046 1184        Pcmcia          (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
23:32:25.0046 1184        Pcmcia - ok
23:32:25.0062 1184        PDCOMP - ok
23:32:25.0062 1184        PDFRAME - ok
23:32:25.0062 1184        PDRELI - ok
23:32:25.0078 1184        PDRFRAME - ok
23:32:25.0093 1184        perc2 - ok
23:32:25.0093 1184        perc2hib - ok
23:32:25.0156 1184        PlugPlay        (65f6b774819bd727358157cedea67b8e) C:\WINDOWS\system32\services.exe
23:32:25.0156 1184        PlugPlay - ok
23:32:25.0171 1184        PolicyAgent    (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\System32\lsass.exe
23:32:25.0171 1184        PolicyAgent - ok
23:32:25.0187 1184        PptpMiniport    (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:32:25.0187 1184        PptpMiniport - ok
23:32:25.0203 1184        Processor      (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
23:32:25.0203 1184        Processor - ok
23:32:25.0218 1184        ProtectedStorage (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
23:32:25.0218 1184        ProtectedStorage - ok
23:32:25.0234 1184        PSched          (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
23:32:25.0234 1184        PSched - ok
23:32:25.0296 1184        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:32:25.0296 1184        Ptilink - ok
23:32:25.0312 1184        ql1080 - ok
23:32:25.0312 1184        Ql10wnt - ok
23:32:25.0312 1184        ql12160 - ok
23:32:25.0328 1184        ql1240 - ok
23:32:25.0328 1184        ql1280 - ok
23:32:25.0375 1184        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:32:25.0375 1184        RasAcd - ok
23:32:25.0421 1184        RasAuto        (e3c6e87c1f84584a773d7c3dd205dbff) C:\WINDOWS\System32\rasauto.dll
23:32:25.0421 1184        RasAuto - ok
23:32:25.0437 1184        Rasl2tp        (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:32:25.0437 1184        Rasl2tp - ok
23:32:25.0515 1184        RasMan          (ffc8343b35fb2df01a5767748efa5b58) C:\WINDOWS\System32\rasmans.dll
23:32:25.0546 1184        RasMan - ok
23:32:25.0562 1184        RasPppoe        (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:32:25.0562 1184        RasPppoe - ok
23:32:25.0578 1184        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
23:32:25.0578 1184        Raspti - ok
23:32:25.0656 1184        Rdbss          (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:32:25.0671 1184        Rdbss - ok
23:32:25.0687 1184        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:32:25.0703 1184        RDPCDD - ok
23:32:25.0781 1184        RDPWD          (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
23:32:25.0796 1184        RDPWD - ok
23:32:25.0875 1184        RDSessMgr      (aec159942df64a9890072d7bb1797762) C:\WINDOWS\system32\sessmgr.exe
23:32:25.0890 1184        RDSessMgr - ok
23:32:25.0921 1184        redbook        (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
23:32:25.0921 1184        redbook - ok
23:32:25.0968 1184        RemoteAccess    (eba80cdf25e02084857957e820004934) C:\WINDOWS\System32\mprdim.dll
23:32:25.0968 1184        RemoteAccess - ok
23:32:25.0984 1184        RpcLocator      (da23f9f3f1b1871120f980a6879581ac) C:\WINDOWS\System32\locator.exe
23:32:25.0984 1184        RpcLocator - ok
23:32:26.0125 1184        RpcSs          (d45bbcddc74a1b0259a0c4b00c190d20) C:\WINDOWS\system32\rpcss.dll
23:32:26.0125 1184        RpcSs - ok
23:32:26.0203 1184        RSVP            (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\System32\rsvp.exe
23:32:26.0234 1184        RSVP - ok
23:32:26.0234 1184        s24trans - ok
23:32:26.0296 1184        SamSs          (183805eb05bca5a1e4aaaed4d2be3690) C:\WINDOWS\system32\lsass.exe
23:32:26.0296 1184        SamSs - ok
23:32:26.0328 1184        SCardSvr        (b4cf7b42de6cfa6fde7d6af4daa55f57) C:\WINDOWS\System32\SCardSvr.exe
23:32:26.0328 1184        SCardSvr - ok
23:32:26.0421 1184        Schedule        (d5e73842f38e24457c63fef8ceffbe19) C:\WINDOWS\system32\schedsvc.dll
23:32:26.0453 1184        Schedule - ok
23:32:26.0500 1184        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:32:26.0500 1184        Secdrv - ok
23:32:26.0531 1184        seclogon        (fed544b43903fb801b106f062110358a) C:\WINDOWS\System32\seclogon.dll
23:32:26.0531 1184        seclogon - ok
23:32:26.0546 1184        SENS            (ab74d986c1dd0d0c95b6ad37ec1e9f4f) C:\WINDOWS\system32\sens.dll
23:32:26.0546 1184        SENS - ok
23:32:26.0609 1184        Sentinel        (3e7ff2405bcc1384d946dc45edc7ed61) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
23:32:26.0609 1184        Sentinel - ok
23:32:26.0671 1184        Serial          (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
23:32:26.0671 1184        Serial - ok
23:32:26.0703 1184        Sfloppy        (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
23:32:26.0703 1184        Sfloppy - ok
23:32:26.0765 1184        ShellHWDetection (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:26.0765 1184        ShellHWDetection - ok
23:32:26.0781 1184        Simbad - ok
23:32:26.0781 1184        Sparrow - ok
23:32:26.0875 1184        splitter        (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
23:32:26.0875 1184        splitter - ok
23:32:26.0937 1184        Spooler        (da81ec57acd4cdc3d4c51cf3d409af9f) C:\WINDOWS\system32\spoolsv.exe
23:32:26.0937 1184        Spooler - ok
23:32:26.0968 1184        sr              (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
23:32:26.0968 1184        sr - ok
23:32:27.0031 1184        srservice      (015f302c4cf961f20c3f98f3a7ca7917) C:\WINDOWS\System32\srsvc.dll
23:32:27.0062 1184        srservice - ok
23:32:27.0125 1184        Srv            (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
23:32:27.0156 1184        Srv - ok
23:32:27.0187 1184        SSDPSRV        (6fa03b462b2fffe2627171b7fe73ee29) C:\WINDOWS\System32\ssdpsrv.dll
23:32:27.0187 1184        SSDPSRV - ok
23:32:27.0203 1184        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
23:32:27.0203 1184        ssmdrv - ok
23:32:27.0328 1184        stisvc          (25e9b30af1fa1b9af1853577f39ff20b) C:\WINDOWS\system32\wiaservc.dll
23:32:27.0343 1184        stisvc - ok
23:32:27.0390 1184        swenum          (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
23:32:27.0390 1184        swenum - ok
23:32:27.0437 1184        swmidi          (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
23:32:27.0453 1184        swmidi - ok
23:32:27.0453 1184        SwPrv - ok
23:32:27.0468 1184        symc810 - ok
23:32:27.0468 1184        symc8xx - ok
23:32:27.0484 1184        sym_hi - ok
23:32:27.0484 1184        sym_u3 - ok
23:32:27.0593 1184        SynTP          (eb363ddfbe8b6d51003ccab29d93d744) C:\WINDOWS\system32\DRIVERS\SynTP.sys
23:32:27.0609 1184        SynTP - ok
23:32:27.0640 1184        sysaudio        (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
23:32:27.0640 1184        sysaudio - ok
23:32:27.0703 1184        SysmonLog      (6d0c43df9d3a7c5a9b4f94772cbd5ddc) C:\WINDOWS\system32\smlogsvc.exe
23:32:27.0703 1184        SysmonLog - ok
23:32:27.0796 1184        TapiSrv        (427d7eb3b453347082c8f4b370065d60) C:\WINDOWS\System32\tapisrv.dll
23:32:27.0812 1184        TapiSrv - ok
23:32:27.0906 1184        Tcpip          (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:32:27.0937 1184        Tcpip - ok
23:32:28.0000 1184        TDPIPE          (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
23:32:28.0015 1184        TDPIPE - ok
23:32:28.0031 1184        TDTCP          (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
23:32:28.0031 1184        TDTCP - ok
23:32:28.0062 1184        TermDD          (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
23:32:28.0062 1184        TermDD - ok
23:32:28.0250 1184        TermService    (1850bc10de5dcccede063fc2d0f2ceda) C:\WINDOWS\System32\termsrv.dll
23:32:28.0328 1184        TermService - ok
23:32:28.0390 1184        Themes          (521a4cb71cc419fdf60db83e7308ae2b) C:\WINDOWS\System32\shsvcs.dll
23:32:28.0390 1184        Themes - ok
23:32:28.0406 1184        TosIde - ok
23:32:28.0421 1184        TrkWks          (a34e894201d66e380e1fa96fe11b587e) C:\WINDOWS\system32\trkwks.dll
23:32:28.0453 1184        TrkWks - ok
23:32:28.0468 1184        Udfs            (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
23:32:28.0468 1184        Udfs - ok
23:32:28.0484 1184        ultra - ok
23:32:28.0593 1184        Update          (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
23:32:28.0625 1184        Update - ok
23:32:28.0718 1184        upnphost        (855790c1baced245a6b210af430ed17b) C:\WINDOWS\System32\upnphost.dll
23:32:28.0734 1184        upnphost - ok
23:32:28.0781 1184        UPS            (a99f867e76cfdaa28ee305b93f70e84f) C:\WINDOWS\System32\ups.exe
23:32:28.0781 1184        UPS - ok
23:32:28.0843 1184        usbccgp        (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:32:28.0843 1184        usbccgp - ok
23:32:28.0906 1184        usbehci        (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:32:28.0906 1184        usbehci - ok
23:32:28.0921 1184        usbhub          (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:32:28.0921 1184        usbhub - ok
23:32:28.0984 1184        usbprint        (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:32:28.0984 1184        usbprint - ok
23:32:29.0046 1184        usbscan        (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:32:29.0046 1184        usbscan - ok
23:32:29.0390 1184        USBSTOR        (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:32:29.0406 1184        USBSTOR - ok
23:32:29.0421 1184        usbuhci        (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:32:29.0421 1184        usbuhci - ok
23:32:29.0437 1184        VgaSave        (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
23:32:29.0453 1184        VgaSave - ok
23:32:29.0453 1184        ViaIde - ok
23:32:29.0515 1184        VolSnap        (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
23:32:29.0515 1184        VolSnap - ok
23:32:29.0609 1184        VSS            (6635ecbf0d8090dc3a452d0d072b5d5b) C:\WINDOWS\System32\vssvc.exe
23:32:29.0640 1184        VSS - ok
23:32:31.0328 1184        w29n51          (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
23:32:31.0609 1184        w29n51 - ok
23:32:31.0796 1184        W32Time        (c6d874cd2a5b83cd11cdebd28a638584) C:\WINDOWS\System32\w32time.dll
23:32:31.0812 1184        W32Time - ok
23:32:31.0875 1184        Wanarp          (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:32:31.0875 1184        Wanarp - ok
23:32:31.0890 1184        WDICA - ok
23:32:31.0953 1184        wdmaud          (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
23:32:31.0953 1184        wdmaud - ok
23:32:32.0015 1184        WebClient      (879ecb9a5f14a03960b84edb7207a051) C:\WINDOWS\System32\webclnt.dll
23:32:32.0031 1184        WebClient - ok
23:32:32.0656 1184        winachsf        (5ea185425bfcbc2d4b96d673d8c4deaf) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
23:32:32.0718 1184        winachsf - ok
23:32:32.0859 1184        winmgmt        (da2dadb42916e59c6e4bba593bccda73) C:\WINDOWS\system32\wbem\WMIsvc.dll
23:32:32.0875 1184        winmgmt - ok
23:32:32.0937 1184        WmdmPmSN        (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
23:32:32.0937 1184        WmdmPmSN - ok
23:32:33.0015 1184        WmiApSrv        (042a78fcd1adfb0fba9865d55c6f5cc1) C:\WINDOWS\System32\wbem\wmiapsrv.exe
23:32:33.0031 1184        WmiApSrv - ok
23:32:33.0062 1184        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:32:33.0078 1184        WudfPf - ok
23:32:34.0234 1184        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:32:34.0250 1184        WudfRd - ok
23:32:34.0265 1184        WudfSvc        (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
23:32:34.0265 1184        WudfSvc - ok
23:32:34.0375 1184        WZCSVC          (ae83ada96575dacf533c2bcb1fc163dc) C:\WINDOWS\System32\wzcsvc.dll
23:32:34.0406 1184        WZCSVC - ok
23:32:34.0468 1184        xmlprov        (8302de1c64618d72346dd0034dbc5d9b) C:\WINDOWS\System32\xmlprov.dll
23:32:34.0484 1184        xmlprov - ok
23:32:34.0546 1184        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
23:32:35.0234 1184        \Device\Harddisk0\DR0 - ok
23:32:35.0390 1184        Boot (0x1200)  (887dff404631fca035a7ae3c0dde98dc) \Device\Harddisk0\DR0\Partition0
23:32:35.0390 1184        \Device\Harddisk0\DR0\Partition0 - ok
23:32:35.0390 1184        ============================================================
23:32:35.0390 1184        Scan finished
23:32:35.0390 1184        ============================================================
23:32:35.0406 2252        Detected object count: 0
23:32:35.0406 2252        Actual detected object count: 0
Ist hier noch was zu machen oder Neuinstallation?

Danke im Voraus.

magic_balu 21.07.2012 11:18
Und nun noch Gmer:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-21 12:15:28
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST960821A rev.3.01
Running: i0pjinzo.exe; Driver: C:\DOKUME~1\XXX\LOKALE~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT            F8C33E94                                                                ZwClose
SSDT            F8C33E4E                                                                ZwCreateKey
SSDT            F8C33E9E                                                                ZwCreateSection
SSDT            F8C33E44                                                                ZwCreateThread
SSDT            F8C33E53                                                                ZwDeleteKey
SSDT            F8C33E5D                                                                ZwDeleteValueKey
SSDT            F8C33E8F                                                                ZwDuplicateObject
SSDT            F8C33E62                                                                ZwLoadKey
SSDT            F8C33E30                                                                ZwOpenProcess
SSDT            F8C33E35                                                                ZwOpenThread
SSDT            F8C33E6C                                                                ZwReplaceKey
SSDT            F8C33E67                                                                ZwRestoreKey
SSDT            F8C33EA3                                                                ZwSetContextThread
SSDT            F8C33E58                                                                ZwSetValueKey
SSDT            F8C33E3F                                                                ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntoskrnl.exe!_abnormal_termination + 428                                804E2A94 1 Byte  [58]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \FileSystem\Fastfat \Fat                                                A922FC8A

AttachedDevice  \FileSystem\Fastfat \Fat                                                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library        c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [460]  0x45670000                                                             

---- EOF - GMER 1.0.15 ----
Und ESET online Scanner:
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=dcfbc5ea9083c1478d8433ade43f2f11
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-21 01:08:00
# local_time=2012-07-21 03:08:00 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1797 16775125 100 100 133054 117764301 125729 0
# compatibility_mode=8192 67108863 100 0 315 315 0 0
# scanned=76370
# found=3
# cleaned=0
# scan_time=8350
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\80000000.@        a variant of Win32/Sirefef.FA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\{ede1b8f9-0cb2-2ca6-7157-fe4413b0d8c0}\U\800000cb.@        probably a variant of Win32/Agent.TEO trojan (unable to clean)        00000000000000000000000000000000        I
${Memory}        Win32/Sirefef.EV trojan        00000000000000000000000000000000        I


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:21 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129