Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   system infiziert? (https://www.trojaner-board.de/86356-system-infiziert.html)

parmenion 23.05.2010 01:59
system infiziert?
 
ich hab mit antivir mein system geprüft. dabei wurden 3 objekte gemeldet.

1. TR/Agent.cuft

2. TR/Crypt.XPACK.Gen

3. 3 java meldungen.

EXP/Java.3243
JAVA/Dldr.Agent.L
EXP/Java.3243

kann das sein obwohl ich java bei der ofiziellen website runtergeladen habe?

muss ich mir sorgen machen? sind das wirklich trojaner?

parmenion 23.05.2010 06:30
hab antivir deinstalliert und mit einem anderen virenscanner geprüft. NOD32 meldet nur 2 dateien.

1. C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP43\A0020100.exe - möglicherweise Variante von Win32/Agent Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert

2. C:\Postinstall\install.exe - möglicherweise Variante von Win32/Agent Trojaner - Gesäubert durch Löschen - in Quarantäne kopiert

was meint ihr - die experten?

parmenion 23.05.2010 14:37
hab ich nun einen trojaner oder nicht?

wie kann ich selbst prüfen ob ich noch herr meines systems bin also ob jemand zugang zu meinen daten hat?

ich bitte um dringende hilfe.

parmenion 23.05.2010 17:34
kommt schon ich brauche dringend hilfe :heulen:

MalwareHero 23.05.2010 17:46
Zitat:
Zitat von parmenion (Beitrag 527831)
kommt schon ich brauche dringend hilfe :heulen:
Hallo,

poste mal diese Logs:

http://www.trojaner-board.de/51130-a...ijackthis.html
http://www.trojaner-board.de/51187-a...i-malware.html


lg.

kickrom 23.05.2010 18:24
TR/Crypt.XPACK.Gen
hxxp://www.avira.com/de/threats/section/fulldetails/id_vir/3488/tr_crypt.xpack.gen.html

den anderen kennt Avira nicht mal wenn ich den auf der Seite suche^^
Wenn die beiden Programme in die Krankenstation kopiert wurden von Avira dürfte das Problem beseitigt sein. Die Frage bleibt wie der Kram auf deinen Rechner gekommen ist.

Zu dem Java: Es ist egal ob du auf der orginal Seite warst, weil im Internet nicht garantiert ist ob auch das ankommt was man angefordert hat.
Du könntest aber die .exe von dem Java Programm mal bei virustotal.com hochladen und von den 40 Scannern durchleuchten lassen.

parmenion 23.05.2010 18:42
Zitat:
Zitat von MalwareHero (Beitrag 527832)
danke schonmal für die antwort.

hier meine logfiles:

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:33, on 23.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21228)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINXP\system32\lxdncoms.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wscntfy.exe
C:\WINXP\system32\RunDll32.exe
C:\WINXP\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\MILENA\Eigene Dateien\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINXP\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINXP\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: lxdn_device -  - C:\WINXP\system32\lxdncoms.exe
O24 - Desktop Component 0: (no name) - hxxp://i.ebayimg.com/03/%21BcvWF5w%21mk%7E$%28KGrHqYOKjIEq5DBdy%21uBK10jSKY4%21%7E%7E_12.JPG

--
End of file - 7512 bytes
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23.05.2010 19:40:35
mbam-log-2010-05-23 (19-40-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 108722
Laufzeit: 20 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

MalwareHero 23.05.2010 18:46
Du musst Malwarebytes updaten bevor du den Scan machst!

Datenbank Version: 4052 = veraltert!

Neu ist: 4132!

Updaten und dann nochmal scannen. Steht in der Anleitung.

lg.

MalwareHero 23.05.2010 19:04
Poste auch dieses Log:

http://www.trojaner-board.de/74910-a...tion-tool.html

parmenion 23.05.2010 19:07
Zitat:
Zitat von MalwareHero (Beitrag 527844)
Du musst Malwarebytes updaten bevor du den Scan machst!

Datenbank Version: 4052 = veraltert!

Neu ist: 4132!

Updaten und dann nochmal scannen. Steht in der Anleitung.

lg.
nagut hier nochmal neue version:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4133

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23.05.2010 20:05:49
mbam-log-2010-05-23 (20-05-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112467
Laufzeit: 9 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

parmenion 23.05.2010 19:27
Code:
Logfile of random's system information tool 1.07 (written by random/random)
Run by MILENA at 2010-05-23 20:10:00
Microsoft Windows XP Professional Service Pack 2
System drive C: has 95 GB (83%) free of 114 GB
Total RAM: 511 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:10:22, on 23.05.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21228)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINXP\system32\lxdncoms.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\wscntfy.exe
C:\WINXP\system32\RunDll32.exe
C:\WINXP\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
C:\Programme\DivX\DivX Update\DivXUpdate.exe
C:\WINXP\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\MILENA\Eigene Dateien\Downloads\RSIT(2).exe
C:\Programme\trend micro\MILENA.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HTpatch] C:\WINXP\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINXP\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [egui] "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINXP\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINXP\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXP\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINXP\system32\ati2sgag.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\WINXP\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
O23 - Service: lxdn_device -  - C:\WINXP\system32\lxdncoms.exe
O24 - Desktop Component 0: (no name) - hxxp://i.ebayimg.com/03/%21BcvWF5w%21mk%7E$%28KGrHqYOKjIEq5DBdy%21uBK10jSKY4%21%7E%7E_12.JPG

--
End of file - 7924 bytes

======Scheduled tasks folder======

C:\WINXP\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-04-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-26 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"HTpatch"=C:\WINXP\htpatch.exe [2002-10-30 28672]
"SiSUSBRG"=C:\WINXP\SiSUSBrg.exe [2002-07-12 106496]
"ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-09-12 335872]
"SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=C:\Programme\QuickTime\QTTask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Programme\iTunes\iTunesHelper.exe [2010-03-26 142120]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"DivXUpdate"=C:\Programme\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"Malwarebytes Anti-Malware (reboot)"=C:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
"egui"=C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe [2009-05-14 2029640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINXP\system32\ctfmon.exe [2004-08-03 15360]
"msnmsgr"=C:\Programme\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2004-10-13 1694208]
"DAEMON Tools Lite"=C:\Programme\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINXP\system32\Ati2evxx.dll [2003-09-12 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINXP\system32\wpdshserviceobj.dll [2007-10-09 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour""
"C:\Programme\iTunes\iTunes.exe"="C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Programme\Conference\Conference.dll"="C:\Programme\Conference\Conference.dll:*:Enabled:Audio/Video Conference"
"C:\WINXP\system32\lxdncoms.exe"="C:\WINXP\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System"
"C:\WINXP\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINXP\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\WINXP\system32\spool\drivers\w32x86\3\lxdntime.exe"="C:\WINXP\system32\spool\drivers\w32x86\3\lxdntime.exe:*:Enabled:Lexmark Connect Time Executable"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9cd122e2-5178-11df-9993-000b6a287407}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-23 19:18:21 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2010-05-23 04:56:54 ----D---- C:\WINXP\LastGood
2010-05-23 04:56:11 ----D---- C:\Programme\ESET
2010-05-23 04:56:11 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
2010-05-23 03:56:03 ----D---- C:\Programme\trend micro
2010-05-23 03:56:01 ----D---- C:\rsit
2010-05-23 03:39:26 ----D---- C:\Dokumente und Einstellungen\M\Anwendungsdaten\Malwarebytes
2010-05-23 03:39:13 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-16 10:02:25 ----AD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
2010-05-16 09:03:53 ----D---- C:\Programme\ElcomSoft
2010-05-16 08:21:55 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\UDC Profiles
2010-05-16 06:53:29 ----D---- C:\logs
2010-05-16 06:52:53 ----A---- C:\WINXP\system32\lxdnvs.dll
2010-05-16 06:52:50 ----A---- C:\WINXP\system32\lxdncoin.dll
2010-05-16 06:52:26 ----A---- C:\WINXP\system32\wiafbdrv.dll
2010-05-16 06:52:05 ----A---- C:\WINXP\system32\lxdndrs.dll
2010-05-16 06:52:05 ----A---- C:\WINXP\system32\lxdncaps.dll
2010-05-16 06:52:04 ----A---- C:\WINXP\system32\lxdncnv4.dll
2010-05-16 06:51:46 ----D---- C:\Programme\Lexmark Toolbar
2010-05-16 06:51:35 ----A---- C:\WINXP\system32\lxdnwupd.exe
2010-05-16 06:51:35 ----A---- C:\WINXP\system32\lxdnwupd.dll
2010-05-16 06:51:18 ----A---- C:\WINXP\system32\LXDNinst.dll
2010-05-16 06:51:18 ----A---- C:\WINXP\system32\lxdninpa.dll
2010-05-16 06:51:18 ----A---- C:\WINXP\system32\LXDNhcp.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdnutil.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdnusb1.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdnserv.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdnprox.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdnpmui.dll
2010-05-16 06:51:17 ----A---- C:\WINXP\system32\lxdniesc.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdnlmpm.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdnjswr.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdninsr.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdninsb.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdnins.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdnih.exe
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdnhbn3.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdngrd.dll
2010-05-16 06:51:16 ----A---- C:\WINXP\system32\lxdngf.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncur.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncub.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncu.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncoms.exe
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncomm.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncomc.dll
2010-05-16 06:51:15 ----A---- C:\WINXP\system32\lxdncfg.exe
2010-05-16 06:51:14 ----A---- C:\WINXP\system32\LXDNcfg.dll
2010-05-16 06:48:47 ----D---- C:\drivers
2010-05-13 03:02:30 ----HDC---- C:\WINXP\$NtUninstallKB978542$
2010-05-12 21:13:37 ----A---- C:\WINXP\system32\XAudio2_6.dll
2010-05-12 21:13:37 ----A---- C:\WINXP\system32\XAPOFX1_4.dll
2010-05-12 21:13:36 ----A---- C:\WINXP\system32\xactengine3_6.dll
2010-05-12 21:13:35 ----A---- C:\WINXP\system32\X3DAudio1_7.dll
2010-05-12 21:13:34 ----A---- C:\WINXP\system32\XAudio2_5.dll
2010-05-12 21:13:32 ----A---- C:\WINXP\system32\xactengine3_5.dll
2010-05-12 21:13:32 ----A---- C:\WINXP\system32\D3DCompiler_42.dll
2010-05-12 21:13:29 ----A---- C:\WINXP\system32\d3dcsx_42.dll
2010-05-12 21:13:23 ----A---- C:\WINXP\system32\d3dx11_42.dll
2010-05-12 21:13:22 ----A---- C:\WINXP\system32\d3dx10_42.dll
2010-05-12 21:13:21 ----A---- C:\WINXP\system32\D3DX9_42.dll
2010-05-12 21:13:18 ----A---- C:\WINXP\system32\d3dx10_41.dll
2010-05-12 21:13:18 ----A---- C:\WINXP\system32\D3DCompiler_41.dll
2010-05-12 21:13:16 ----A---- C:\WINXP\system32\D3DX9_41.dll
2010-05-12 21:13:12 ----A---- C:\WINXP\system32\XAudio2_4.dll
2010-05-12 21:13:12 ----A---- C:\WINXP\system32\XAPOFX1_3.dll
2010-05-12 21:13:11 ----A---- C:\WINXP\system32\xactengine3_4.dll
2010-05-12 21:13:10 ----A---- C:\WINXP\system32\X3DAudio1_6.dll
2010-05-12 21:13:09 ----A---- C:\WINXP\system32\d3dx10_40.dll
2010-05-12 21:13:09 ----A---- C:\WINXP\system32\D3DCompiler_40.dll
2010-05-12 21:13:06 ----A---- C:\WINXP\system32\D3DX9_40.dll
2010-05-12 21:13:02 ----A---- C:\WINXP\system32\XAudio2_3.dll
2010-05-12 21:13:02 ----A---- C:\WINXP\system32\XAPOFX1_2.dll
2010-05-12 21:13:01 ----A---- C:\WINXP\system32\xactengine3_3.dll
2010-05-12 21:13:00 ----A---- C:\WINXP\system32\X3DAudio1_5.dll
2010-05-12 21:12:59 ----A---- C:\WINXP\system32\XAudio2_2.dll
2010-05-12 21:12:59 ----A---- C:\WINXP\system32\XAPOFX1_1.dll
2010-05-12 21:12:58 ----A---- C:\WINXP\system32\xactengine3_2.dll
2010-05-12 21:12:57 ----A---- C:\WINXP\system32\D3DCompiler_39.dll
2010-05-12 21:12:56 ----A---- C:\WINXP\system32\d3dx10_39.dll
2010-05-12 21:12:54 ----A---- C:\WINXP\system32\XAudio2_1.dll
2010-05-12 21:12:54 ----A---- C:\WINXP\system32\XAPOFX1_0.dll
2010-05-12 21:12:53 ----A---- C:\WINXP\system32\xactengine3_1.dll
2010-05-12 21:12:52 ----A---- C:\WINXP\system32\X3DAudio1_4.dll
2010-05-12 21:12:51 ----A---- C:\WINXP\system32\d3dx10_38.dll
2010-05-12 21:12:51 ----A---- C:\WINXP\system32\D3DCompiler_38.dll
2010-05-12 21:12:48 ----A---- C:\WINXP\system32\D3DX9_38.dll
2010-05-12 21:12:44 ----A---- C:\WINXP\system32\XAudio2_0.dll
2010-05-12 21:12:43 ----A---- C:\WINXP\system32\xactengine3_0.dll
2010-05-12 21:12:43 ----A---- C:\WINXP\system32\X3DAudio1_3.dll
2010-05-12 21:12:42 ----A---- C:\WINXP\system32\d3dx10_37.dll
2010-05-12 21:12:42 ----A---- C:\WINXP\system32\D3DCompiler_37.dll
2010-05-12 21:12:39 ----A---- C:\WINXP\system32\D3DX9_37.dll
2010-05-12 21:12:35 ----A---- C:\WINXP\system32\xactengine2_10.dll
2010-05-12 21:12:34 ----A---- C:\WINXP\system32\d3dx10_36.dll
2010-05-12 21:12:34 ----A---- C:\WINXP\system32\D3DCompiler_36.dll
2010-05-12 21:12:31 ----A---- C:\WINXP\system32\d3dx9_36.dll
2010-05-12 21:12:27 ----A---- C:\WINXP\system32\xactengine2_9.dll
2010-05-12 21:12:26 ----A---- C:\WINXP\system32\d3dx10_35.dll
2010-05-12 21:12:26 ----A---- C:\WINXP\system32\D3DCompiler_35.dll
2010-05-12 21:12:23 ----A---- C:\WINXP\system32\d3dx9_35.dll
2010-05-12 21:12:19 ----A---- C:\WINXP\system32\xactengine2_8.dll
2010-05-12 21:12:19 ----A---- C:\WINXP\system32\X3DAudio1_2.dll
2010-05-12 21:12:18 ----A---- C:\WINXP\system32\d3dx10_34.dll
2010-05-12 21:12:18 ----A---- C:\WINXP\system32\D3DCompiler_34.dll
2010-05-12 21:12:11 ----A---- C:\WINXP\system32\d3dx9_34.dll
2010-05-12 21:12:01 ----A---- C:\WINXP\system32\xinput1_3.dll
2010-05-12 21:11:54 ----A---- C:\WINXP\system32\xactengine2_7.dll
2010-05-12 21:11:48 ----A---- C:\WINXP\system32\d3dx10_33.dll
2010-05-12 21:11:48 ----A---- C:\WINXP\system32\D3DCompiler_33.dll
2010-05-12 21:11:39 ----A---- C:\WINXP\system32\d3dx9_33.dll
2010-05-12 21:11:35 ----A---- C:\WINXP\system32\xactengine2_6.dll
2010-05-12 21:11:34 ----A---- C:\WINXP\system32\xactengine2_5.dll
2010-05-12 21:11:33 ----A---- C:\WINXP\system32\d3dx9_32.dll
2010-05-12 21:11:30 ----A---- C:\WINXP\system32\xactengine2_4.dll
2010-05-12 21:11:30 ----A---- C:\WINXP\system32\x3daudio1_1.dll
2010-05-12 21:11:29 ----A---- C:\WINXP\system32\d3dx9_31.dll
2010-05-12 21:11:26 ----A---- C:\WINXP\system32\xinput1_2.dll
2010-05-12 21:11:26 ----A---- C:\WINXP\system32\xactengine2_3.dll
2010-05-12 21:11:25 ----A---- C:\WINXP\system32\xactengine2_2.dll
2010-05-12 21:11:24 ----A---- C:\WINXP\system32\xinput1_1.dll
2010-05-12 21:11:23 ----A---- C:\WINXP\system32\xactengine2_1.dll
2010-05-12 21:11:06 ----A---- C:\WINXP\system32\xactengine2_0.dll
2010-05-12 21:11:06 ----A---- C:\WINXP\system32\x3daudio1_0.dll
2010-05-12 21:11:04 ----A---- C:\WINXP\system32\d3dx9_29.dll
2010-05-12 21:11:00 ----A---- C:\WINXP\system32\d3dx9_28.dll
2010-05-12 21:10:56 ----A---- C:\WINXP\system32\xinput9_1_0.dll
2010-05-12 21:10:55 ----A---- C:\WINXP\system32\d3dx9_27.dll
2010-05-12 21:10:53 ----A---- C:\WINXP\system32\d3dx9_26.dll
2010-05-12 21:10:50 ----A---- C:\WINXP\system32\d3dx9_25.dll
2010-05-12 21:10:42 ----A---- C:\WINXP\system32\d3dx9_24.dll
2010-05-11 21:05:25 ----A---- C:\WINXP\system32\SYNSOPOS.exe.cfg
2010-05-11 21:05:24 ----A---- C:\WINXP\system32\SYNSOPOS.exe
2010-05-11 21:05:24 ----A---- C:\WINXP\system32\SYNSOACC.dll
2010-05-11 18:39:28 ----D---- C:\Programme\Conference
2010-05-10 11:55:39 ----D---- C:\WINXP\Minidump
2010-05-09 19:41:12 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\temp
2010-05-09 17:50:19 ----A---- C:\WINXP\system32\CmdLineExt.dll
2010-05-09 17:43:34 ----A---- C:\WINXP\system32\D3DX9_39.dll
2010-05-09 17:43:28 ----A---- C:\WINXP\system32\d3dx9_30.dll
2010-05-09 17:41:56 ----D---- C:\WINXP\Logs
2010-05-09 17:01:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
2010-05-09 16:55:10 ----D---- C:\Programme\DAEMON Tools Lite
2010-05-09 16:54:45 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\DAEMON Tools Lite
2010-05-09 16:54:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2010-05-03 02:39:24 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A7689876-F0D2-4DC6-9C70-CA306AA80853}
2010-05-03 02:38:50 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8E4DC1D0-364F-4942-85CD-BCD7298D633E}
2010-05-03 02:00:36 ----A---- C:\WINXP\system32\msvcp71.dll
2010-05-03 02:00:35 ----A---- C:\WINXP\system32\msvcr71.dll
2010-05-02 08:17:19 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\vlc
2010-05-02 08:13:49 ----D---- C:\Programme\VideoLAN
2010-05-02 08:09:37 ----A---- C:\WINXP\system32\gdiplus.dll
2010-04-30 03:11:19 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared
2010-04-30 03:09:51 ----D---- C:\Programme\DivX
2010-04-30 03:08:18 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX
2010-04-29 22:06:11 ----D---- C:\WINXP\KConvert Temp
2010-04-29 22:06:11 ----D---- C:\WINXP\KConvert Logs
2010-04-29 21:45:25 ----D---- C:\Programme\u-he
2010-04-29 18:21:21 ----D---- C:\WINXP\system32\NtmsData
2010-04-29 18:11:45 ----A---- C:\WINXP\system32\NI_IRC_1_2.dll
2010-04-29 18:11:45 ----A---- C:\WINXP\system32\NI_DFD_1_5.dll
2010-04-29 18:11:45 ----A---- C:\WINXP\system32\bconvert.dll
2010-04-29 18:11:44 ----A---- C:\WINXP\system32\REX Shared Library.dll
2010-04-29 03:10:31 ----HDC---- C:\WINXP\$NtUninstallKB970430$
2010-04-29 03:09:06 ----HDC---- C:\WINXP\$NtUninstallKB961118$
2010-04-29 03:01:42 ----HDC---- C:\WINXP\$NtUninstallKB925720$
2010-04-29 03:01:20 ----HDC---- C:\WINXP\$NtUninstallKB971737$
2010-04-29 02:02:45 ----A---- C:\WINXP\system32\rewire.dll
2010-04-29 02:00:16 ----D---- C:\Programme\Outsim
2010-04-28 20:53:52 ----D---- C:\WINXP\Sun
2010-04-28 19:28:05 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
2010-04-28 19:26:51 ----D---- C:\Programme\Gemeinsame Dateien\Adobe
2010-04-28 19:26:51 ----D---- C:\Programme\Adobe
2010-04-28 03:13:13 ----HDC---- C:\WINXP\$NtUninstallKB978262$
2010-04-28 03:13:07 ----HDC---- C:\WINXP\$NtUninstallKB951376-v2$
2010-04-28 03:13:01 ----HDC---- C:\WINXP\$NtUninstallKB952954$
2010-04-28 03:12:53 ----HDC---- C:\WINXP\$NtUninstallKB959426$
2010-04-28 03:12:46 ----HDC---- C:\WINXP\$NtUninstallKB946648$
2010-04-28 03:12:39 ----HDC---- C:\WINXP\$NtUninstallKB956803$
2010-04-28 03:12:32 ----HDC---- C:\WINXP\$NtUninstallKB960859$
2010-04-28 03:12:25 ----HDC---- C:\WINXP\$NtUninstallKB971468$
2010-04-28 03:12:11 ----HDC---- C:\WINXP\$NtUninstallKB979683$
2010-04-28 03:11:50 ----HDC---- C:\WINXP\$NtUninstallKB958869$
2010-04-28 03:11:44 ----HDC---- C:\WINXP\$NtUninstallKB954155_WM9$
2010-04-28 03:11:39 ----HDC---- C:\WINXP\$NtUninstallKB980232$
2010-04-28 03:11:27 ----HDC---- C:\WINXP\$NtUninstallKB955759$
2010-04-28 03:10:42 ----HDC---- C:\WINXP\$NtUninstallKB974318$
2010-04-28 03:10:34 ----HDC---- C:\WINXP\$NtUninstallKB969059$
2010-04-28 03:10:27 ----HDC---- C:\WINXP\$NtUninstallKB981349$
2010-04-28 03:10:19 ----HDC---- C:\WINXP\$NtUninstallKB961503$
2010-04-28 03:10:13 ----HDC---- C:\WINXP\$NtUninstallKB950974$
2010-04-28 03:10:06 ----HDC---- C:\WINXP\$NtUninstallKB978037$
2010-04-28 03:10:00 ----HDC---- C:\WINXP\$NtUninstallKB975713$
2010-04-28 03:09:53 ----HDC---- C:\WINXP\$NtUninstallKB971657$
2010-04-28 03:09:44 ----HDC---- C:\WINXP\$NtUninstallKB978338$
2010-04-28 03:09:38 ----HDC---- C:\WINXP\$NtUninstallKB960225$
2010-04-28 03:09:32 ----HDC---- C:\WINXP\$NtUninstallKB972270$
2010-04-28 03:09:26 ----D---- C:\WINXP\ServicePackFiles
2010-04-28 03:09:23 ----HDC---- C:\WINXP\$NtUninstallKB956744$
2010-04-28 03:09:15 ----HDC---- C:\WINXP\$NtUninstallKB974112$
2010-04-28 03:08:53 ----HDC---- C:\WINXP\$NtUninstallKB956572$
2010-04-28 03:08:41 ----HDC---- C:\WINXP\$NtUninstallKB956844$
2010-04-28 03:08:32 ----HDC---- C:\WINXP\$NtUninstallKB961501$
2010-04-28 03:08:25 ----HDC---- C:\WINXP\$NtUninstallKB968816_WM9$
2010-04-28 03:08:17 ----HDC---- C:\WINXP\$NtUninstallKB975561$
2010-04-28 03:08:08 ----HDC---- C:\WINXP\$NtUninstallKB952069_WM9$
2010-04-28 03:08:02 ----HDC---- C:\WINXP\$NtUninstallKB973869$
2010-04-28 03:07:56 ----HDC---- C:\WINXP\$NtUninstallKB975025$
2010-04-28 03:07:53 ----A---- C:\WINXP\system32\wmpns.dll
2010-04-28 03:07:40 ----HDC---- C:\WINXP\$NtUninstallKB973540_WM9L$
2010-04-28 03:07:30 ----HDC---- C:\WINXP\$NtUninstallKB952004$
2010-04-28 03:07:22 ----HDC---- C:\WINXP\$NtUninstallKB974571$
2010-04-28 03:07:15 ----HDC---- C:\WINXP\$NtUninstallKB975560$
2010-04-28 03:07:04 ----HDC---- C:\WINXP\$NtUninstallKB973507$
2010-04-28 03:06:57 ----HDC---- C:\WINXP\$NtUninstallKB941569$
2010-04-28 03:06:38 ----HDC---- C:\WINXP\$NtUninstallKB977816$
2010-04-28 03:06:31 ----HDC---- C:\WINXP\$NtUninstallKB973687$
2010-04-28 03:06:24 ----HDC---- C:\WINXP\$NtUninstallKB950762$
2010-04-28 03:06:15 ----HDC---- C:\WINXP\$NtUninstallKB978601$
2010-04-28 03:06:09 ----HDC---- C:\WINXP\$NtUninstallKB952287$
2010-04-28 03:06:02 ----HDC---- C:\WINXP\$NtUninstallKB973354$
2010-04-28 03:05:54 ----HDC---- C:\WINXP\$NtUninstallKB973904$
2010-04-28 03:05:38 ----HDC---- C:\WINXP\$NtUninstallKB967715$
2010-04-28 03:05:29 ----HDC---- C:\WINXP\$NtUninstallKB950760$
2010-04-28 03:05:23 ----HDC---- C:\WINXP\$NtUninstallKB951066$
2010-04-28 03:05:16 ----HDC---- C:\WINXP\$NtUninstallKB974392$
2010-04-28 03:05:04 ----HDC---- C:\WINXP\$NtUninstallKB977914$
2010-04-28 03:04:51 ----HDC---- C:\WINXP\$NtUninstallKB951748$
2010-04-28 03:04:43 ----HDC---- C:\WINXP\$NtUninstallKB970238$
2010-04-28 03:04:34 ----HDC---- C:\WINXP\$NtUninstallKB979309$
2010-04-28 03:04:28 ----HDC---- C:\WINXP\$NtUninstallKB978706$
2010-04-28 03:04:21 ----HDC---- C:\WINXP\$NtUninstallKB960803$
2010-04-28 03:04:13 ----HDC---- C:\WINXP\$NtUninstallKB973815$
2010-04-28 03:03:58 ----HDC---- C:\WINXP\$NtUninstallKB971032$
2010-04-28 03:03:50 ----HDC---- C:\WINXP\$NtUninstallKB958644$
2010-04-28 03:03:43 ----HDC---- C:\WINXP\$NtUninstallKB955069$
2010-04-28 03:03:36 ----HDC---- C:\WINXP\$NtUninstallKB956802$
2010-04-28 03:03:30 ----HDC---- C:\WINXP\$NtUninstallKB979306$
2010-04-28 03:03:24 ----HDC---- C:\WINXP\$NtUninstallKB954154_WM11$
2010-04-28 03:03:16 ----HDC---- C:\WINXP\$NtUninstallKB923561$
2010-04-28 03:03:09 ----HDC---- C:\WINXP\$NtUninstallKB971961$
2010-04-28 03:02:31 ----D---- C:\WINXP\ie7updates
2010-04-28 03:02:10 ----HDC---- C:\WINXP\$NtUninstallKB975467$
2010-04-28 03:02:00 ----HDC---- C:\WINXP\$NtUninstallKB968389$
2010-04-28 03:01:23 ----HDC---- C:\WINXP\$NtUninstallKB969947$
2010-04-28 00:31:40 ----D---- C:\Downloads
2010-04-27 22:08:52 ----D---- C:\WINXP\system32\appmgmt
2010-04-27 22:03:25 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Thinstall
2010-04-27 21:16:02 ----N---- C:\WINXP\system32\browserchoice.exe
2010-04-27 21:09:19 ----N---- C:\WINXP\system32\spmsg2.dll
2010-04-27 21:09:14 ----HDC---- C:\WINXP\$NtUninstallXPSEPSCLP$
2010-04-27 21:03:55 ----D---- C:\WINXP\system32\XPSViewer
2010-04-27 21:03:48 ----D---- C:\Programme\MSBuild
2010-04-27 21:03:44 ----D---- C:\WINXP\system32\en-US
2010-04-27 21:03:31 ----D---- C:\Programme\Reference Assemblies
2010-04-27 21:02:17 ----N---- C:\WINXP\system32\prntvpt.dll
2010-04-27 21:02:16 ----N---- C:\WINXP\system32\xpsshhdr.dll
2010-04-27 21:02:15 ----N---- C:\WINXP\system32\xpssvcs.dll
2010-04-27 21:02:13 ----D---- C:\de872e18fedcb6f9ea8d059ffb5696
2010-04-27 21:00:13 ----RSD---- C:\WINXP\assembly
2010-04-27 20:59:16 ----D---- C:\WINXP\Microsoft.NET
2010-04-27 20:57:32 ----HDC---- C:\WINXP\$NtUninstallWIC$
2010-04-27 20:57:23 ----D---- C:\Programme\MSXML 6.0
2010-04-27 19:44:24 ----A---- C:\WINXP\system32\muweb.dll
2010-04-27 19:44:24 ----A---- C:\WINXP\system32\mucltui.dll.mui
2010-04-27 19:44:24 ----A---- C:\WINXP\system32\mucltui.dll
2010-04-27 19:06:04 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Apple Computer
2010-04-27 19:05:10 ----A---- C:\WINXP\system32\GEARAspi.dll
2010-04-27 19:03:39 ----D---- C:\Programme\iPod
2010-04-27 19:02:55 ----D---- C:\Programme\iTunes
2010-04-27 19:02:55 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-27 19:00:42 ----D---- C:\Programme\QuickTime
2010-04-27 19:00:41 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-27 19:00:13 ----D---- C:\Programme\Apple Software Update
2010-04-27 18:59:54 ----DC---- C:\WINXP\system32\DRVSTORE
2010-04-27 18:59:11 ----D---- C:\Programme\Bonjour
2010-04-27 18:58:53 ----D---- C:\Programme\Gemeinsame Dateien\Apple
2010-04-27 18:58:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
2010-04-27 16:37:10 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\WinRAR
2010-04-27 16:30:25 ----D---- C:\Programme\WinRAR
2010-04-27 00:03:57 ----SH---- C:\boot.ini
2010-04-27 00:03:46 ----D---- C:\Postinstall
2010-04-27 00:00:52 ----SHD---- C:\WINXP\Installer
2010-04-27 00:00:52 ----SD---- C:\WINXP\Downloaded Program Files
2010-04-27 00:00:52 ----RSD---- C:\WINXP\Fonts
2010-04-27 00:00:52 ----RD---- C:\WINXP\Web
2010-04-27 00:00:52 ----HD---- C:\WINXP\inf
2010-04-27 00:00:52 ----D---- C:\WINXP\WinSxS
2010-04-27 00:00:52 ----D---- C:\WINXP\WBEM
2010-04-27 00:00:52 ----D---- C:\WINXP\twain_32
2010-04-27 00:00:52 ----D---- C:\WINXP\Temp
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\wins
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\wbem
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\usmt
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\spool
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\ShellExt
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\Setup
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\ras
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\PreInstall
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\oobe
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\npp
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\mui
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\inetsrv
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\IME
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\icsxml
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\ias
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\export
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\drivers
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\dhcp
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\de-de
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\config
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\3com_dmi
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\3076
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\2052
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1054
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1042
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1041
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1037
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1033
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1031
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1028
2010-04-27 00:00:52 ----D---- C:\WINXP\system32\1025
2010-04-27 00:00:52 ----D---- C:\WINXP\system32
2010-04-27 00:00:52 ----D---- C:\WINXP\system
2010-04-27 00:00:52 ----D---- C:\WINXP\security
2010-04-27 00:00:52 ----D---- C:\WINXP\Resources
2010-04-27 00:00:52 ----D---- C:\WINXP\repair
2010-04-27 00:00:52 ----D---- C:\WINXP\Provisioning
2010-04-27 00:00:52 ----D---- C:\WINXP\PeerNet
2010-04-27 00:00:52 ----D---- C:\WINXP\pchealth
2010-04-27 00:00:52 ----D---- C:\WINXP\Offline Web Pages
2010-04-27 00:00:52 ----D---- C:\WINXP\Network Diagnostic
2010-04-27 00:00:52 ----D---- C:\WINXP\mui
2010-04-27 00:00:52 ----D---- C:\WINXP\msapps
2010-04-27 00:00:52 ----D---- C:\WINXP\msagent
2010-04-27 00:00:52 ----D---- C:\WINXP\Media
2010-04-27 00:00:52 ----D---- C:\WINXP\java
2010-04-27 00:00:52 ----D---- C:\WINXP\ime
2010-04-27 00:00:52 ----D---- C:\WINXP\Help
2010-04-27 00:00:52 ----D---- C:\WINXP\ehome
2010-04-27 00:00:52 ----D---- C:\WINXP\Driver Cache
2010-04-27 00:00:52 ----D---- C:\WINXP\Debug
2010-04-27 00:00:52 ----D---- C:\WINXP\Cursors
2010-04-27 00:00:52 ----D---- C:\WINXP\Connection Wizard
2010-04-27 00:00:52 ----D---- C:\WINXP\Config
2010-04-27 00:00:52 ----D---- C:\WINXP\AppPatch
2010-04-27 00:00:52 ----D---- C:\WINXP\addins
2010-04-27 00:00:52 ----D---- C:\WINXP
2010-04-26 23:56:57 ----D---- C:\WINXP\system32\CatRoot_bak
2010-04-26 23:16:58 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
2010-04-26 23:16:57 ----D---- C:\Programme\Gemeinsame Dateien\Java
2010-04-26 23:16:35 ----A---- C:\WINXP\system32\javaws.exe
2010-04-26 23:16:35 ----A---- C:\WINXP\system32\javaw.exe
2010-04-26 23:16:35 ----A---- C:\WINXP\system32\java.exe
2010-04-26 23:16:35 ----A---- C:\WINXP\system32\deployJava1.dll
2010-04-26 23:16:22 ----D---- C:\Programme\Java
2010-04-26 23:15:11 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Macromedia
2010-04-26 23:15:11 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Adobe
2010-04-26 23:13:59 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\U3
2010-04-26 23:12:45 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Sun
2010-04-26 23:08:58 ----A---- C:\WINXP\system32\h323log.txt
2010-04-26 23:06:54 ----A---- C:\WINXP\system32\usbui.dll
2010-04-26 23:05:49 ----A---- C:\WINXP\imsins.BAK
2010-04-26 23:05:46 ----A---- C:\WINXP\system32\PerfStringBackup.INI
2010-04-26 23:05:45 ----D---- C:\Programme\Gemeinsame Dateien\ODBC
2010-04-26 23:05:45 ----A---- C:\WINXP\ODBCINST.INI
2010-04-26 23:05:43 ----D---- C:\Programme\Gemeinsame Dateien\SpeechEngines
2010-04-26 23:05:42 ----RD---- C:\Programme
2010-04-26 23:05:42 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2010-04-26 23:05:42 ----D---- C:\Programme\Gemeinsame Dateien
2010-04-26 23:05:35 ----RA---- C:\WINXP\system32\kbdtuq.dll
2010-04-26 23:05:35 ----RA---- C:\WINXP\system32\kbdtuf.dll
2010-04-26 23:05:35 ----RA---- C:\WINXP\system32\kbdazel.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbduzb.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdur.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdtat.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdmon.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdkyr.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdkaz.dll
2010-04-26 23:05:34 ----RA---- C:\WINXP\system32\kbdaze.dll
2010-04-26 23:05:33 ----RA---- C:\WINXP\system32\kbdycc.dll
2010-04-26 23:05:33 ----RA---- C:\WINXP\system32\kbdru1.dll
2010-04-26 23:05:33 ----RA---- C:\WINXP\system32\kbdru.dll
2010-04-26 23:05:33 ----RA---- C:\WINXP\system32\kbdbu.dll
2010-04-26 23:05:33 ----RA---- C:\WINXP\system32\kbdblr.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhept.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhela3.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhela2.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhe319.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhe220.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdhe.dll
2010-04-26 23:05:32 ----RA---- C:\WINXP\system32\kbdgkl.dll
2010-04-26 23:05:31 ----RA---- C:\WINXP\system32\kbdlv1.dll
2010-04-26 23:05:31 ----RA---- C:\WINXP\system32\kbdlv.dll
2010-04-26 23:05:31 ----RA---- C:\WINXP\system32\kbdlt1.dll
2010-04-26 23:05:31 ----RA---- C:\WINXP\system32\kbdlt.dll
2010-04-26 23:05:31 ----RA---- C:\WINXP\system32\kbdest.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdycl.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdsl1.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdsl.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdro.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdpl1.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdpl.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdhu1.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdhu.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdcz2.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdcz1.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdcz.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\kbdcr.dll
2010-04-26 23:05:30 ----RA---- C:\WINXP\system32\KBDAL.DLL
2010-04-26 23:05:25 ----A---- C:\WINXP\system32\spxcoins.dll
2010-04-26 23:05:25 ----A---- C:\WINXP\system32\irclass.dll
2010-04-26 23:05:25 ----A---- C:\WINXP\system32\EqnClass.Dll
2010-04-26 23:05:25 ----A---- C:\WINXP\system32\dgsetup.dll
2010-04-26 23:05:25 ----A---- C:\WINXP\system32\dgrpsetu.dll
2010-04-26 23:05:23 ----N---- C:\WINXP\system32\CONFIG.TMP
2010-04-26 23:05:23 ----A---- C:\WINXP\TASKMAN.EXE
2010-04-26 23:05:23 ----A---- C:\WINXP\system32\batt.dll
2010-04-26 23:05:23 ----A---- C:\WINXP\NOTEPAD.EXE
2010-04-26 23:05:22 ----A---- C:\WINXP\system32\storprop.dll
2010-04-26 23:05:13 ----ASH---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
2010-04-26 23:05:06 ----RA---- C:\WINXP\SET8.tmp
2010-04-26 23:05:03 ----RA---- C:\WINXP\SET4.tmp
2010-04-26 23:05:02 ----RA---- C:\WINXP\SET3.tmp
2010-04-26 23:04:57 ----D---- C:\WINXP\system32\CatRoot2
2010-04-26 23:04:57 ----D---- C:\WINXP\system32\CatRoot
2010-04-26 23:04:51 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
2010-04-26 23:04:34 ----A---- C:\WINXP\setuplog.txt
2010-04-26 23:04:30 ----D---- C:\Dokumente und Einstellungen
2010-04-26 23:04:29 ----SHD---- C:\System Volume Information
2010-04-26 23:00:28 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Help
2010-04-26 22:58:01 ----N---- C:\WINXP\system32\ati2sgag.exe
2010-04-26 22:57:57 ----RA---- C:\WINXP\system32\atiiiexx.dll
2010-04-26 22:42:03 ----D---- C:\Programme\Microsoft
2010-04-26 22:41:47 ----D---- C:\Programme\Windows Live SkyDrive
2010-04-26 22:41:26 ----D---- C:\Programme\Windows Live
2010-04-26 22:37:22 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Mozilla
2010-04-26 22:35:57 ----D---- C:\Programme\Mozilla Firefox
2010-04-26 22:34:07 ----D---- C:\Programme\ATI Technologies
2010-04-26 22:34:04 ----HD---- C:\Programme\InstallShield Installation Information
2010-04-26 22:33:38 ----D---- C:\Programme\Gemeinsame Dateien\InstallShield
2010-04-26 22:29:28 ----D---- C:\Programme\Gemeinsame Dateien\Windows Live
2010-04-26 22:28:30 ----SHD---- C:\RECYCLER
2010-04-26 22:27:48 ----A---- C:\WINXP\SiSUSBrg.exe
2010-04-26 22:27:48 ----A---- C:\WINXP\SIS_LIB.DLL
2010-04-26 22:27:47 ----RA---- C:\WINXP\winio.dll
2010-04-26 22:27:47 ----RA---- C:\WINXP\htpatch.exe
2010-04-26 22:27:09 ----D---- C:\Programme\SiSLan
2010-04-26 22:27:08 ----D---- C:\WINXP\system32\ReinstallBackups
2010-04-26 22:26:05 ----A---- C:\WINXP\system32\ksuser.dll
2010-04-26 22:25:59 ----D---- C:\Program Files
2010-04-26 22:25:59 ----A---- C:\WINXP\Wininit.ini
2010-04-26 22:25:59 ----A---- C:\WINXP\system32\udaprop.dll
2010-04-26 22:25:59 ----A---- C:\WINXP\system32\cmuda.dll
2010-04-26 22:25:59 ----A---- C:\WINXP\system32\Audio3D.dll
2010-04-26 22:25:59 ----A---- C:\WINXP\system32\a3d.dll
2010-04-26 22:25:59 ----A---- C:\WINXP\CMISETUP.INI
2010-04-26 22:25:59 ----A---- C:\WINXP\CMCDPLAY.INI
2010-04-26 22:25:47 ----D---- C:\Programme\C-Media 3D Audio
2010-04-26 22:25:47 ----A---- C:\WINXP\CMIUninstall.exe
2010-04-26 22:25:47 ----A---- C:\WINXP\CmiRmRedundDir.exe
2010-04-26 22:25:47 ----A---- C:\WINXP\CMIRmDriver.dll
2010-04-26 22:25:37 ----A---- C:\WINXP\IsUn0407.exe
2010-04-26 22:25:26 ----A---- C:\WINXP\Ascd_tmp.ini
2010-04-26 22:20:03 ----D---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Identities
2010-04-26 22:20:01 ----HD---- C:\Programme\Uninstall Information
2010-04-26 22:19:58 ----ASH---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\desktop.ini
2010-04-26 22:19:57 ----SD---- C:\Dokumente und Einstellungen\MILENA\Anwendungsdaten\Microsoft
2010-04-26 22:19:45 ----D---- C:\WINXP\system32\SoftwareDistribution
2010-04-26 22:18:29 ----D---- C:\WINXP\SoftwareDistribution
2010-04-26 22:18:18 ----D---- C:\WINXP\Prefetch
2010-04-26 22:18:17 ----SD---- C:\WINXP\system32\Microsoft
2010-04-26 22:18:17 ----A---- C:\WINXP\SchedLgU.Txt
2010-04-26 22:17:09 ----HDC---- C:\WINXP\$NtUninstallKB939683$
2010-04-26 22:17:03 ----A---- C:\WINXP\system32\spupdsvc.exe
2010-04-26 22:17:01 ----HDC---- C:\WINXP\$NtUninstallKB936782_WMP11$
2010-04-26 22:16:52 ----N---- C:\WINXP\system32\WgaTray.exe
2010-04-26 22:16:52 ----N---- C:\WINXP\system32\LegitCheckControl.dll
2010-04-26 22:16:52 ----A---- C:\WINXP\system32\WgaLogon.dll
2010-04-26 22:16:29 ----N---- C:\WINXP\system32\tzchange.exe
2010-04-26 22:16:27 ----N---- C:\WINXP\system32\spmsg.dll
2010-04-26 22:16:26 ----HD---- C:\WINXP\$hf_mig$
2010-04-26 22:16:12 ----A---- C:\WINXP\control.ini
2010-04-26 22:16:12 ----A---- C:\AUTOEXEC.BAT
2010-04-26 22:16:01 ----A---- C:\WINXP\OEWABLog.txt
2010-04-26 22:15:57 ----A---- C:\WINXP\system32\mapi32.dll
2010-04-26 22:15:54 ----D---- C:\WINXP\system32\dllcache
2010-04-26 22:14:40 ----RAH---- C:\WINXP\system32\logonui.exe.manifest
2010-04-26 22:14:36 ----RAH---- C:\WINXP\system32\cdplayer.exe.manifest
2010-04-26 22:14:31 ----HD---- C:\Programme\WindowsUpdate
2010-04-26 22:14:27 ----D---- C:\Programme\Online-Dienste
2010-04-26 22:14:13 ----D---- C:\WINXP\system32\DirectX
2010-04-26 22:13:55 ----A---- C:\WINXP\system32\desktop.ini
2010-04-26 22:13:55 ----A---- C:\WINXP\desktop.ini
2010-04-26 22:13:50 ----A---- C:\WINXP\system32\nmevtmsg.dll
2010-04-26 22:13:49 ----A---- C:\WINXP\system32\acctres.dll
2010-04-26 22:13:48 ----D---- C:\Programme\Gemeinsame Dateien\Dienste
2010-04-26 22:13:46 ----SD---- C:\WINXP\Tasks
2010-04-26 22:13:46 ----D---- C:\Programme\Gemeinsame Dateien\MSSoap
2010-04-26 22:13:46 ----A---- C:\WINXP\system32\icfgnt5.dll
2010-04-26 22:13:42 ----D---- C:\WINXP\system32\Macromed
2010-04-26 22:13:42 ----D---- C:\WINXP\srchasst
2010-04-26 22:13:40 ----A---- C:\WINXP\system32\wuweb.dll
2010-04-26 22:13:40 ----A---- C:\WINXP\system32\wucltui.dll
2010-04-26 22:13:40 ----A---- C:\WINXP\system32\wuauserv.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wups.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wuaueng1.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wuaueng.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wuauclt1.exe
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wuauclt.exe
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\wuapi.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\qmgrprxy.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\qmgr.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\bitsprx3.dll
2010-04-26 22:13:39 ----A---- C:\WINXP\system32\bitsprx2.dll
2010-04-26 22:13:36 ----D---- C:\Programme\Movie Maker
2010-04-26 22:13:33 ----A---- C:\WINXP\system32\safrslv.dll
2010-04-26 22:13:33 ----A---- C:\WINXP\system32\safrdm.dll
2010-04-26 22:13:33 ----A---- C:\WINXP\system32\safrcdlg.dll
2010-04-26 22:13:33 ----A---- C:\WINXP\system32\racpldlg.dll
2010-04-26 22:13:30 ----D---- C:\WINXP\system32\Restore
2010-04-26 22:13:30 ----A---- C:\WINXP\system32\srrstr.dll
2010-04-26 22:13:30 ----A---- C:\WINXP\system32\fltMc.exe
2010-04-26 22:13:30 ----A---- C:\WINXP\system32\fltlib.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\srsvc.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\srclient.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\nmmkcert.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\mnmdd.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\isrdbg32.dll
2010-04-26 22:13:29 ----A---- C:\WINXP\system32\ils.dll
2010-04-26 22:13:28 ----A---- C:\WINXP\system32\msconf.dll
2010-04-26 22:13:28 ----A---- C:\WINXP\system32\mnmsrvc.exe
2010-04-26 22:13:26 ----D---- C:\Programme\NetMeeting
2010-04-26 22:13:26 ----A---- C:\WINXP\system32\msoert2.dll
2010-04-26 22:13:26 ----A---- C:\WINXP\system32\msoeacct.dll
2010-04-26 22:13:25 ----A---- C:\WINXP\system32\inetres.dll
2010-04-26 22:13:25 ----A---- C:\WINXP\system32\inetcomm.dll
2010-04-26 22:13:24 ----D---- C:\Programme\Outlook Express
2010-04-26 22:13:24 ----A---- C:\WINXP\system32\schedsvc.dll
2010-04-26 22:13:24 ----A---- C:\WINXP\system32\mstinit.exe
2010-04-26 22:13:24 ----A---- C:\WINXP\system32\mstask.dll
2010-04-26 22:13:23 ----A---- C:\WINXP\system32\isign32.dll
2010-04-26 22:13:23 ----A---- C:\WINXP\system32\inetcfg.dll
2010-04-26 22:13:23 ----A---- C:\WINXP\system32\icwphbk.dll
2010-04-26 22:13:23 ----A---- C:\WINXP\system32\icwdial.dll
2010-04-26 22:13:19 ----D---- C:\Programme\Gemeinsame Dateien\System
2010-04-26 22:13:18 ----D---- C:\Programme\Internet Explorer
2010-04-26 22:12:39 ----D---- C:\Programme\ComPlus Applications
2010-04-26 22:12:37 ----A---- C:\WINXP\vbaddin.ini
2010-04-26 22:12:37 ----A---- C:\WINXP\vb.ini
2010-04-26 22:12:33 ----D---- C:\WINXP\Registration
2010-04-26 22:12:26 ----D---- C:\Programme\Online Services
2010-04-26 22:12:14 ----D---- C:\Programme\Windows Media Player
2010-04-26 22:12:14 ----D---- C:\Programme\Windows Media Connect 2
2010-04-26 22:12:12 ----D---- C:\Programme\Messenger
2010-04-26 22:12:09 ----D---- C:\Programme\MSN Gaming Zone
2010-04-26 22:12:09 ----A---- C:\WINXP\system32\write.exe
2010-04-26 22:12:03 ----A---- C:\WINXP\system32\sndvol32.exe
2010-04-26 22:12:03 ----A---- C:\WINXP\system32\hticons.dll
2010-04-26 22:12:02 ----A---- C:\WINXP\system32\winchat.exe
2010-04-26 22:12:02 ----A---- C:\WINXP\system32\avwav.dll
2010-04-26 22:12:02 ----A---- C:\WINXP\system32\avtapi.dll
2010-04-26 22:12:02 ----A---- C:\WINXP\system32\avmeter.dll
2010-04-26 22:11:57 ----A---- C:\WINXP\system32\winmine.exe
2010-04-26 22:11:57 ----A---- C:\WINXP\system32\sol.exe
2010-04-26 22:11:57 ----A---- C:\WINXP\system32\getuname.dll
2010-04-26 22:11:57 ----A---- C:\WINXP\system32\charmap.exe
2010-04-26 22:11:57 ----A---- C:\WINXP\system32\calc.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\usrlogon.cmd
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\tsshutdn.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\tslabels.ini
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\tskill.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\tsdiscon.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\tscon.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\shadow.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\rwinsta.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\reset.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\regini.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\rdpcfgex.dll
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\qwinsta.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\qappsrv.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\mshearts.exe
2010-04-26 22:11:56 ----A---- C:\WINXP\system32\freecell.exe
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\mtxlegih.dll
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\mtxex.dll
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\mtxdm.dll
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\msg.exe
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\msdtcprf.ini
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\logoff.exe
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\dcomcnfg.exe
2010-04-26 22:11:55 ----A---- C:\WINXP\system32\cdmodem.dll
2010-04-26 22:11:54 ----A---- C:\WINXP\system32\stclient.dll
2010-04-26 22:11:54 ----A---- C:\WINXP\system32\comsnap.dll
2010-04-26 22:11:54 ----A---- C:\WINXP\system32\comrepl.dll
2010-04-26 22:11:54 ----A---- C:\WINXP\system32\comaddin.dll
2010-04-26 22:11:50 ----A---- C:\WINXP\system32\wmimgmt.msc
2010-04-26 22:11:43 ----D---- C:\Programme\MSN
2010-04-26 22:11:42 ----D---- C:\Programme\Windows NT
2010-04-26 22:11:42 ----A---- C:\WINXP\system32\sndrec32.exe
2010-04-26 22:11:42 ----A---- C:\WINXP\system32\mspaint.exe
2010-04-26 22:11:42 ----A---- C:\WINXP\system32\mplay32.exe
2010-04-26 22:11:42 ----A---- C:\WINXP\system32\hypertrm.dll
2010-04-26 22:11:42 ----A---- C:\WINXP\system32\accwiz.exe
2010-04-26 22:11:41 ----A---- C:\WINXP\system32\tscfgwmi.dll
2010-04-26 22:11:41 ----A---- C:\WINXP\system32\spider.exe
2010-04-26 22:11:41 ----A---- C:\WINXP\system32\clipbrd.exe
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\tscupgrd.exe
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\termsrv.dll
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\sessmgr.exe
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\remotepg.dll
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\rdshost.exe
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\rdsaddin.exe
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\rdchost.dll
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\mstscax.dll
2010-04-26 22:11:40 ----A---- C:\WINXP\system32\mstsc.exe
2010-04-26 22:11:39 ----D---- C:\WINXP\system32\MsDtc
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\rdpwsx.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\rdpsnd.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\rdpclip.exe
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\qprocess.exe
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\mtxoci.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\msdtcuiu.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\msdtctm.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\msdtcprx.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\icaapi.dll
2010-04-26 22:11:39 ----A---- C:\WINXP\system32\cfgbkend.dll
2010-04-26 22:11:38 ----D---- C:\WINXP\system32\Com
2010-04-26 22:11:38 ----A---- C:\WINXP\system32\xolehlp.dll
2010-04-26 22:11:38 ----A---- C:\WINXP\system32\msdtclog.dll
2010-04-26 22:11:38 ----A---- C:\WINXP\system32\msdtc.exe
2010-04-26 22:11:38 ----A---- C:\WINXP\system32\colbact.dll
2010-04-26 22:11:37 ----A---- C:\WINXP\system32\comsvcs.dll
2010-04-26 22:11:37 ----A---- C:\WINXP\system32\clbcatex.dll
2010-04-26 22:11:37 ----A---- C:\WINXP\system32\catsrvut.dll
2010-04-26 22:11:37 ----A---- C:\WINXP\system32\catsrvps.dll
2010-04-26 22:11:37 ----A---- C:\WINXP\system32\catsrv.dll
2010-04-26 22:11:36 ----A---- C:\WINXP\system32\comuid.dll
2010-04-26 22:11:36 ----A---- C:\WINXP\system32\clbcatq.dll
2010-04-26 22:11:31 ----A---- C:\WINXP\system32\servdeps.dll
2010-04-26 22:11:31 ----A---- C:\WINXP\system32\mmfutil.dll
2010-04-26 22:11:31 ----A---- C:\WINXP\system32\licwmi.dll
2010-04-26 22:11:31 ----A---- C:\WINXP\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2010-04-26 23:05:41 ----A---- C:\WINXP\system.ini
2010-04-26 22:16:11 ----A---- C:\WINXP\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7-Prozessortreiber; C:\WINXP\system32\DRIVERS\amdk7.sys [2007-10-09 41472]
R1 ehdrv;ehdrv; C:\WINXP\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
R1 epfwtdir;epfwtdir; C:\WINXP\system32\DRIVERS\epfwtdir.sys [2009-05-14 94360]
R2 eamon;eamon; C:\WINXP\system32\DRIVERS\eamon.sys [2009-05-14 114472]
R3 ati2mtag;ati2mtag; C:\WINXP\system32\DRIVERS\ati2mtag.sys [2003-09-12 611328]
R3 cmuda;C-Media WDM Audio Interface; C:\WINXP\system32\drivers\cmuda.sys [2002-11-01 451599]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINXP\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINXP\system32\DRIVERS\mouhid.sys [2007-10-09 12288]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINXP\system32\DRIVERS\sisnic.sys [2002-07-10 32256]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINXP\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINXP\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINXP\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
S3 as22tuia;as22tuia; C:\WINXP\system32\drivers\as22tuia.sys []
S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINXP\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINXP\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB-Scannertreiber; C:\WINXP\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINXP\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINXP\system32\DRIVERS\WudfPf.sys [2007-10-09 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINXP\system32\DRIVERS\wudfrd.sys [2007-10-09 82944]
S4 IntelIde;IntelIde; C:\WINXP\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINXP\system32\Ati2evxx.exe [2003-09-12 376832]
R2 Bonjour Service;Dienst "Bonjour"; C:\Programme\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 ekrn;ESET Service; C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-14 731840]
R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-04-26 153376]
R2 lxdn_device;lxdn_device; C:\WINXP\system32\lxdncoms.exe [2008-02-27 594600]
R3 iPod Service;iPod-Dienst; C:\Programme\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 ATI Smart;ATI Smart; C:\WINXP\system32\ati2sgag.exe [2003-09-12 114688]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService; C:\WINXP\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe [2008-02-27 98984]
S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINXP\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-14 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINXP\system32\svchost.exe [2004-08-03 14336]
S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINXP\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

MalwareHero 23.05.2010 20:05
Diese:
C:\WINXP\system32\drivers\as22tuia.sys

hier mal checken: http://www.virustotal.com/de/

> Scanne mit Gmer und poste das Log:


> Mache einen Vollscan mit Malwarebytes und poste das Log.

lg.

parmenion 23.05.2010 20:06
komisch das antivir und nod32 verschiedene objekte melden.

MalwareHero 23.05.2010 20:09
Zitat:
Zitat von parmenion (Beitrag 527852)
komisch das antivir und nod32 verschiedene objekte melden.
Nein, das ist nicht komisch. Jeder Virenscanner hat eigene Virensignaturen und Scannermotoren.

parmenion 23.05.2010 20:24
Zitat:
Zitat von MalwareHero (Beitrag 527851)
Diese:
C:\WINXP\system32\drivers\as22tuia.sys

hier mal checken: VirusTotal - Kostenloser online Viren- und Malwarescanner

> Scanne mit Gmer und poste das Log:


> Mache einen Vollscan mit Malwarebytes und poste das Log.

lg.
as22tuia.sys die datei existiert nicht im ordner.

die logfiles poste ich gleich.

parmenion 23.05.2010 20:55
GMER log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-23 21:51:45
Windows 5.1.2600 Service Pack 2
Running: 4myw1nfg.exe; Driver: C:\DOKUME~1\MILENA\LOKALE~1\Temp\afaiikog.sys


---- System - GMER 1.0.15 ----

SSDT            82282630                                                                                                            ZwAssignProcessToJobObject
SSDT            spqr.sys                                                                                                            ZwCreateKey [0xF84230E0]
SSDT            spqr.sys                                                                                                            ZwEnumerateKey [0xF843BDA4]
SSDT            spqr.sys                                                                                                            ZwEnumerateValueKey [0xF843C132]
SSDT            spqr.sys                                                                                                            ZwOpenKey [0xF84230C0]
SSDT            82281A60                                                                                                            ZwOpenProcess
SSDT            82281E80                                                                                                            ZwOpenThread
SSDT            spqr.sys                                                                                                            ZwQueryKey [0xF843C20A]
SSDT            spqr.sys                                                                                                            ZwQueryValueKey [0xF843C08A]
SSDT            spqr.sys                                                                                                            ZwSetValueKey [0xF843C29C]
SSDT            82282460                                                                                                            ZwSuspendProcess
SSDT            82282280                                                                                                            ZwSuspendThread
SSDT            82281C90                                                                                                            ZwTerminateProcess
SSDT            822820B0                                                                                                            ZwTerminateThread

INT 0x62        ?                                                                                                                  823E0BF8
INT 0x63        ?                                                                                                                  81FD7F00
INT 0x82        ?                                                                                                                  823E0BF8
INT 0xA4        ?                                                                                                                  81FD7F00
INT 0xB4        ?                                                                                                                  81FD7F00

---- Kernel code sections - GMER 1.0.15 ----

?              spqr.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                              F7B9F62C 5 Bytes  JMP 81FD74E0
.text          as22tuia.SYS                                                                                                        F7B4E386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          as22tuia.SYS                                                                                                        F7B4E3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          as22tuia.SYS                                                                                                        F7B4E3C4 3 Bytes  [00, 80, 02]
.text          as22tuia.SYS                                                                                                        F7B4E3C9 1 Byte  [30]
.text          as22tuia.SYS                                                                                                        F7B4E3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                               

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\firefox.exe[2704] ntdll.dll!LdrLoadDll                                                7C925CD3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text          C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[4000] kernel32.dll!SetUnhandledExceptionFilter                      7C844915 4 Bytes  [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \WINXP\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                    823742D8
IAT            pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F844EDDC] spqr.sys
IAT            pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                  [F844EE30] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F8424042] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F842413E] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                [F84240C0] spqr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                        [F8424800] spqr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                [F84246D6] spqr.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F8433B90] spqr.sys
IAT            \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                81FD75E0
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                        00021483
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!swprintf]                                                    01B05E00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSetEvent]                                                  5DE58B5B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                        7E8366C3
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                              0F740028
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                        89320C8D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                        00022C8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                        46B70F00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                      66D00328
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                              002A7E83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                  0C8D1574
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IofCompleteRequest]                                          288B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                    0F000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IofCallDriver]                                              832A46B7
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                    E08303C0
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                    66D003FC
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoConnectInterrupt]                                          002C7E83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDetachDevice]                                              0C8D1E74
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                      248B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeEvent]                                          8A000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                83880846
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlInitAnsiString]                                          000001C4
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                              2C4EB70F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoQueueWorkItem]                                            8303C183
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapIoSpace]                                                D103FCE1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                2E7E8366
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                      8D1C7400
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                83893204
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                0000021C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                            2E4EB70F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                          02208B89
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                    B70F0000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                            E0C12E46
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!sprintf]                                                    03D00304
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                10B389F2
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObfDereferenceObject]                                        80000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                0975013E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                    1BD2E853
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwClose]                                                    C4830000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                  B05E5F04
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                    E58B5B01
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                CCCCC35D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                        CCCCCCCC
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoCallDriver]                                                53EC8B55
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoCreateDevice]                                              08758B56
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                            0218BE83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                      57000000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwOpenKey]                                                  45C60674
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                        1EEB010B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartTimer]                                                0210868B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeTimer]                                          C0850000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInitializeTimer]                                          808A1074
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeDpc]                                            00000804
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                        A03CF024
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInitializeIrp]                                            0B45950F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwCreateKey]                                                45C604EB
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                              458A000B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                  88C0840B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwSetValueKey]                                              840F0946
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                            000000C1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                14B30E8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartPacket]                                              1C8A86C6
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                              88010000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                              001C8D9E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeMdl]                                                  A99E8800
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnlockPages]                                              C600001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                        001C8E86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                    86C60100
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                        00001CAA
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                      70518B01
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                      8D52006A
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartNextPacket]                                          001C9086
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeBugCheckEx]                                                E5E85000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                        8B000023
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSetTimer]                                                  70518B0E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeCancelTimer]                                              8D52016A
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_allmul]                                                    001CAC86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                        D1E85000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_except_handler3]                                            8B000023
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoSetPowerState]                                            18C4830E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                    1C959E88
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                      9E880000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_aulldiv]                                                    00001CB1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!strstr]                                                      0E798366
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_strupr]                                                    74AAB000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeQuerySystemTime]                                          8986C636
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                    1A00001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeTickCount]                                                1C8B86C6
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                C6020000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDeleteDevice]                                              001C9686
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                      86C60200
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                          00001CB2
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateIrp]                                              9D9E8802
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateMdl]                                              8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                  001CB99E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                    9E868800
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                  8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                001CBA86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                          C61AEB00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeIrp]                                                  001C8986
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeWorkItem]                                              86C61200
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!InitSafeBootMode]                                            00001C8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCompareMemory]                                            96868801
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                        8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!memmove]                                                    001CB286
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmHighestUserAddress]                                        88968B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfAcquireSpinLock]                                                0C8D1C46
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_UCHAR]                                                  B48B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KeGetCurrentIrql]                                                89000001
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfRaiseIrql]                                                      0001C083
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfLowerIrql]                                                      24468B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!HalGetInterruptVector]                                            89820C8D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!HalTranslateBusAddress]                                          D18BF84D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KeStallExecutionProcessor]                                        860F1639
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfReleaseSpinLock]                                                000000BD
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          020CB389
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_USHORT]                                                83660000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                        7400067E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                89D60320
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[WMILIB.SYS!WmiSystemControl]                                              8D168B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[WMILIB.SYS!WmiCompleteRequest]                                            F0003284

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              823DF1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              eamon.sys (Amon monitor/ESET)

Device          \Driver\sptd \Device\4227874988                                                                                    spqr.sys
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    81FCD1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                          823721F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                            823721F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                823721F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                              823721F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    81FCD1F8
Device          \Driver\PCI_PNP2488 \Device\00000039                                                                                spqr.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    8218A1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                          epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              823E11F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        822311F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        822311F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                        823E01F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  823E01F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                        823E01F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  823E01F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                        823E01F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                        822311F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            821361F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    821361F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    81FCD1F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    81FCD1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                  821B11F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    8218A1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                        821B11F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    823E11F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D20F6B86-A4AE-4242-B9E1-450432B7378F}                                            821361F8
Device          \Driver\as22tuia \Device\Scsi\as22tuia1Port2Path0Target0Lun0                                                        8211F1F8
Device          \Driver\as22tuia \Device\Scsi\as22tuia1                                                                            8211F1F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              81FCE1F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:3876]                                                                                                    82280790

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA9 0x25 0xB5 0x6E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xBE 0x9C 0xE9 0x14 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD4 0x2A 0x97 0x2D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x54 0x27 0x31 0x30 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xBE 0x9C 0xE9 0x14 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD4 0x2A 0x97 0x2D ...

---- EOF - GMER 1.0.15 ----

MalwareHero 23.05.2010 21:38
Lade dir rootrepeal runter:
http://ad13.geekstogo.com/RootRepeal.zip

Alle Programme schliessen
rootrepeal entpacken, klicke "rootrepeal.exe" gehe unten auf der Leiste auf "Report" klicke "Scan" klicke alle Scankästchen/alternativen an, klicke C:\. >scan. Speichere das Log nach dem Scan ab und kopiere es hier rein.

parmenion 23.05.2010 22:01
rootrepeal log:

Zitat:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/23 22:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF83DB000 Size: 188800 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: afaiikog.sys
Image Path: C:\DOKUME~1\MIRIAM\LOKALE~1\Temp\afaiikog.sys
Address: 0xBA124000 Size: 93056 File Visible: No Signed: -
Status: -

Name: AFD
Image Path: \Driver\AFD
Address: 0xF886E000 Size: 26624 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: afd.sys
Image Path: C:\WINXP\System32\drivers\afd.sys
Address: 0xEB8DE000 Size: 138368 File Visible: - Signed: -
Status: -

Name: amdk7.sys
Image Path: C:\WINXP\system32\DRIVERS\amdk7.sys
Address: 0xF8726000 Size: 41472 File Visible: - Signed: -
Status: -

Name: as22tuia.SYS
Image Path: C:\WINXP\System32\Drivers\as22tuia.SYS
Address: 0xF7B4E000 Size: 233472 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF836D000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINXP\System32\ati2dvag.dll
Address: 0xBF9D8000 Size: 389120 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINXP\system32\DRIVERS\ati2mtag.sys
Address: 0xF7C74000 Size: 720896 File Visible: - Signed: -
Status: -

Name: ati3d2ag.dll
Image Path: C:\WINXP\System32\ati3d2ag.dll
Address: 0xBFA37000 Size: 1048576 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINXP\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINXP\system32\DRIVERS\audstub.sys
Address: 0xF8BF6000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINXP\System32\Drivers\Beep.SYS
Address: 0xF8A7A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINXP\system32\BOOTVID.dll
Address: 0xF8946000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINXP\System32\Drivers\Cdfs.SYS
Address: 0xF86A6000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINXP\system32\DRIVERS\cdrom.sys
Address: 0xF8746000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINXP\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF8576000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmuda.sys
Image Path: C:\WINXP\system32\drivers\cmuda.sys
Address: 0xF7BCE000 Size: 451520 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF8566000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF8385000 Size: 154112 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A3A000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINXP\system32\drivers\drmk.sys
Address: 0xF8776000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINXP\System32\Drivers\dump_atapi.sys
Address: 0xF81E7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINXP\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A84000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINXP\System32\drivers\Dxapi.sys
Address: 0xEB9B4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINXP\System32\drivers\dxg.sys
Address: 0xBF9C6000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINXP\System32\drivers\dxgthk.sys
Address: 0xF8B1D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eamon.sys
Image Path: C:\WINXP\system32\DRIVERS\eamon.sys
Address: 0xBA1ED000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\WINXP\system32\DRIVERS\ehdrv.sys
Address: 0xBA3B4000 Size: 118784 File Visible: - Signed: -
Status: -

Name: epfwtdir.sys
Image Path: C:\WINXP\system32\DRIVERS\epfwtdir.sys
Address: 0xBA2D3000 Size: 102400 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINXP\system32\DRIVERS\fdc.sys
Address: 0xF88C6000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINXP\System32\Drivers\Fips.SYS
Address: 0xF8666000 Size: 35072 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF834D000 Size: 128768 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINXP\System32\Drivers\Fs_Rec.SYS
Address: 0xF8A78000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF83AB000 Size: 126336 File Visible: - Signed: -
Status: -

Name: gagp30kx.sys
Image Path: gagp30kx.sys
Address: 0xF8586000 Size: 46464 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINXP\system32\DRIVERS\gameenum.sys
Address: 0xF8227000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF883E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINXP\system32\hal.dll
Address: 0x806EE000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINXP\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF8696000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINXP\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF893E000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINXP\system32\DRIVERS\hidusb.sys
Address: 0xEB9D4000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINXP\System32\Drivers\HTTP.sys
Address: 0xBA8D3000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINXP\system32\DRIVERS\i8042prt.sys
Address: 0xF8736000 Size: 53248 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINXP\system32\DRIVERS\imapi.sys
Address: 0xF8766000 Size: 41856 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINXP\system32\DRIVERS\ipnat.sys
Address: 0xEB822000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINXP\system32\DRIVERS\ipsec.sys
Address: 0xEB981000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8536000 Size: 36224 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINXP\system32\DRIVERS\kbdclass.sys
Address: 0xF8836000 Size: 25216 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINXP\system32\KDCOM.DLL
Address: 0xF8A36000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINXP\system32\drivers\kmixer.sys
Address: 0xBA13B000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINXP\system32\DRIVERS\ks.sys
Address: 0xF7C3D000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF8324000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mbamswissarmy.sys
Image Path: C:\WINXP\system32\drivers\mbamswissarmy.sys
Address: 0xF888E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINXP\System32\Drivers\mnmdd.SYS
Address: 0xF8A7C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINXP\system32\DRIVERS\mouclass.sys
Address: 0xF88E6000 Size: 23552 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINXP\system32\DRIVERS\mouhid.sys
Address: 0xEB9D0000 Size: 12288 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8546000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINXP\system32\DRIVERS\mrxdav.sys
Address: 0xF7DD5000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINXP\system32\DRIVERS\mrxsmb.sys
Address: 0xEB843000 Size: 457216 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINXP\System32\Drivers\Msfs.SYS
Address: 0xF890E000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINXP\system32\DRIVERS\msgpc.sys
Address: 0xF85D6000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINXP\system32\DRIVERS\mssmbios.sys
Address: 0xF8207000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF824F000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF826A000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINXP\system32\DRIVERS\ndistapi.sys
Address: 0xF8223000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINXP\system32\DRIVERS\ndisuio.sys
Address: 0xF8113000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINXP\system32\DRIVERS\ndiswan.sys
Address: 0xF7B12000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINXP\System32\Drivers\NDProxy.SYS
Address: 0xF8626000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINXP\system32\DRIVERS\netbios.sys
Address: 0xF8656000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINXP\system32\DRIVERS\netbt.sys
Address: 0xEB900000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINXP\System32\Drivers\Npfs.SYS
Address: 0xF8916000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF8297000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINXP\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINXP\System32\Drivers\Null.SYS
Address: 0xF8C4D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINXP\system32\DRIVERS\parport.sys
Address: 0xF7B29000 Size: 80384 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87BE000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINXP\System32\Drivers\ParVdm.SYS
Address: 0xF8A5A000 Size: 7040 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF83CA000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP2488
Image Path: \Driver\PCI_PNP2488
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8AFE000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINXP\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF87B6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINXP\system32\drivers\portcls.sys
Address: 0xF7BAA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINXP\system32\DRIVERS\psched.sys
Address: 0xF7B01000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINXP\system32\DRIVERS\ptilink.sys
Address: 0xF88D6000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINXP\system32\DRIVERS\rasacd.sys
Address: 0xF89F6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINXP\system32\DRIVERS\rasl2tp.sys
Address: 0xF87A6000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINXP\system32\DRIVERS\raspppoe.sys
Address: 0xF85B6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINXP\system32\DRIVERS\raspptp.sys
Address: 0xF85C6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINXP\system32\DRIVERS\raspti.sys
Address: 0xF88DE000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINXP\system32\DRIVERS\rdbss.sys
Address: 0xEB8B3000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINXP\System32\DRIVERS\RDPCDD.sys
Address: 0xF8A7E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINXP\system32\DRIVERS\rdpdr.sys
Address: 0xF7AD0000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINXP\system32\DRIVERS\redbook.sys
Address: 0xF8756000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINXP\system32\drivers\rootrepeal.sys
Address: 0xF7F7F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINXP\System32\Drivers\SCSIPORT.SYS
Address: 0xF840A000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINXP\system32\DRIVERS\serenum.sys
Address: 0xF822B000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINXP\system32\DRIVERS\serial.sys
Address: 0xF7B3D000 Size: 65920 File Visible: - Signed: -
Status: -

Name: SISAGPX.sys
Image Path: SISAGPX.sys
Address: 0xF87C6000 Size: 30848 File Visible: - Signed: -
Status: -

Name: sisnic.sys
Image Path: C:\WINXP\system32\DRIVERS\sisnic.sys
Address: 0xF8856000 Size: 32256 File Visible: - Signed: -
Status: -

Name: spqr.sys
Image Path: spqr.sys
Address: 0xF8422000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF833B000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINXP\system32\DRIVERS\srv.sys
Address: 0xBACD4000 Size: 352640 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINXP\system32\DRIVERS\swenum.sys
Address: 0xF8A66000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINXP\system32\drivers\sysaudio.sys
Address: 0xF8047000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINXP\system32\DRIVERS\tcpip.sys
Address: 0xEB928000 Size: 360960 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINXP\system32\DRIVERS\TDI.SYS
Address: 0xF88CE000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINXP\system32\DRIVERS\termdd.sys
Address: 0xF85E6000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINXP\system32\DRIVERS\update.sys
Address: 0xF7A9C000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINXP\system32\DRIVERS\USBD.SYS
Address: 0xF8A6C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINXP\system32\DRIVERS\usbehci.sys
Address: 0xF884E000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINXP\system32\DRIVERS\usbhub.sys
Address: 0xF8636000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINXP\system32\DRIVERS\usbohci.sys
Address: 0xF8846000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINXP\system32\DRIVERS\USBPORT.SYS
Address: 0xF7B87000 Size: 143360 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINXP\System32\drivers\vga.sys
Address: 0xF8906000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINXP\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7C60000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8556000 Size: 53760 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINXP\system32\DRIVERS\wanarp.sys
Address: 0xF8676000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINXP\System32\watchdog.sys
Address: 0xF87F6000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINXP\system32\drivers\wdmaud.sys
Address: 0xF7E02000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINXP\System32\win32k.sys
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINXP\System32\Drivers\WMILIB.SYS
Address: 0xF8A38000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

parmenion 23.05.2010 22:53
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4133

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23.05.2010 23:46:27
mbam-log-2010-05-23 (23-46-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 176155
Laufzeit: 1 Stunde(n), 41 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP20\A0006148.exe (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP20\A0006270.exe (PUP.KeyLogger) -> No action taken.
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP43\A0020096.exe (Trojan.Agent.CK) -> No action taken.
sieht nicht so gut aus, oder?

MalwareHero 24.05.2010 00:43
Zitat:
Zitat von parmenion (Beitrag 527911)
sieht nicht so gut aus, oder?
> Lösche die Fünde von Malwarebytes. Ankreuzen und "Entferne Auswahl".

> Öffne RootRepeal. Unter "Drivers" klicke "Scan" und finde den Driver Eintrag: as22tuia.SYS
Rechtsklick auf den Eintrag as22tuia.SYS > wähle "Dump File" Speichere die Kopie des Files auf deinem Desktop als "ass22tuia.sys."
Besuche diese Seite: VirusTotal - Kostenloser online Viren- und Malwarescanner
und lade den File "ass22tuia.sys" von deinem Desktop hoch und poste das Log der Überprüfung dann hier.


> Hast du beim Rootrepeal Scan gleich nach dem Öffnen auf Scan geklickt? Folge der Anleitung:
Erst auf Report (unten im Fenster) gehen. Siehe Anleitung RootRepeal in meinem letzten Thread. Kreuze alle Scankästchen an ausser "Drivers". Poste das Log.

> Lade dir NormanMalwareCleaner von hier runter:
Norman | Norman Malware Cleaner
mache einen Scan (Du must Administratorrechte besitzen)
und poste das Log, das auf deinem Desktop abgelegt wird.

lg.

parmenion 24.05.2010 08:44
virustotal.com log:

Zitat:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 -
Antiy-AVL 2.0.3.7 2010.05.24 -
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 -
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 -
DrWeb 5.0.2.03300 2010.05.24 -
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7503 2010.05.21 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 -
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 -
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 -
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 -
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.02 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -
weitere Informationen
File size: 233472 bytes
MD5...: 05106b59ea210e7c9247400221d6f1a8
SHA1..: ae1c7dda813b67ee49983769a5ee25891d747e12
SHA256: 91784d377d392b738e8be194a3c77f888fff2933110f5822020faa44abc3194b
ssdeep: 3072:LShW8gYQ59tHN2WdMGrOuFtUpVIGc/oiMqqDt+7u8l/eKOlwxlH04KrS+T9
ds:2hWlJ9ttFvOuEsohqqDtb2/JQ4r8K
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b6d8
timedatestamp.....: 0x4a5cf4c9 (Tue Jul 14 21:12:41 2009)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x231f0 0x23200 6.70 2f553ae30abc172e360f4bcebb99e010
.data 0x25000 0x2ff8 0x2600 3.21 d5beb0e360479ce61575a9ca1d2c9df0
PAGE 0x28000 0x2e15 0x3000 4.77 8f625bafee17e7f4f1032d21359d5468
INIT 0x2b000 0xd2c 0xe00 0.00 b4202f7fe985b9648b4676e6f70832bd
.rsrc 0x2c000 0x330 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.dt0 0x2d000 0x107c 0x1200 0.84 7ea01842f5cc62f59f735e2d53bce28a
.dt1 0x2f000 0x752b 0x7600 6.19 2c128057e492802b06a073e52febb694
.reloc 0x37000 0x2000 0x2000 7.95 5d236ac5afd9c336e5da1e263363cd33

( 0 imports )

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

parmenion 24.05.2010 08:47
malwarecleaner hab ich abgebrochen weil er einfach dateien gelöscht hat die garnicht infiziert sein können!

MalwareHero 24.05.2010 14:41
Zitat:
Zitat von parmenion (Beitrag 527950)
malwarecleaner hab ich abgebrochen weil er einfach dateien gelöscht hat die garnicht infiziert sein können!
Norman ist 100% vertrauenswürdig. Dann nehme Dr.Web, der verschiebt nur die Fünde:
http://www.trojaner-board.de/59299-a...eb-cureit.html

> Vollständige log von RootRepeal noch nachholen, wie unten beschrieben, ausser "Drivers"

Log posten.

parmenion 24.05.2010 15:45
rootrepeal log:

Zitat:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/24 16:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 05-24-10 (16-27-54).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\WINXP\Temp\HTTEF9C.tmp
Status: Invisible to the Windows API!

Path: C:\WINXP\Temp\HTTF012.tmp
Status: Visible to the Windows API, but not on disk.

Path: c:\dokumente und einstellungen\milena\lokale einstellungen\temp\flaf013.tmp
Status: Size mismatch (API: 24485888, Raw: 23701752)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x82282630

#: 041 Function Name: NtCreateKey
Status: Hooked by "spqr.sys" at address 0xf84230e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spqr.sys" at address 0xf843bda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spqr.sys" at address 0xf843c132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spqr.sys" at address 0xf84230c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x82281a60

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x82281e80

#: 160 Function Name: NtQueryKey
Status: Hooked by "spqr.sys" at address 0xf843c20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spqr.sys" at address 0xf843c08a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spqr.sys" at address 0xf843c29c

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82282460

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82282280

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82281c90

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x822820b0

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x821a0c50]
Process: System Address: 0x82280790 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLOSE]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_READ]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLEANUP]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_PNP]
Process: System Address: 0x81fce1f8 Size: 121

==EOF==

parmenion 24.05.2010 16:54
die txt. datei ist zu groß darum hab ich sie als zip. gepackt

MalwareHero 24.05.2010 17:28
Zitat:
Zitat von parmenion (Beitrag 528042)
die txt. datei ist zu groß darum hab ich sie als zip. gepackt
Mache den Kompletten Scan mit Dr.Web. Der Schnelle Scan sagt hier zuwenig aus.


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:56 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131