Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.11.2009, 14:37   #1
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



Hallo Community,

seit ca. 2 Wochen belästigt mich mein Rechner mit extrem langsamen Shutdowns (der Zusammenhang zu Trojanern wird noch deutlich), und zwar sowohl bei der Profilabmeldung als auch beim Runterfahren selbst. Ersteres konnte ich inzwischen klären, aber Letzteres nervt immer noch ungemein.

Folgendes ist vom Ablauf her Sache:

1) Abmeldung und Shutdown dauerten immer mal wieder je ca. 2 Minuten (der Shutdown selbst fast immer)
2) Vor ca. 1 Woche fing AntiVir an, alle 5 Minuten einen Trojaner zu melden. Es beschränkte sich auf den Temp-Ordner (also wohl Downloads kleiner Dateien), ich löschte den Kram bzw verschob ihn in die Quarantäne. Upload zu virustotal.com ergab nur bei AntiVir und McAfee einen Alarm: TR/Dropper.Gen.

Den Trojaner wurde ich los, aber das Problem änderte sich nicht. Also habe ich einige Treiber aktualisiert. Das schien etwas zu bewirken, aber kurze Zeit später gings von vorn los. Seitdem habe ich mehrere Dinge ausprobiert:

- Programme: Registry Booster, SpeedupmyPC, Hijackthis, eScan, Security Task Manager, Combofix, Bit Defender

- Registry: ClearPagefileatShutdown = 0/1, Löschung überflüssiger Einträge (auch NULL), HungAppTimeout = 1000, WaitToKillAppTimeout = 1000, DisablePagingExecutive = 1

Ergebnis: Combofix fand ein Rootkit und desinfizierte die Datei. Das Problem besteht aber weiterhin.

Inzwischen bin ich darauf gekommen, dass zumeist das Internet an ist bzw war, bevor das Problem auftrat. Shutdowns direkt nach dem Hochfahren des Userprofils laufen nämlich anstandslos.
So weit so gut, doch eins ist verwirrend: auch ohne angeschaltetes Internet tritt der Fehler hie und da auf.

Meine Frage: kann es sein, dass trotz der ganzen Tests immer noch irgendwo ein rezentes Progrämmchen rumpfuscht, das ggf nach einer Weile (evtl wiederholt ?!) nach Hause zu telefonieren versucht und sich auch von Shutdowns nicht sofort beeindrucken lässt ? Vielleicht ein weiterer Trojaner, der noch von keinem Sucher entdeckt wird ?
Wenn ja, müsste das Ding theoretisch auf der "tieferen" (?!) Windows-Ebene fuhrwerken, denn die Profilabmeldung ist ja wieder ok. Erst der generelle Shutdown (beim Klick auf den Computernamen Auf Wiedersehen-Bildschirm vom XP) braucht idiotisch lange. Interessant ist dahingehend, dass HijackThis m. E. nichts Ungewöhnliches anzeigt.

Kurz und gut:

Zustand: extreme Verwirrung
Abhilfe: gern gesehen
Ideen ? Immer her damit...bei Bedarf haue ich nochmal HijackThis drauf, vielleicht findet einige zusätzliche Paar Augen noch was.

Besten Dank im Voraus,

Steffen

Alt 13.11.2009, 14:56   #2
Larusso
/// Selecta Jahrusso
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite bitte folgendes ab.

Poste bitte alle Logfiles in Code-Tags.
Klicke antworten --> #
danach [code]text[/code]
So sollte das dann hier aussehen nach dem antworten:
Code:
ATTFilter
deine Logfile
         

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.


schritt 1

Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
  • Dateien und Ordner: Erweiterungen bei bekannten Dateitypen ausblenden deaktivieren
  • Dateien und Ordner: Geschützte Systemdateien ausblenden (empfohlen) deaktivieren
  • Dateien und Ordner: Inhalte von Systemordnern anzeigen aktivieren (bei Vista nicht vorhanden)
  • Versteckte Dateien und Ordner: alle Dateien und Ordner anzeigen aktivieren


schritt 2

Poste bitte den Inhalt von C:\combofix.txt


schritt 3

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in Code-Tags hier in den Thread.


schritt 4
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
  • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
  • nichts am Rechner getan werden,
  • nach jedem Scan der Rechner neu gestartet werden.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Gmer ist geeignet für => NT/W2K/XP/VISTA.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
  • Füge das Log aus der Zwischenablage in Deine Antwort hier ein.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Manche Logfiles sind sehr lange, bitte in mehrere Posts aufteilen
__________________

__________________

Alt 13.11.2009, 16:37   #3
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



Beim Download ist mir aufgefallen, dass ich GMER auch schon im Einsatz hatte. Konnte aber mir den ganzen Begriffen und Abkürzungen nicht viel anfangen und habe daher nicht mehr dran gedacht.

Egal, ich musste eh neu scannen.

Hier erstmal der Combofix-Log, Teil I:

Code:
ATTFilter
ComboFix 09-11-13.04 - Liebig 13.11.2009 15:51.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1535.1181 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Liebig\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning disabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning disabled* (Updated) {804E5358-FFA4-011E-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-010C-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-011C-0D24-347CA8A3377C}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
(((((((((((((((((((((((   Dateien erstellt von 2009-10-13 bis 2009-11-13  ))))))))))))))))))))))))))))))
.

2009-11-12 19:19 . 2009-11-12 19:19	--------	d-----w-	c:\programme\microsoft frontpage
2009-11-12 12:40 . 2009-11-12 12:40	--------	d---a-w-	c:\windows\rundll16.exe
2009-11-12 11:55 . 2009-11-12 11:55	--------	d-----w-	c:\programme\Gemeinsame Dateien\MicroWorld
2009-11-11 22:05 . 2009-11-11 22:05	--------	d---a-w-	c:\windows\VDLL.DLL
2009-11-11 22:05 . 2009-11-11 22:05	--------	d---a-w-	c:\windows\system32\runouce.exe
2009-11-11 22:05 . 2009-11-11 22:05	--------	d---a-w-	c:\windows\RUNDL132.EXE
2009-11-11 22:02 . 2009-11-11 22:02	632064	----a-w-	c:\windows\system32\msvcr80.dll
2009-11-11 22:02 . 2009-11-11 22:02	554240	----a-w-	c:\windows\system32\msvcp80.dll
2009-11-11 22:02 . 2009-11-11 22:02	34048	----a-w-	c:\windows\system32\eEmpty.exe
2009-11-11 22:02 . 2008-04-14 02:23	140800	----a-w-	c:\windows\system32\T.COM
2009-11-11 22:02 . 2008-04-14 02:22	153600	----a-w-	c:\windows\R.COM
2009-11-11 18:37 . 2009-11-11 18:37	--------	d-----r-	c:\dokumente und einstellungen\NetworkService\Favoriten
2009-11-11 18:36 . 2009-11-11 18:36	--------	d-sh--w-	c:\dokumente und einstellungen\NetworkService\IETldCache
2009-11-10 16:33 . 2009-11-10 16:33	--------	d-----w-	C:\Brother
2009-11-10 12:14 . 2008-05-18 17:54	9216	----a-w-	c:\windows\system32\drivers\videX32.sys
2009-11-08 15:12 . 2009-03-25 05:29	130432	----a-w-	c:\windows\system32\drivers\Rtnicxp.sys
2009-11-08 15:12 . 2009-03-03 11:18	73728	----a-w-	c:\windows\system32\RtNicProp32.dll
2009-11-08 14:19 . 2006-09-20 15:25	5627904	----a-w-	c:\windows\system32\nvdisps.dll
2009-11-08 14:19 . 2006-09-20 15:25	2904064	----a-w-	c:\windows\system32\nvvitvs.dll
2009-11-08 14:19 . 2006-09-20 15:25	2035712	----a-w-	c:\windows\system32\nvwss.dll
2009-11-08 14:19 . 2006-09-20 15:25	188416	----a-w-	c:\windows\system32\nvmccss.dll
2009-11-08 14:19 . 2006-09-20 15:25	888832	----a-w-	c:\windows\system32\nvmobls.dll
2009-11-08 14:19 . 2006-09-20 15:25	3051520	----a-w-	c:\windows\system32\nvgames.dll
2009-11-06 14:34 . 2009-11-10 23:05	--------	d-----w-	c:\programme\Setup Files
2009-11-04 13:36 . 2009-11-10 21:54	--------	d-----w-	c:\programme\Uniblue
2009-11-03 23:22 . 2009-11-03 23:22	152576	----a-w-	c:\dokumente und einstellungen\Liebig\Anwendungsdaten\Sun\Java\jre1.6.0_17\lzma.dll
2009-10-20 10:35 . 2009-08-06 17:24	44768	----a-w-	c:\windows\system32\wups2.dll
2009-10-20 10:35 . 2008-10-16 13:13	202776	----a-w-	c:\windows\system32\wuweb.dll
2009-10-20 10:35 . 2009-08-06 17:24	35552	-c--a-w-	c:\windows\system32\dllcache\wups.dll
2009-10-20 10:35 . 2009-08-06 17:24	35552	----a-w-	c:\windows\system32\wups.dll
2009-10-20 10:35 . 2008-10-16 13:12	323608	----a-w-	c:\windows\system32\wucltui.dll
2009-10-20 10:35 . 2008-10-16 13:13	1809944	----a-w-	c:\windows\system32\wuaueng.dll
2009-10-20 10:35 . 2008-10-16 13:09	51224	------w-	c:\windows\system32\wuauclt.exe
2009-10-20 10:35 . 2008-10-16 13:12	561688	----a-w-	c:\windows\system32\wuapi.dll
2009-10-20 10:35 . 2008-10-16 13:09	92696	----a-w-	c:\windows\system32\cdm.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 19:29 . 2009-06-25 16:47	--------	d-----w-	c:\programme\Trillian
2009-11-11 19:26 . 2008-08-10 01:05	--------	d---a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-11-10 23:31 . 2008-02-22 19:24	--------	d-----w-	c:\programme\Flock
2009-11-10 20:59 . 2004-08-04 12:00	86770	----a-w-	c:\windows\system32\perfc007.dat
2009-11-10 20:59 . 2004-08-04 12:00	501756	----a-w-	c:\windows\system32\perfh007.dat
2009-11-10 16:33 . 2008-12-09 17:01	50	----a-w-	c:\windows\system32\bridf06a.dat
2009-11-10 16:32 . 2009-03-28 15:47	57	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-11-10 12:51 . 2009-06-14 22:27	102664	----a-w-	c:\windows\system32\drivers\tmcomm.sys
2009-11-07 15:46 . 2006-01-27 11:34	--------	d-----w-	c:\programme\AVM_update
2009-11-06 16:32 . 2009-09-03 16:35	586107	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aescript.dll
2009-11-06 16:32 . 2009-09-03 16:35	2093432	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll
2009-11-05 16:39 . 2009-11-04 13:37	--------	d-----w-	c:\dokumente und einstellungen\Liebig\Anwendungsdaten\Uniblue
2009-11-05 16:39 . 2009-11-05 16:38	--------	dc-h--w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-11-05 16:38 . 2006-01-27 14:08	69392	----a-w-	c:\dokumente und einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-11-05 14:21 . 2009-09-03 16:35	422261	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aepack.dll
2009-11-05 14:21 . 2009-09-03 16:35	364916	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aegen.dll
2009-11-05 14:21 . 2009-09-03 16:35	184694	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aecore.dll
2009-11-04 00:25 . 2008-05-01 13:05	--------	d-----w-	c:\programme\UPHClean
2009-11-03 23:23 . 2006-03-23 18:27	--------	d-----w-	c:\programme\Java
2009-11-01 08:43 . 2007-08-17 19:36	--------	d-----w-	c:\programme\Eumex 504PC USB
2009-10-29 18:38 . 2009-11-05 16:39	2838480	-c--a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}\speedupmypc2009.exe
2009-10-17 12:31 . 2009-03-19 16:54	--------	d-----w-	c:\programme\Avira
2009-10-15 10:10 . 2006-01-26 11:36	--------	d-----w-	c:\programme\Gemeinsame Dateien\Adobe
2009-10-12 17:21 . 2006-01-27 20:17	--------	d-----w-	c:\programme\Winamp
2009-10-11 03:17 . 2008-12-26 16:42	411368	----a-w-	c:\windows\system32\deploytk.dll
2009-10-02 22:15 . 2009-09-03 16:35	479604	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll
2009-10-02 22:15 . 2009-09-03 16:35	393587	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll
2009-09-19 12:11 . 2008-01-02 19:26	179792	----a-w-	c:\windows\system32\guard32.dll
2009-09-19 12:11 . 2008-01-02 19:26	87104	----a-w-	c:\windows\system32\drivers\inspect.sys
2009-09-19 12:11 . 2008-01-02 19:26	25160	----a-w-	c:\windows\system32\drivers\cmdhlp.sys
2009-09-19 12:11 . 2008-01-02 19:26	132296	----a-w-	c:\windows\system32\drivers\cmdGuard.sys
2009-09-16 13:07 . 2006-01-29 15:26	--------	d-----w-	c:\programme\ChessBase
2009-09-15 15:58 . 2009-09-03 16:35	106867	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll
2009-09-11 14:17 . 2004-08-04 12:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-09-03 15:24 . 2009-09-03 16:35	237940	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aehelp.dll
2009-09-03 15:24 . 2009-09-03 16:35	127346	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\FAILSAVE\aescn.dll
2009-08-29 07:54 . 2004-08-04 12:00	916480	------w-	c:\windows\system32\wininet.dll
2009-08-26 19:41 . 2009-08-26 19:41	152576	----a-w-	c:\dokumente und einstellungen\Liebig\Anwendungsdaten\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 18:11 . 2009-03-19 16:54	55656	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-08-26 08:00 . 2004-08-04 12:00	247326	----a-w-	c:\windows\system32\strmdll.dll
2008-02-28 11:30 . 2008-02-28 11:30	14852	----a-w-	c:\programme\settings.dat
2006-10-26 18:40 . 2006-10-26 18:40	13	----a-w-	c:\programme\ATT00019.txt
.
         
Die Wiederherstellungskonsole werde ich mir beizeiten nachbesorgen. Keine Ahnung, wieso sie fehlt.
__________________

Geändert von ElSteffe (13.11.2009 um 17:12 Uhr)

Alt 13.11.2009, 16:39   #4
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



Combofix, Teil II:

Code:
ATTFilter
------- Sigcheck -------

[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-09-20 7680000]
"COMODO Firewall Pro"="c:\programme\COMODO\Firewall\cfp.exe" [2009-09-19 1799952]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2008-05-27 413696]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SSBkgdUpdate"="c:\programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\programme\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\programme\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\programme\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\programme\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"COMODO Internet Security"="c:\programme\COMODO\Firewall\cfp.exe" [2009-09-19 1799952]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-09-20 86016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-12-10 1519616]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"d:\\Daten_alt\\Programme\\Zubehör\\Backgammon\\backgw32.exe"=

R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02.01.2008 20:26 132296]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02.01.2008 20:26 25160]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [19.03.2009 17:54 108289]
R2 AVMPORT;AVMPORT;c:\windows\system32\drivers\avmport.sys [27.01.2006 23:55 59520]
R2 CAPI20;Eumex 504PC USB;c:\windows\system32\drivers\Capi20.sys [17.08.2007 20:36 964428]
R3 AVMCOWAN;AVMCOWAN;c:\windows\system32\drivers\avmcowan.sys [24.11.2005 01:00 53632]
R3 fpcibase;FRITZ!Card PCI;c:\windows\system32\drivers\fpcibase.sys [26.01.2006 11:46 537600]
S2 DETEWECP;Telekom ISDN Port;c:\windows\system32\drivers\detewecp.sys [17.08.2007 20:36 38480]
S3 AVMWAN;NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [26.01.2006 11:46 38608]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\39.tmp --> c:\windows\system32\39.tmp [?]
S3 MsibiosDevice;MsibiosDevice;\??\c:\programme\MSI\Live Update 4\LU4\msibios.sys --> c:\programme\MSI\Live Update 4\LU4\msibios.sys [?]
S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;c:\windows\system32\drivers\Netfritz.sys [27.01.2006 12:44 316928]
S3 WEBNTACCESS;WEBNTACCESS;c:\windows\system32\Ntaccess.sys [14.04.2008 02:21 17920]
S4 SAVAdminService;Sophos Anti-Virus Statusreporter;"c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe" --> c:\programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [?]
S4 SAVService;Sophos Anti-Virus;"c:\programme\Sophos\Sophos Anti-Virus\SavService.exe" --> c:\programme\Sophos\Sophos Anti-Virus\SavService.exe [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys --> c:\windows\system32\DRIVERS\SophosBootDriver.sys [?]

--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
*Deregistered* - uphcleanhlp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-13 16:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\39.tmp"
.
Zeit der Fertigstellung: 2009-11-13 16:02
ComboFix-quarantined-files.txt  2009-11-13 15:02

Vor Suchlauf: 9 Verzeichnis(se), 22.521.589.760 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 22.481.281.024 Bytes frei

- - End Of File - - 410F8361CBC4AC1D8878BE0E83F887D7
         

Alt 13.11.2009, 16:43   #5
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



OTL, Teil I (irgendwas hat sich zuerst gebissen, mir wurde beim Ausführen ein Schadprogramm gemeldet und mein Rechner stürzte ab...vielleicht hatte ich ein Modul der Firewall oder des Virenscanners nicht abgeschaltet):

Code:
ATTFilter
OTL logfile created on: 13.11.2009 16:16:11 - Run 1
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\Liebig\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 71,46% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 21,04 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 41,96 Gb Free Space | 92,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LIEBIG-2DA4E295
Current User Name: Liebig
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Liebig\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\COMODO\Firewall\cfp.exe (COMODO)
PRC - C:\Programme\COMODO\Firewall\cmdagent.exe (COMODO)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Programme\Unlocker\UnlockerAssistant.exe ()
PRC - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe ()
PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Liebig\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\guard32.dll (COMODO)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Unlocker\UnlockerHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Sophos AutoUpdate Service) --  File not found
SRV - (SAVService) --  File not found
SRV - (SAVAdminService) --  File not found
SRV - (MySql) --  File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (cmdAgent) -- C:\Programme\COMODO\Firewall\cmdagent.exe (COMODO)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (WEBNTACCESS) -- C:\WINDOWS\system32\Ntaccess.sys (Your Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM Berlin)
DRV - (AVMCOWAN) -- C:\WINDOWS\system32\drivers\avmcowan.sys (AVM GmbH)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (NETFRITZ) -- C:\WINDOWS\system32\drivers\Netfritz.sys (AVM Berlin)
DRV - (ENTECH) -- C:\WINDOWS\system32\drivers\Entech.sys (EnTech Taiwan)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (CAPI20) -- C:\WINDOWS\System32\Drivers\CAPI20.SYS (DeTeWe Berlin)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM Berlin)
DRV - (DETEWECP) -- C:\WINDOWS\System32\drivers\detewecp.sys (DeTeWe Berlin)
DRV - (AVMPORT) -- C:\WINDOWS\System32\drivers\avmport.sys (AVM Berlin)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 3E E4 49 FA 4F CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2009.09.15 16:13:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Liebig\Anwendungsdaten\Mozilla\Extensions
[2009.09.15 16:13:10 | 00,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Liebig\Anwendungsdaten\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
 
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PicLens for Internet Explorer) - {53349B29-8E4B-447A-9068-5C83EB591753} - C:\Programme\PicLensIE\PicLens.dll (Cooliris Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe ()
O4 - HKLM..\Run: [COMODO Firewall Pro] C:\Programme\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\Firewall\cfp.exe (COMODO)
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [QuickTime Task] C:\Programme\QuickTime\qttask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Key error. (YInstStarter Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (Reg Error: Key error.)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/jinstall-14_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.26 11:54:59 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
         


Alt 13.11.2009, 16:44   #6
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



OTL, Teil II:

Code:
ATTFilter
 
[2009.11.13 16:09:01 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Liebig\Desktop\OTL.exe
[2009.11.13 16:06:48 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009.11.13 16:03:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009.11.13 15:45:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009.11.13 15:40:23 | 00,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Liebig\Recent
[2009.11.12 20:19:58 | 00,000,000 | ---D | C] -- C:\Programme\xerox
[2009.11.12 20:19:58 | 00,000,000 | ---D | C] -- C:\Programme\movie maker
[2009.11.12 20:19:57 | 00,000,000 | ---D | C] -- C:\Programme\netmeeting
[2009.11.12 20:19:57 | 00,000,000 | ---D | C] -- C:\Programme\msn gaming zone
[2009.11.12 20:19:56 | 00,000,000 | ---D | C] -- C:\Programme\windows media player
[2009.11.12 20:19:56 | 00,000,000 | ---D | C] -- C:\Programme\microsoft frontpage
[2009.11.12 17:04:32 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009.11.12 13:40:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2009.11.12 12:55:25 | 00,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2009.11.11 23:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2009.11.11 23:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2009.11.11 23:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2009.11.11 23:02:22 | 00,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009.11.11 23:02:21 | 00,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2009.11.11 23:02:19 | 00,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2009.11.11 23:02:13 | 00,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2009.11.11 23:02:13 | 00,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2009.11.10 17:33:23 | 00,000,000 | ---D | C] -- C:\Brother
[2009.11.10 13:14:36 | 00,009,216 | ---- | C] (VIA Technologies, Inc.) -- C:\WINDOWS\System32\drivers\videX32.sys
[2009.11.08 16:12:56 | 00,130,432 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtnicxp.sys
[2009.11.08 15:19:20 | 05,627,904 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009.11.08 15:19:20 | 02,904,064 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009.11.08 15:19:20 | 02,035,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009.11.08 15:19:20 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009.11.08 15:19:19 | 03,051,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009.11.08 15:19:19 | 00,888,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009.11.06 15:34:21 | 00,000,000 | ---D | C] -- C:\Programme\Setup Files
[2009.11.05 19:39:29 | 00,000,000 | ---D | C] -- D:\Liebig\Eigene Dateien\My Drivers
[2009.11.05 17:38:45 | 00,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2009.11.04 14:37:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Liebig\Anwendungsdaten\Uniblue
[2009.11.04 14:36:57 | 00,000,000 | ---D | C] -- C:\Programme\Uniblue
[2009.11.04 00:23:49 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009.11.04 00:23:49 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009.11.04 00:23:49 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.10.28 15:54:08 | 00,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Liebig\Desktop\AVK Personal Dortmund
[2009.10.20 11:35:31 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009.10.20 11:35:31 | 00,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2009.10.20 11:35:30 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009.10.20 11:35:30 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009.10.20 11:35:30 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009.10.20 11:35:29 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009.10.20 11:35:29 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009.10.20 11:35:28 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009.10.20 11:35:27 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009.10.20 11:35:26 | 00,092,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009.11.13 16:14:21 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.11.13 16:14:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009.11.13 16:12:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.11.13 16:12:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.11.13 16:11:59 | 16,101,41696 | -HS- | M] () -- C:\hiberfil.sys
[2009.11.13 16:09:11 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Liebig\Desktop\OTL.exe
[2009.11.13 16:00:52 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.11.13 15:40:25 | 07,864,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\NTUSER.DAT
[2009.11.13 15:40:25 | 00,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Liebig\ntuser.ini
[2009.11.12 20:28:24 | 00,001,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\Desktop\Trillian.lnk
[2009.11.12 12:55:51 | 00,000,028 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2009.11.12 00:58:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.11.11 23:02:21 | 00,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2009.11.11 23:02:20 | 00,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2009.11.11 23:02:18 | 00,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2009.11.10 21:59:08 | 01,158,866 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009.11.10 21:59:08 | 00,501,756 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2009.11.10 21:59:08 | 00,483,428 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009.11.10 21:59:08 | 00,086,770 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2009.11.10 21:59:08 | 00,072,906 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009.11.10 17:53:32 | 00,000,425 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009.11.10 17:53:32 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009.11.10 17:49:30 | 00,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.10 17:33:59 | 00,001,011 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2009.11.10 17:33:59 | 00,000,149 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2009.11.10 17:33:59 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf06a.dat
[2009.11.10 13:51:49 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009.11.09 19:01:47 | 06,384,498 | -H-- | M] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2009.11.08 16:21:41 | 00,000,177 | ---- | M] () -- C:\WINDOWS\ChssBase.ini
[2009.11.05 17:56:03 | 00,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\CommandDispatchers.xml
[2009.11.05 17:56:00 | 00,001,367 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\cleaner-config.xml
[2009.11.05 17:39:13 | 00,000,845 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SpeedUpMyPC 2009.lnk
[2009.11.05 17:38:41 | 00,069,392 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2009.11.04 15:35:04 | 00,000,844 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\Desktop\RegistryBooster.lnk
[2009.11.04 14:48:42 | 00,000,991 | ---- | M] () -- C:\WINDOWS\win.ini
[2009.11.04 14:48:42 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009.10.26 17:03:41 | 00,038,400 | ---- | M] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.20 17:44:16 | 00,345,425 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20091025-015916.backup
[2009.10.19 12:04:35 | 01,081,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2009.10.15 15:09:42 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009.10.15 11:10:27 | 00,001,715 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009.11.12 02:42:50 | 16,101,41696 | -HS- | C] () -- C:\hiberfil.sys
[2009.11.11 23:02:52 | 00,000,028 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2009.11.11 23:02:20 | 00,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2009.11.08 16:12:56 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.11.05 17:56:01 | 00,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\CommandDispatchers.xml
[2009.11.05 17:56:00 | 00,001,367 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\cleaner-config.xml
[2009.11.05 17:39:13 | 00,000,845 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SpeedUpMyPC 2009.lnk
[2009.11.04 15:34:22 | 00,000,844 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Desktop\RegistryBooster.lnk
[2009.10.15 11:10:27 | 00,001,715 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2009.03.28 16:48:04 | 00,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009.03.19 19:47:16 | 00,000,521 | ---- | C] () -- C:\WINDOWS\my.ini
[2009.03.11 18:48:37 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2009.03.11 18:48:37 | 00,033,244 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008.12.09 18:06:32 | 00,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008.12.09 18:06:32 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008.12.09 18:01:40 | 00,001,011 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008.12.09 18:01:40 | 00,000,149 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008.12.09 18:00:00 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008.10.16 16:23:30 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2008.10.16 16:23:29 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2008.10.16 16:23:29 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2008.05.01 18:53:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OODCNT.INI
[2008.05.01 15:40:57 | 06,384,498 | -H-- | C] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2008.03.11 17:10:48 | 00,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X1.DLL
[2008.03.11 17:10:42 | 00,000,027 | ---- | C] () -- C:\WINDOWS\SW_Win2146X32.DLL
[2008.03.11 17:06:56 | 00,004,106 | ---- | C] () -- C:\WINDOWS\CX_SearchHistory.INI
[2008.02.28 14:23:02 | 00,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2008.02.28 13:16:17 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.02.28 12:30:38 | 00,014,852 | ---- | C] () -- C:\Programme\settings.dat
[2008.02.01 08:18:14 | 00,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007.11.06 16:31:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2007.09.10 14:27:35 | 00,049,253 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log
[2007.05.08 17:13:10 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\backgw.ini
[2006.10.26 19:40:43 | 00,000,013 | ---- | C] () -- C:\Programme\ATT00019.txt
[2006.07.11 17:55:45 | 00,000,336 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006.06.29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006.06.29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006.05.02 23:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006.04.18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006.04.18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006.03.10 19:47:43 | 00,000,215 | ---- | C] () -- C:\WINDOWS\AntiDial.ini
[2006.02.08 15:37:23 | 00,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.01.29 16:32:17 | 00,000,177 | ---- | C] () -- C:\WINDOWS\ChssBase.ini
[2006.01.28 14:59:47 | 00,000,487 | ---- | C] () -- C:\WINDOWS\Capictrl.INI
[2006.01.28 02:31:15 | 00,001,706 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Anwendungsdaten\iwatch.txt
[2006.01.28 00:00:44 | 00,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2006.01.27 21:18:03 | 00,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.01.27 21:17:41 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006.01.27 19:06:02 | 00,038,400 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.27 15:08:49 | 00,069,392 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.01.26 15:05:13 | 00,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Liebig\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.01.26 14:11:10 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2006.01.26 12:48:28 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ZDDBView.INI
[2006.01.26 12:48:21 | 00,000,022 | ---- | C] () -- C:\WINDOWS\zdbui32.ini
[2006.01.26 12:00:50 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\Liebig\Anwendungsdaten\desktop.ini
[2006.01.26 11:44:46 | 00,000,062 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini
[2005.12.10 03:06:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.12.10 03:06:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.12.10 03:06:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.12.10 03:06:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.12.10 03:06:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.12.10 03:06:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.12.10 03:06:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004.08.04 13:00:00 | 00,000,991 | ---- | C] () -- C:\WINDOWS\win.ini
[2004.08.04 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002.03.04 10:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999.01.22 19:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D1B5B4F1
@Alternate Data Stream - 114 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A8ADE5D8
< End of report >
         

Geändert von ElSteffe (13.11.2009 um 17:36 Uhr)

Alt 13.11.2009, 16:45   #7
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



OTL - Extras:

Code:
ATTFilter
OTL Extras logfile created on: 13.11.2009 16:16:11 - Run 1
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Dokumente und Einstellungen\Liebig\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 71,46% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 29,29 Gb Total Space | 21,04 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
Drive D: | 45,23 Gb Total Space | 41,96 Gb Free Space | 92,77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LIEBIG-2DA4E295
Current User Name: Liebig
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Programme\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programme\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" File not found
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"D:\Daten_alt\Programme\Zubehör\Backgammon\backgw32.exe" = D:\Daten_alt\Programme\Zubehör\Backgammon\backgw32.exe:*:Enabled:Backgammon -- (Geert Verkade)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08098D1B-BA82-400D-B571-546F5AF7EDFF}" = PicLens for Internet Explorer
"{0830FBE8-A848-4A37-BF62-D89CB3EF0F60}" = Fritz8
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{1F99A4C4-0F84-46B3-BC55-F202C1DB1096}" = PicLens Publisher
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EFCE5837-FC21-11D6-9D24-00010240CE95}" = Java 2 Runtime Environment, SE v1.4.1_02
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVM ISDN CAPI Port" = ISDN CAPI Port
"COMODO Firewall Pro" = COMODO Firewall Pro
"Convert XLS_is1" = Convert XLS
"Eumex 504PC USB" = Telekom Eumex 504PC USB
"Flock" = Flock 1.0
"FreePDF_XP" = FreePDF XP (Remove only)
"FRITZ! 2.0" = AVM FRITZ!
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"phase5" = phase5
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Trillian" = Trillian
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Unlocker" = Unlocker 1.8.5
"Winamp" = Winamp
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPhone" = WinPhone
"WinRAR archiver" = WinRAR Archivierer
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.11.2009 15:20:22 | Computer Name = LIEBIG-2DA4E295 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 12.11.2009 16:01:18 | Computer Name = LIEBIG-2DA4E295 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 12.11.2009 16:19:58 | Computer Name = LIEBIG-2DA4E295 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 12.11.2009 16:36:30 | Computer Name = LIEBIG-2DA4E295 | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
 zurückgegeben.  .
 
Error - 12.11.2009 18:09:42 | Computer Name = LIEBIG-2DA4E295 | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 
der internen Verarbeitung erkannt. HRESULT war 800706BF von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
 Wenden Sie sich an den Microsoft-Produktsuppor
 
Error - 12.11.2009 18:09:42 | Computer Name = LIEBIG-2DA4E295 | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
 
Error - 12.11.2009 18:52:28 | Computer Name = LIEBIG-2DA4E295 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ComboFix.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.11.2009 18:52:52 | Computer Name = LIEBIG-2DA4E295 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ComboFix.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.11.2009 18:53:11 | Computer Name = LIEBIG-2DA4E295 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung ComboFix.exe, Version 0.0.0.0, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 13.11.2009 11:08:27 | Computer Name = LIEBIG-2DA4E295 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x4ebb83bd.
 
[ System Events ]
Error - 13.11.2009 11:15:18 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:19 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:19 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:20 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:21 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:22 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:22 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:23 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:24 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
Error - 13.11.2009 11:15:25 | Computer Name = LIEBIG-2DA4E295 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "RAS-Verbindungsverwaltung" wurde mit folgendem Fehler 
beendet:   %%2
 
 
< End of report >
         

Alt 13.11.2009, 16:51   #8
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil I:

Code:
ATTFilter
GMER 1.0.15.15220 - http://www.gmer.net
Rootkit scan 2009-11-13 16:33:35
Windows 5.1.2600 Service Pack 3
Running: 9hufmi1h.exe; Driver: C:\DOKUME~1\Liebig\LOKALE~1\Temp\afwyikod.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwAdjustPrivilegesToken [0xB8587D46]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwConnectPort [0xB8587250]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwCreateFile [0xB85878EA]
SSDT            B9E4977E                                                                                             ZwCreateKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwCreatePort [0xB8587132]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwCreateSection [0xB8589254]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwCreateSymbolicLinkObject [0xB858952C]
SSDT            B9E49774                                                                                             ZwCreateThread
SSDT            B9E49783                                                                                             ZwDeleteKey
SSDT            B9E4978D                                                                                             ZwDeleteValueKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwDuplicateObject [0xB8586A5A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwLoadDriver [0xB8588ED6]
SSDT            B9E49792                                                                                             ZwLoadKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwMakeTemporaryObject [0xB85874D4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwOpenFile [0xB8587B2E]
SSDT            B9E49760                                                                                             ZwOpenProcess
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwOpenSection [0xB8587764]
SSDT            B9E49765                                                                                             ZwOpenThread
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwRenameKey [0xB8588688]
SSDT            B9E4979C                                                                                             ZwReplaceKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwRequestWaitReplyPort [0xB85889F0]
SSDT            B9E49797                                                                                             ZwRestoreKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwSecureConnectPort [0xB8588C72]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwSetSystemInformation [0xB8589084]
SSDT            B9E49788                                                                                             ZwSetValueKey
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwShutdownSystem [0xB858746E]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwSystemDebugControl [0xB8587658]
SSDT            B9E4976F                                                                                             ZwTerminateProcess
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)           ZwTerminateThread [0xB8586ECA]
SSDT            \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                      ZwUnloadKey [0xB6F086D0]

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!_abnormal_termination + 78                                                              804E26D4 2 Bytes  [46, 7D]
.text           ntoskrnl.exe!_abnormal_termination + 7B                                                              804E26D7 1 Byte  [B8]
.text           ntoskrnl.exe!_abnormal_termination + C8                                                              804E2724 2 Bytes  [50, 72]
.text           ntoskrnl.exe!_abnormal_termination + CB                                                              804E2727 1 Byte  [B8]
.text           ntoskrnl.exe!_abnormal_termination + E0                                                              804E273C 4 Bytes  JMP 87B85878 
.text           ...                                                                                                  
?               C:\WINDOWS\system32\Drivers\uphcleanhlp.sys                                                          Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtAllocateVirtualMemory                            7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtClose                                            7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtCreateFile                                       7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtCreateProcess                                    7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtCreateProcessEx                                  7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtDeleteFile                                       7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtFreeVirtualMemory                                7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtLoadDriver                                       7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtOpenFile                                         7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtProtectVirtualMemory                             7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtSetInformationProcess                            7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtUnloadDriver                                     7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!NtWriteVirtualMemory                               7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!RtlAllocateHeap                                    7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!LdrLoadDll                                         7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!LdrUnloadDll                                       7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ntdll.dll!LdrGetProcedureAddress                             7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CreateFileA                                     7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!VirtualProtect                                  7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!LoadLibraryExW                                  7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!LoadLibraryExA                                  7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!LoadLibraryA                                    7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CreateProcessW                                  7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CreateProcessA                                  7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!GetProcAddress                                  7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!LoadLibraryW                                    7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!GetModuleHandleA                                7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!GetModuleHandleW                                7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CreateFileW                                     7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileWithProgressW                           7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileW                                       7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!OpenFile                                        7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!OpenFile + 3                                    7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CopyFileExW                                     7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CopyFileA                                       7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CopyFileW                                       7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!DeleteFileA                                     7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!DeleteFileW                                     7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileExW                                     7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileA                                       7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileWithProgressA                           7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!MoveFileExA                                     7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!CopyFileExA                                     7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!WinExec                                         7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] kernel32.dll!LoadModule                                      7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] WS2_32.dll!WSASocketW                                        71A1404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] WS2_32.dll!WSASocketA                                        71A18B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ADVAPI32.dll!OpenServiceW                                    77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ADVAPI32.dll!OpenServiceA                                    77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ADVAPI32.dll!CreateServiceA                                  77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ADVAPI32.dll!CreateServiceW                                  77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ole32.dll!CoCreateInstanceEx                                 774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] ole32.dll!CoGetClassObject                                   774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Java\jre6\bin\jqs.exe[176] USER32.dll!EndTask                                           7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 16:52   #9
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil II:

Code:
ATTFilter
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtAllocateVirtualMemory                         7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtClose                                         7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtCreateFile                                    7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtCreateProcess                                 7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtCreateProcessEx                               7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtDeleteFile                                    7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtFreeVirtualMemory                             7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtLoadDriver                                    7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtOpenFile                                      7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtProtectVirtualMemory                          7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtSetInformationProcess                         7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtUnloadDriver                                  7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!NtWriteVirtualMemory                            7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!RtlAllocateHeap                                 7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!LdrLoadDll                                      7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!LdrUnloadDll                                    7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ntdll.dll!LdrGetProcedureAddress                          7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CreateFileA                                  7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!VirtualProtect                               7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!LoadLibraryExW                               7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!LoadLibraryExA                               7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!LoadLibraryA                                 7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CreateProcessW                               7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CreateProcessA                               7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!GetProcAddress                               7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!LoadLibraryW                                 7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!GetModuleHandleA                             7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!GetModuleHandleW                             7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CreateFileW                                  7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileWithProgressW                        7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileW                                    7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!OpenFile                                     7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!OpenFile + 3                                 7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CopyFileExW                                  7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CopyFileA                                    7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CopyFileW                                    7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!DeleteFileA                                  7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!DeleteFileW                                  7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileExW                                  7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileA                                    7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileWithProgressA                        7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!MoveFileExA                                  7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!CopyFileExA                                  7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!WinExec                                      7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] kernel32.dll!LoadModule                                   7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ADVAPI32.dll!OpenServiceW                                 77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ADVAPI32.dll!OpenServiceA                                 77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ADVAPI32.dll!CreateServiceA                               77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ADVAPI32.dll!CreateServiceW                               77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] USER32.dll!EndTask                                        7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ole32.dll!CoCreateInstanceEx                              774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] ole32.dll!CoGetClassObject                                774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] WS2_32.dll!WSASocketW                                     71A1404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] WS2_32.dll!WSASocketA                                     71A18B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] SHELL32.dll!ShellExecuteExW                               7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] SHELL32.dll!ShellExecuteEx                                7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] SHELL32.dll!ShellExecuteA                                 7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiprvse.exe[192] SHELL32.dll!ShellExecuteW                                 7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtAllocateVirtualMemory                               7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtClose                                               7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtCreateFile                                          7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtCreateProcess                                       7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtCreateProcessEx                                     7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtDeleteFile                                          7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtFreeVirtualMemory                                   7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtLoadDriver                                          7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtOpenFile                                            7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtProtectVirtualMemory                                7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtSetInformationProcess                               7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtUnloadDriver                                        7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!NtWriteVirtualMemory                                  7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!RtlAllocateHeap                                       7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!LdrLoadDll                                            7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!LdrUnloadDll                                          7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ntdll.dll!LdrGetProcedureAddress                                7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CreateFileA                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!VirtualProtect                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!LoadLibraryExW                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!LoadLibraryExA                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!LoadLibraryA                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CreateProcessW                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CreateProcessA                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!GetProcAddress                                     7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!LoadLibraryW                                       7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!GetModuleHandleA                                   7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!GetModuleHandleW                                   7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CreateFileW                                        7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileWithProgressW                              7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileW                                          7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!OpenFile                                           7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!OpenFile + 3                                       7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CopyFileExW                                        7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CopyFileA                                          7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CopyFileW                                          7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!DeleteFileA                                        7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!DeleteFileW                                        7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileExW                                        7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileA                                          7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileWithProgressA                              7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!MoveFileExA                                        7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!CopyFileExA                                        7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!WinExec                                            7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] kernel32.dll!LoadModule                                         7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ADVAPI32.dll!OpenServiceW                                       77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ADVAPI32.dll!OpenServiceA                                       77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ADVAPI32.dll!CreateServiceA                                     77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ADVAPI32.dll!CreateServiceW                                     77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] USER32.dll!EndTask                                              7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ole32.dll!CoCreateInstanceEx                                    774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] ole32.dll!CoGetClassObject                                      774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] SHELL32.dll!ShellExecuteExW                                     7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] SHELL32.dll!ShellExecuteEx                                      7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] SHELL32.dll!ShellExecuteA                                       7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\msiexec.exe[220] SHELL32.dll!ShellExecuteW                                       7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 16:54   #10
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil III:

Code:
ATTFilter
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtAllocateVirtualMemory                               7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtClose                                               7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtCreateFile                                          7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtCreateProcess                                       7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtCreateProcessEx                                     7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtDeleteFile                                          7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtFreeVirtualMemory                                   7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtLoadDriver                                          7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtOpenFile                                            7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtProtectVirtualMemory                                7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtSetInformationProcess                               7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtUnloadDriver                                        7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!NtWriteVirtualMemory                                  7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!RtlAllocateHeap                                       7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!LdrLoadDll                                            7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!LdrUnloadDll                                          7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ntdll.dll!LdrGetProcedureAddress                                7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CreateFileA                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!VirtualProtect                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!LoadLibraryExW                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!LoadLibraryExA                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!LoadLibraryA                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CreateProcessW                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CreateProcessA                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!GetProcAddress                                     7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!LoadLibraryW                                       7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!GetModuleHandleA                                   7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!GetModuleHandleW                                   7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CreateFileW                                        7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileWithProgressW                              7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileW                                          7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!OpenFile                                           7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!OpenFile + 3                                       7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CopyFileExW                                        7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CopyFileA                                          7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CopyFileW                                          7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!DeleteFileA                                        7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!DeleteFileW                                        7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileExW                                        7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileA                                          7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileWithProgressA                              7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!MoveFileExA                                        7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!CopyFileExA                                        7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!WinExec                                            7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] kernel32.dll!LoadModule                                         7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] USER32.dll!EndTask                                              7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ADVAPI32.dll!OpenServiceW                                       77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ADVAPI32.dll!OpenServiceA                                       77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ADVAPI32.dll!CreateServiceA                                     77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\nvsvc32.exe[300] ADVAPI32.dll!CreateServiceW                                     77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtAllocateVirtualMemory                               7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtClose                                               7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtCreateFile                                          7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtCreateProcess                                       7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtCreateProcessEx                                     7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtDeleteFile                                          7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtFreeVirtualMemory                                   7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtLoadDriver                                          7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtOpenFile                                            7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtProtectVirtualMemory                                7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtSetInformationProcess                               7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtUnloadDriver                                        7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!NtWriteVirtualMemory                                  7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!RtlAllocateHeap                                       7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!LdrLoadDll                                            7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!LdrUnloadDll                                          7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!LdrGetProcedureAddress                                7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateFileA                                        7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!VirtualProtect                                     7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!LoadLibraryExW                                     7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!LoadLibraryExA                                     7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!LoadLibraryA                                       7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessW                                     7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateProcessA                                     7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!GetProcAddress                                     7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!LoadLibraryW                                       7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!GetModuleHandleA                                   7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!GetModuleHandleW                                   7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CreateFileW                                        7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileWithProgressW                              7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileW                                          7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!OpenFile                                           7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!OpenFile + 3                                       7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CopyFileExW                                        7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CopyFileA                                          7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CopyFileW                                          7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!DeleteFileA                                        7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!DeleteFileW                                        7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileExW                                        7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileA                                          7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileWithProgressA                              7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!MoveFileExA                                        7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!CopyFileExA                                        7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!WinExec                                            7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] kernel32.dll!LoadModule                                         7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ADVAPI32.dll!OpenServiceW                                       77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ADVAPI32.dll!OpenServiceA                                       77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ADVAPI32.dll!CreateServiceA                                     77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ADVAPI32.dll!CreateServiceW                                     77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] USER32.dll!EndTask                                              7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ole32.dll!CoCreateInstanceEx                                    774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] ole32.dll!CoGetClassObject                                      774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] SHELL32.dll!ShellExecuteExW                                     7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] SHELL32.dll!ShellExecuteEx                                      7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] SHELL32.dll!ShellExecuteA                                       7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[332] SHELL32.dll!ShellExecuteW                                       7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 16:55   #11
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil IV:

Code:
ATTFilter
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtAllocateVirtualMemory                              7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtCreateFile                                         7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtCreateProcess                                      7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtCreateProcessEx                                    7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtDeleteFile                                         7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtFreeVirtualMemory                                  7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtLoadDriver                                         7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtProtectVirtualMemory                               7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtUnloadDriver                                       7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!NtWriteVirtualMemory                                 7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!RtlAllocateHeap                                      7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrLoadDll                                           7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrUnloadDll                                         7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrGetProcedureAddress                               7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileA                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExW                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryExA                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryA                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetProcAddress                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadLibraryW                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetModuleHandleA                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!GetModuleHandleW                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CreateFileW                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileWithProgressW                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileW                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!OpenFile                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!OpenFile + 3                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CopyFileExW                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CopyFileA                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CopyFileW                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!DeleteFileA                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!DeleteFileW                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileExW                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileA                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileWithProgressA                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!MoveFileExA                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!CopyFileExA                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] kernel32.dll!LoadModule                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!OpenServiceA                                      77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!CreateServiceA                                    77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!CreateServiceW                                    77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\services.exe[852] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtAllocateVirtualMemory                                 7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtClose                                                 7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateFile                                            7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateProcess                                         7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtCreateProcessEx                                       7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtDeleteFile                                            7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtFreeVirtualMemory                                     7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtLoadDriver                                            7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtOpenFile                                              7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtProtectVirtualMemory                                  7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtSetInformationProcess                                 7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtUnloadDriver                                          7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!NtWriteVirtualMemory                                    7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!RtlAllocateHeap                                         7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrLoadDll                                              7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll                                            7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrGetProcedureAddress                                  7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileA                                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExW                                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryExA                                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryA                                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetProcAddress                                       7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadLibraryW                                         7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetModuleHandleA                                     7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!GetModuleHandleW                                     7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CreateFileW                                          7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileWithProgressW                                7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileW                                            7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!OpenFile                                             7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!OpenFile + 3                                         7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileExW                                          7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileA                                            7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileW                                            7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!DeleteFileA                                          7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!DeleteFileW                                          7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileExW                                          7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileA                                            7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileWithProgressA                                7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!MoveFileExA                                          7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!CopyFileExA                                          7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] kernel32.dll!LoadModule                                           7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!OpenServiceW                                         77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!OpenServiceA                                         77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceA                                       77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceW                                       77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] USER32.dll!EndTask                                                7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!WSASocketW                                             71A1404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] WS2_32.dll!WSASocketA                                             71A18B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ole32.dll!CoCreateInstanceEx                                      774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] ole32.dll!CoGetClassObject                                        774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteExW                                       7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteEx                                        7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteA                                         7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\lsass.exe[864] SHELL32.dll!ShellExecuteW                                         7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtAllocateVirtualMemory                              7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 16:57   #12
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil V:

Code:
ATTFilter
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateFile                                         7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess                                      7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtCreateProcessEx                                    7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtDeleteFile                                         7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtFreeVirtualMemory                                  7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtLoadDriver                                         7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory                               7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtUnloadDriver                                       7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!NtWriteVirtualMemory                                 7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!RtlAllocateHeap                                      7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll                                           7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll                                         7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ntdll.dll!LdrGetProcedureAddress                               7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileA                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetProcAddress                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetModuleHandleA                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!GetModuleHandleW                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CreateFileW                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressW                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileW                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!OpenFile                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!OpenFile + 3                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileExW                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileA                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileW                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!DeleteFileA                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!DeleteFileW                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileExW                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileA                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileWithProgressA                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!MoveFileExA                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!CopyFileExA                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] kernel32.dll!LoadModule                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!OpenServiceA                                      77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA                                    77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW                                    77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoCreateInstanceEx                                   774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] ole32.dll!CoGetClassObject                                     774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteExW                                    7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteEx                                     7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteA                                      7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1032] SHELL32.dll!ShellExecuteW                                      7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtAllocateVirtualMemory                              7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateFile                                         7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcess                                      7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtCreateProcessEx                                    7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtDeleteFile                                         7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtFreeVirtualMemory                                  7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver                                         7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtProtectVirtualMemory                               7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtUnloadDriver                                       7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtWriteVirtualMemory                                 7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlAllocateHeap                                      7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll                                           7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll                                         7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrGetProcedureAddress                               7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetModuleHandleA                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetModuleHandleW                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileWithProgressW                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileW                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!OpenFile                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!OpenFile + 3                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileExW                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileA                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileW                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DeleteFileA                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DeleteFileW                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileExW                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileA                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileWithProgressA                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!MoveFileExA                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CopyFileExA                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadModule                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenServiceA                                      77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA                                    77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW                                    77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoCreateInstanceEx                                   774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] ole32.dll!CoGetClassObject                                     774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW                                    7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteEx                                     7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteA                                      7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteW                                      7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\COMODO\Firewall\cmdagent.exe[1200] ntdll.dll!NtAllocateVirtualMemory                    7C91CF6E 5 Bytes  JMP 0040FB50 C:\Programme\COMODO\Firewall\cmdagent.exe (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 16:59   #13
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil VI:

Code:
ATTFilter
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtAllocateVirtualMemory                              7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile                                         7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcess                                      7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateProcessEx                                    7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteFile                                         7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtFreeVirtualMemory                                  7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtLoadDriver                                         7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtProtectVirtualMemory                               7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtUnloadDriver                                       7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory                                 7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlAllocateHeap                                      7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll                                           7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll                                         7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrGetProcedureAddress                               7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileA                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExA                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryA                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetProcAddress                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryW                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleA                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetModuleHandleW                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CreateFileW                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressW                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileW                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenFile                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!OpenFile + 3                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExW                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileA                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileW                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileA                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!DeleteFileW                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExW                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileA                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileWithProgressA                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!MoveFileExA                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!CopyFileExA                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadModule                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!OpenServiceA                                      77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA                                    77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW                                    77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoCreateInstanceEx                                   774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] ole32.dll!CoGetClassObject                                     774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteExW                                    7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteEx                                     7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteA                                      7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\svchost.exe[1240] SHELL32.dll!ShellExecuteW                                      7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtAllocateVirtualMemory                        7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtClose                                        7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtCreateFile                                   7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtCreateProcess                                7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtCreateProcessEx                              7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtDeleteFile                                   7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtFreeVirtualMemory                            7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtLoadDriver                                   7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtOpenFile                                     7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtProtectVirtualMemory                         7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtSetInformationProcess                        7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtUnloadDriver                                 7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!NtWriteVirtualMemory                           7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!RtlAllocateHeap                                7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!LdrLoadDll                                     7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!LdrUnloadDll                                   7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ntdll.dll!LdrGetProcedureAddress                         7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CreateFileA                                 7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!VirtualProtect                              7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!LoadLibraryExW                              7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!LoadLibraryExA                              7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!LoadLibraryA                                7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CreateProcessW                              7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CreateProcessA                              7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!GetProcAddress                              7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!LoadLibraryW                                7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!GetModuleHandleA                            7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!GetModuleHandleW                            7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CreateFileW                                 7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileWithProgressW                       7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileW                                   7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!OpenFile                                    7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!OpenFile + 3                                7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CopyFileExW                                 7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CopyFileA                                   7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CopyFileW                                   7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!DeleteFileA                                 7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!DeleteFileW                                 7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileExW                                 7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileA                                   7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileWithProgressA                       7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!MoveFileExA                                 7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!CopyFileExA                                 7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!WinExec                                     7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] kernel32.dll!LoadModule                                  7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ADVAPI32.dll!OpenServiceW                                77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ADVAPI32.dll!OpenServiceA                                77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ADVAPI32.dll!CreateServiceA                              77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ADVAPI32.dll!CreateServiceW                              77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] USER32.dll!EndTask                                       7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ole32.dll!CoCreateInstanceEx                             774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] ole32.dll!CoGetClassObject                               774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] SHELL32.dll!ShellExecuteExW                              7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] SHELL32.dll!ShellExecuteEx                               7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] SHELL32.dll!ShellExecuteA                                7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[1540] SHELL32.dll!ShellExecuteW                                7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 17:00   #14
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil VII:

Code:
ATTFilter
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtAllocateVirtualMemory                              7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtClose                                              7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtCreateFile                                         7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtCreateProcess                                      7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtCreateProcessEx                                    7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtDeleteFile                                         7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtFreeVirtualMemory                                  7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtLoadDriver                                         7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtOpenFile                                           7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtProtectVirtualMemory                               7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtSetInformationProcess                              7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtUnloadDriver                                       7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!NtWriteVirtualMemory                                 7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!RtlAllocateHeap                                      7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrLoadDll                                           7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrUnloadDll                                         7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!LdrGetProcedureAddress                               7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileA                                       7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!LoadLibraryExW                                    7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!LoadLibraryExA                                    7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!LoadLibraryA                                      7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!GetProcAddress                                    7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!LoadLibraryW                                      7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!GetModuleHandleA                                  7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!GetModuleHandleW                                  7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CreateFileW                                       7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileWithProgressW                             7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileW                                         7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!OpenFile                                          7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!OpenFile + 3                                      7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileExW                                       7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileA                                         7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileW                                         7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!DeleteFileA                                       7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!DeleteFileW                                       7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileExW                                       7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileA                                         7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileWithProgressA                             7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!MoveFileExA                                       7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!CopyFileExA                                       7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!LoadModule                                        7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!OpenServiceW                                      77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!OpenServiceA                                      77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!CreateServiceA                                    77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ADVAPI32.dll!CreateServiceW                                    77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] USER32.dll!EndTask                                             7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ole32.dll!CoCreateInstanceEx                                   774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] ole32.dll!CoGetClassObject                                     774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] SHELL32.dll!ShellExecuteExW                                    7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] SHELL32.dll!ShellExecuteEx                                     7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] SHELL32.dll!ShellExecuteA                                      7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\system32\spoolsv.exe[1564] SHELL32.dll!ShellExecuteW                                      7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtAllocateVirtualMemory                 7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtClose                                 7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtCreateFile                            7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtCreateProcess                         7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtCreateProcessEx                       7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtDeleteFile                            7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtFreeVirtualMemory                     7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtLoadDriver                            7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtOpenFile                              7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtProtectVirtualMemory                  7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtSetInformationProcess                 7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtUnloadDriver                          7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!NtWriteVirtualMemory                    7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!RtlAllocateHeap                         7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!LdrLoadDll                              7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!LdrUnloadDll                            7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ntdll.dll!LdrGetProcedureAddress                  7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CreateFileA                          7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!VirtualProtect                       7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!LoadLibraryExW                       7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!LoadLibraryExA                       7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!LoadLibraryA                         7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CreateProcessW                       7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CreateProcessA                       7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!GetProcAddress                       7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!LoadLibraryW                         7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!GetModuleHandleA                     7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!GetModuleHandleW                     7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CreateFileW                          7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileWithProgressW                7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileW                            7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!OpenFile                             7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!OpenFile + 3                         7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CopyFileExW                          7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CopyFileA                            7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CopyFileW                            7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!DeleteFileA                          7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!DeleteFileW                          7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileExW                          7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileA                            7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileWithProgressA                7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!MoveFileExA                          7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!CopyFileExA                          7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!WinExec                              7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] kernel32.dll!LoadModule                           7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ADVAPI32.dll!OpenServiceW                         77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ADVAPI32.dll!OpenServiceA                         77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ADVAPI32.dll!CreateServiceA                       77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] ADVAPI32.dll!CreateServiceW                       77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] USER32.dll!EndTask                                7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] WS2_32.dll!WSASocketW                             71A1404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] WS2_32.dll!WSASocketA                             71A18B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] SHELL32.dll!ShellExecuteExW                       7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] SHELL32.dll!ShellExecuteEx                        7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] SHELL32.dll!ShellExecuteA                         7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\Programme\Avira\AntiVir Desktop\sched.exe[1612] SHELL32.dll!ShellExecuteW                         7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Alt 13.11.2009, 17:03   #15
ElSteffe
 
Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Standard

Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt



GMER, Teil VIII:

Code:
ATTFilter
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtAllocateVirtualMemory                                  7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtClose                                                  7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtCreateFile                                             7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtCreateProcess                                          7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtCreateProcessEx                                        7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtDeleteFile                                             7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtFreeVirtualMemory                                      7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtLoadDriver                                             7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtOpenFile                                               7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtProtectVirtualMemory                                   7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtSetInformationProcess                                  7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtUnloadDriver                                           7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!NtWriteVirtualMemory                                     7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!RtlAllocateHeap                                          7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!LdrLoadDll                                               7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!LdrUnloadDll                                             7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ntdll.dll!LdrGetProcedureAddress                                   7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CreateFileA                                           7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!VirtualProtect                                        7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!LoadLibraryExW                                        7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!LoadLibraryExA                                        7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!LoadLibraryA                                          7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CreateProcessW                                        7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CreateProcessA                                        7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!GetProcAddress                                        7C80AE40 5 Bytes  JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!LoadLibraryW                                          7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!GetModuleHandleA                                      7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!GetModuleHandleW                                      7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CreateFileW                                           7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileWithProgressW                                 7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileW                                             7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!OpenFile                                              7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!OpenFile + 3                                          7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CopyFileExW                                           7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CopyFileA                                             7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CopyFileW                                             7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!DeleteFileA                                           7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!DeleteFileW                                           7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileExW                                           7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileA                                             7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileWithProgressA                                 7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!MoveFileExA                                           7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!CopyFileExA                                           7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!WinExec                                               7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] kernel32.dll!LoadModule                                            7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] USER32.dll!EndTask                                                 7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ADVAPI32.dll!OpenServiceW                                          77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ADVAPI32.dll!OpenServiceA                                          77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ADVAPI32.dll!CreateServiceA                                        77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ADVAPI32.dll!CreateServiceW                                        77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ole32.dll!CoCreateInstanceEx                                       774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] ole32.dll!CoGetClassObject                                         774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] WS2_32.dll!WSASocketW                                              71A1404E 7 Bytes  JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] WS2_32.dll!WSASocketA                                              71A18B6A 5 Bytes  JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] SHELL32.dll!ShellExecuteExW                                        7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] SHELL32.dll!ShellExecuteEx                                         7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] SHELL32.dll!ShellExecuteA                                          7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\System32\alg.exe[1964] SHELL32.dll!ShellExecuteW                                          7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtAllocateVirtualMemory                                      7C91CF6E 5 Bytes  JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtClose                                                      7C91CFEE 5 Bytes  JMP 10008B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtCreateFile                                                 7C91D0AE 5 Bytes  JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtCreateProcess                                              7C91D14E 5 Bytes  JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtCreateProcessEx                                            7C91D15E 5 Bytes  JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtDeleteFile                                                 7C91D23E 5 Bytes  JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtFreeVirtualMemory                                          7C91D38E 5 Bytes  JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtLoadDriver                                                 7C91D46E 5 Bytes  JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtOpenFile                                                   7C91D59E 5 Bytes  JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtProtectVirtualMemory                                       7C91D6EE 5 Bytes  JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtSetInformationProcess                                      7C91DC9E 5 Bytes  JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtUnloadDriver                                               7C91DEBE 5 Bytes  JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!NtWriteVirtualMemory                                         7C91DFAE 5 Bytes  JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!RtlAllocateHeap                                              7C9200C4 5 Bytes  JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrLoadDll                                                   7C9263C3 5 Bytes  JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrUnloadDll                                                 7C92738B 5 Bytes  JMP 10008A60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ntdll.dll!LdrGetProcedureAddress                                       7C927EA8 5 Bytes  JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileA                                               7C801A28 5 Bytes  JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!VirtualProtect                                            7C801AD4 5 Bytes  JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExW                                            7C801AF5 7 Bytes  JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryExA                                            7C801D53 5 Bytes  JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryA                                              7C801D7B 5 Bytes  JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessW                                            7C802336 5 Bytes  JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateProcessA                                            7C80236B 5 Bytes  JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadLibraryW                                              7C80AEEB 5 Bytes  JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetModuleHandleA                                          7C80B741 5 Bytes  JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!GetModuleHandleW                                          7C80E4DD 5 Bytes  JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CreateFileW                                               7C810800 5 Bytes  JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileWithProgressW                                     7C81F72E 5 Bytes  JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileW                                                 7C821261 5 Bytes  JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!OpenFile                                                  7C821982 2 Bytes  JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!OpenFile + 3                                              7C821985 2 Bytes  [7E, 93] {JLE 0xffffffffffffff95}
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CopyFileExW                                               7C827B32 7 Bytes  JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CopyFileA                                                 7C8286EE 5 Bytes  JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CopyFileW                                                 7C82F87B 5 Bytes  JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!DeleteFileA                                               7C831EDD 5 Bytes  JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!DeleteFileW                                               7C831F63 5 Bytes  JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileExW                                               7C83568B 5 Bytes  JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileA                                                 7C835EBF 5 Bytes  JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileWithProgressA                                     7C835EDE 5 Bytes  JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!MoveFileExA                                               7C85E49B 5 Bytes  JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!CopyFileExA                                               7C85F39C 5 Bytes  JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!WinExec                                                   7C86250D 5 Bytes  JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] kernel32.dll!LoadModule                                                7C86261E 5 Bytes  JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!OpenServiceW                                              77DB6FFD 7 Bytes  JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!OpenServiceA                                              77DC4C66 7 Bytes  JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceA                                            77E07211 7 Bytes  JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ADVAPI32.dll!CreateServiceW                                            77E073A9 7 Bytes  JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] USER32.dll!EndTask                                                     7E3AA0A5 5 Bytes  JMP 10008700 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ole32.dll!CoCreateInstanceEx                                           774D0526 5 Bytes  JMP 10008450 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] ole32.dll!CoGetClassObject                                             774E56C5 5 Bytes  JMP 10008590 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetConnectA                                           408CDEAE 5 Bytes  JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] WININET.dll!InternetConnectW                                           408CF862 5 Bytes  JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] SHELL32.dll!ShellExecuteExW                                            7E6B996B 5 Bytes  JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] SHELL32.dll!ShellExecuteEx                                             7E6F0EB5 5 Bytes  JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] SHELL32.dll!ShellExecuteA                                              7E6F11E0 5 Bytes  JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text           C:\WINDOWS\Explorer.EXE[1984] SHELL32.dll!ShellExecuteW                                              7E765D48 5 Bytes  JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
         

Antwort

Themen zu Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt
5 minuten, ablauf, antivir, combofix, computer, dateien, down, escan, fehler, frage, hijack, hijackthis, internet, mcafee, problem, programme, rechner, registry, registry booster, rootkit, security, shutdown, speedupmypc, temp-ordner, treiber, trojaner, virus, virustotal.com, wiederholt, windows, windows xp




Ähnliche Themen: Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt


  1. Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung
    Plagegeister aller Art und deren Bekämpfung - 17.07.2015 (31)
  2. Windows 8.1: GVU-Trojaner mit Systemwiederherstellung beseitigt?
    Log-Analyse und Auswertung - 13.02.2014 (9)
  3. Windows 7 Trojaner - System bereits clean?
    Log-Analyse und Auswertung - 13.12.2013 (11)
  4. Nach GVU Trojaner (bereits entfernt durch euch), möglicherweise noch Rootkit auf meinem Rechner?
    Log-Analyse und Auswertung - 10.01.2013 (11)
  5. Bundepolizei-Trojaner beseitigt(?) -> Windows trotzdem defekt
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (2)
  6. Windows 7 64bit Shutdown Problem
    Plagegeister aller Art und deren Bekämpfung - 22.05.2012 (3)
  7. Sicherheitscenter Inactiv auf Vista nach Rootkit mit Backdoor (schon beseitigt?)
    Log-Analyse und Auswertung - 27.12.2011 (17)
  8. McAfee Startet Nicht, Shutdown nach Start, RootKit?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (11)
  9. Trojan.Dropper gefunden - angebl beseitigt GMER meldet Rootkit
    Plagegeister aller Art und deren Bekämpfung - 10.05.2010 (3)
  10. Laptop immer langsamer, Rootkit gefunden
    Log-Analyse und Auswertung - 08.04.2010 (2)
  11. Win32/Renos.JF entfernt und langsamer Shutdown
    Log-Analyse und Auswertung - 16.07.2009 (1)
  12. Windows shutdown beim booten
    Plagegeister aller Art und deren Bekämpfung - 19.04.2009 (6)
  13. Windows XP und der Shutdown
    Alles rund um Windows - 12.05.2006 (7)
  14. Problem - Windows 98 shutdown
    Alles rund um Windows - 20.08.2005 (3)
  15. Langsamer Shutdown!
    Plagegeister aller Art und deren Bekämpfung - 29.06.2005 (6)
  16. trojaner beseitigt doch jetzt fehlermeldundg beim starten von windows
    Plagegeister aller Art und deren Bekämpfung - 28.09.2004 (12)
  17. Windows Shutdown probs
    Alles rund um Windows - 15.01.2004 (2)

Zum Thema Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt - Hallo Community, seit ca. 2 Wochen belästigt mich mein Rechner mit extrem langsamen Shutdowns (der Zusammenhang zu Trojanern wird noch deutlich), und zwar sowohl bei der Profilabmeldung als auch beim - Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt...
Archiv
Du betrachtest: Windows XP: langsamer Shutdown, Rootkit / Trojaner bereits beseitigt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.