| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hilfe bei Trojaner Trojan.gen.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.03.2012, 15:54
| #1 |
 |  Hilfe bei Trojaner Trojan.gen.2 Hallo zusammen, ich benötige eure Hilfe. Am 15.02. hat der Symantec Antivirus (10.0.0.846) per Auto-Protect den Trojaner Trojan.ADH.2 gefunden. Am 27.02. und auch gestern jeweils der Trojaner Trojan.Gen.2 - hier auch wieder im Auto-Protect. Alle wurden immer in die Quarantäne verschoben und dann entfernt. Ich mache seit letzter Woche fast jeden Tag vollständige Prüfungen, dabei wurde aber nichts gefunden. Beim Scan mit Eset auch immer alles okay. Wie werde ich den/ die Plagegeister wieder los bzw. was kann ich tun? Ein paar Logs habe ich angehangen (Malwarebytes, Gmer, Eset, DDS ...). Ich habe auch schon im Netz geschaut, aber auch nur die Empfehlungen der Online-Scanner gefunden und jeden Tag gescannt. Da aber gestern wieder zum Fund kam, kann das System nicht sicher sein. Wer kann mir helfen - vielen Dank. zebrakatz |
|
05.03.2012, 16:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hilfe bei Trojaner Trojan.gen.2Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
07.03.2012, 18:14
| #3 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne,
__________________vielen Dank für deine Antwort. Ich habe eben einen Lauf gemacht ... und auch weitere ältere Logs mit in die zip-Datei geladen. Was sind das für Funde? Vielen Dank Liebe Grüße zebrakatz |
|
07.03.2012, 22:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2012, 18:27
| #5 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, hier das OTL-Log via zip ... Danke zebrakatz |
|
08.03.2012, 19:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 16:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.01 22:31:24 | 000,363,750 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 19:50:00 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
[2012.02.15 08:27:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Hilfe bei Trojaner Trojan.gen.2 |
|
09.03.2012, 22:15
| #7 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, ich habe es mehrfach versucht. Leider bricht der OTL-Fix immer wieder ab - soll heissen der Rechner hängt sich auf und ich muss den Rechner hart neustarten. Zum Glück funktioniert das Hochfahren dann aber gut. Ich habe dein Script wie beschrieben eingefügt, auch ohne irgendwelche Progs, V-Scanner oder Netz. Kann ich irgendwie das Fix noch laufen lassen? Vielen Dank. zebrakatz |
|
10.03.2012, 16:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Mach den Fix im abgsicherten Modus mal
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2012, 22:12
| #9 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, Du hattest Recht, im abgesicherten Modus (als Administrator) funktionierte das natürlich einwandfrei - vielen Dank für den Tipp. Hier nun den Code: HTML-Code: All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File E:\AutoRun.exe not found.
File E:\autorun.ico not found.
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: leno
->Temp folder emptied: 262526932 bytes
->Temporary Internet Files folder emptied: 977120 bytes
->Java cache emptied: 58518 bytes
->FireFox cache emptied: 48982669 bytes
->Flash cache emptied: 487 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24996 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25186496 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 322,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.35.1 log created on 03102012_214845
Files\Folders moved on Reboot...
Registry entries deleted on Reboot... |
|
12.03.2012, 14:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2012, 21:24
| #11 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, hier das Log vom TDSS-Killer. Entfernt habe ich wie Du geschrieben hast erstmal nichts (über Skip weiter): HTML-Code: 21:05:39.0843 0688 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 21:05:39.0875 0688 ============================================================ 21:05:39.0875 0688 Current date / time: 2012/03/13 21:05:39.0875 21:05:39.0875 0688 SystemInfo: 21:05:39.0875 0688 21:05:39.0875 0688 OS Version: 5.1.2600 ServicePack: 3.0 21:05:39.0875 0688 Product type: Workstation 21:05:39.0875 0688 ComputerName: LENOVO-C395390B 21:05:39.0875 0688 UserName: leno 21:05:39.0875 0688 Windows directory: C:\WINDOWS 21:05:39.0875 0688 System windows directory: C:\WINDOWS 21:05:39.0875 0688 Processor architecture: Intel x86 21:05:39.0875 0688 Number of processors: 2 21:05:39.0875 0688 Page size: 0x1000 21:05:39.0875 0688 Boot type: Normal boot 21:05:39.0875 0688 ============================================================ 21:05:42.0062 0688 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 21:05:42.0062 0688 \Device\Harddisk0\DR0: 21:05:42.0062 0688 MBR used 21:05:42.0062 0688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8CC37E1 21:05:42.0078 0688 Initialize success 21:05:42.0078 0688 ============================================================ 21:05:50.0671 4052 ============================================================ 21:05:50.0671 4052 Scan started 21:05:50.0671 4052 Mode: Manual; SigCheck; TDLFS; 21:05:50.0671 4052 ============================================================ 21:05:51.0218 4052 Abiosdsk - ok 21:05:51.0281 4052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:05:52.0859 4052 abp480n5 - ok 21:05:53.0093 4052 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 21:05:53.0328 4052 ac97intc - ok 21:05:53.0390 4052 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:05:53.0593 4052 ACPI - ok 21:05:53.0609 4052 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:05:53.0812 4052 ACPIEC - ok 21:05:54.0015 4052 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys 21:05:54.0078 4052 ADIHdAudAddService - ok 21:05:54.0125 4052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:05:54.0328 4052 adpu160m - ok 21:05:54.0343 4052 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 21:05:54.0390 4052 AEAudioService - ok 21:05:54.0593 4052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:05:54.0765 4052 aec - ok 21:05:54.0859 4052 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:05:54.0890 4052 AegisP ( UnsignedFile.Multi.Generic ) - warning 21:05:54.0890 4052 AegisP - detected UnsignedFile.Multi.Generic (1) 21:05:54.0937 4052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:05:55.0000 4052 AFD - ok 21:05:55.0187 4052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:05:55.0390 4052 agp440 - ok 21:05:55.0406 4052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:05:55.0593 4052 agpCPQ - ok 21:05:55.0609 4052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:05:55.0703 4052 Aha154x - ok 21:05:55.0718 4052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:05:55.0921 4052 aic78u2 - ok 21:05:55.0937 4052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:05:56.0109 4052 aic78xx - ok 21:05:56.0140 4052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:05:56.0328 4052 AliIde - ok 21:05:56.0546 4052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:05:56.0734 4052 alim1541 - ok 21:05:56.0750 4052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:05:56.0937 4052 amdagp - ok 21:05:57.0031 4052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:05:57.0140 4052 amsint - ok 21:05:57.0187 4052 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS 21:05:57.0203 4052 ANC ( UnsignedFile.Multi.Generic ) - warning 21:05:57.0203 4052 ANC - detected UnsignedFile.Multi.Generic (1) 21:05:57.0406 4052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:05:57.0593 4052 Arp1394 - ok 21:05:57.0640 4052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:05:57.0843 4052 asc - ok 21:05:57.0843 4052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:05:57.0937 4052 asc3350p - ok 21:05:57.0953 4052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:05:58.0156 4052 asc3550 - ok 21:05:58.0328 4052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:05:58.0500 4052 AsyncMac - ok 21:05:58.0531 4052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:05:58.0718 4052 atapi - ok 21:05:58.0875 4052 Atdisk - ok 21:05:58.0953 4052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:05:59.0140 4052 Atmarpc - ok 21:05:59.0250 4052 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 21:05:59.0312 4052 atmeltpm - ok 21:05:59.0468 4052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:05:59.0656 4052 audstub - ok 21:05:59.0718 4052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:05:59.0906 4052 Beep - ok 21:06:00.0000 4052 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 21:06:00.0062 4052 BTKRNL ( UnsignedFile.Multi.Generic ) - warning 21:06:00.0062 4052 BTKRNL - detected UnsignedFile.Multi.Generic (1) 21:06:00.0234 4052 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys 21:06:00.0250 4052 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 21:06:00.0250 4052 BTWUSB - detected UnsignedFile.Multi.Generic (1) 21:06:00.0281 4052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:06:00.0484 4052 cbidf - ok 21:06:00.0484 4052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:06:00.0671 4052 cbidf2k - ok 21:06:00.0734 4052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:06:00.0828 4052 cd20xrnt - ok 21:06:00.0859 4052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:06:01.0031 4052 Cdaudio - ok 21:06:01.0296 4052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:06:01.0484 4052 Cdfs - ok 21:06:01.0546 4052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:06:01.0734 4052 Cdrom - ok 21:06:01.0750 4052 Changer - ok 21:06:01.0812 4052 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:06:02.0000 4052 CmBatt - ok 21:06:02.0031 4052 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:06:02.0218 4052 CmdIde - ok 21:06:02.0406 4052 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:06:02.0593 4052 Compbatt - ok 21:06:02.0625 4052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:06:02.0812 4052 Cpqarray - ok 21:06:02.0859 4052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:06:03.0062 4052 dac2w2k - ok 21:06:03.0125 4052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:06:03.0328 4052 dac960nt - ok 21:06:03.0421 4052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:06:03.0609 4052 Disk - ok 21:06:03.0656 4052 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 21:06:03.0687 4052 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0687 4052 DLABOIOM - detected UnsignedFile.Multi.Generic (1) 21:06:03.0703 4052 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 21:06:03.0703 4052 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0703 4052 DLACDBHM - detected UnsignedFile.Multi.Generic (1) 21:06:03.0734 4052 DLADResN (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS 21:06:03.0750 4052 DLADResN ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0750 4052 DLADResN - detected UnsignedFile.Multi.Generic (1) 21:06:03.0906 4052 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 21:06:03.0937 4052 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0937 4052 DLAIFS_M - detected UnsignedFile.Multi.Generic (1) 21:06:04.0078 4052 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 21:06:04.0093 4052 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0093 4052 DLAOPIOM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0125 4052 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 21:06:04.0140 4052 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0140 4052 DLAPoolM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0203 4052 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 21:06:04.0218 4052 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0218 4052 DLARTL_N - detected UnsignedFile.Multi.Generic (1) 21:06:04.0250 4052 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 21:06:04.0281 4052 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0281 4052 DLAUDFAM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0406 4052 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 21:06:04.0421 4052 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0421 4052 DLAUDF_M - detected UnsignedFile.Multi.Generic (1) 21:06:04.0546 4052 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 21:06:04.0781 4052 dmboot - ok 21:06:04.0984 4052 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 21:06:05.0171 4052 dmio - ok 21:06:05.0203 4052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:06:05.0406 4052 dmload - ok 21:06:05.0437 4052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:06:05.0640 4052 DMusic - ok 21:06:05.0703 4052 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys 21:06:05.0734 4052 DozeHDD - ok 21:06:05.0906 4052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:06:06.0109 4052 dpti2o - ok 21:06:06.0171 4052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:06:06.0359 4052 drmkaud - ok 21:06:06.0437 4052 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 21:06:06.0468 4052 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning 21:06:06.0468 4052 DRVMCDB - detected UnsignedFile.Multi.Generic (1) 21:06:06.0625 4052 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 21:06:06.0640 4052 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning 21:06:06.0640 4052 DRVNDDM - detected UnsignedFile.Multi.Generic (1) 21:06:06.0703 4052 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:06:06.0906 4052 E100B - ok 21:06:06.0953 4052 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 21:06:07.0015 4052 e1express - ok 21:06:07.0125 4052 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 21:06:07.0156 4052 eeCtrl - ok 21:06:07.0296 4052 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 21:06:07.0343 4052 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning 21:06:07.0343 4052 EGATHDRV - detected UnsignedFile.Multi.Generic (1) 21:06:07.0562 4052 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys 21:06:07.0578 4052 EraserUtilDrv11122 - ok 21:06:07.0687 4052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:06:07.0875 4052 Fastfat - ok 21:06:07.0906 4052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:06:08.0125 4052 Fdc - ok 21:06:08.0281 4052 filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys 21:06:08.0296 4052 filtertdidriver ( UnsignedFile.Multi.Generic ) - warning 21:06:08.0296 4052 filtertdidriver - detected UnsignedFile.Multi.Generic (1) 21:06:08.0359 4052 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 21:06:08.0546 4052 Fips - ok 21:06:08.0765 4052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:06:08.0953 4052 Flpydisk - ok 21:06:09.0031 4052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:06:09.0234 4052 FltMgr - ok 21:06:09.0296 4052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:06:09.0484 4052 Fs_Rec - ok 21:06:09.0687 4052 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:06:09.0875 4052 Ftdisk - ok 21:06:09.0906 4052 G400 (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys 21:06:10.0125 4052 G400 - ok 21:06:10.0343 4052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:06:10.0515 4052 Gpc - ok 21:06:10.0656 4052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:06:10.0843 4052 HDAudBus - ok 21:06:10.0921 4052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 21:06:11.0093 4052 hpn - ok 21:06:11.0156 4052 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 21:06:11.0187 4052 HSFHWAZL - ok 21:06:11.0343 4052 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 21:06:11.0406 4052 HSF_DPV - ok 21:06:11.0468 4052 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys 21:06:11.0546 4052 HSXHWAZL - ok 21:06:11.0718 4052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:06:11.0781 4052 HTTP - ok 21:06:11.0875 4052 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 21:06:11.0953 4052 hwdatacard - ok 21:06:12.0109 4052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:06:12.0296 4052 i2omgmt - ok 21:06:12.0343 4052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 21:06:12.0515 4052 i2omp - ok 21:06:12.0718 4052 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:06:12.0906 4052 i8042prt - ok 21:06:13.0218 4052 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:06:13.0875 4052 ialm - ok 21:06:14.0078 4052 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 21:06:14.0140 4052 iaStor ( UnsignedFile.Multi.Generic ) - warning 21:06:14.0140 4052 iaStor - detected UnsignedFile.Multi.Generic (1) 21:06:14.0328 4052 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 21:06:14.0343 4052 IBMPMDRV - ok 21:06:14.0421 4052 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys 21:06:14.0437 4052 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning 21:06:14.0437 4052 IBMTPCHK - detected UnsignedFile.Multi.Generic (1) 21:06:14.0484 4052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:06:14.0656 4052 Imapi - ok 21:06:14.0718 4052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 21:06:14.0906 4052 ini910u - ok 21:06:15.0078 4052 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:06:15.0265 4052 IntelIde - ok 21:06:15.0328 4052 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:06:15.0515 4052 intelppm - ok 21:06:16.0437 4052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:06:16.0687 4052 Ip6Fw - ok 21:06:16.0734 4052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:06:16.0921 4052 IpFilterDriver - ok 21:06:16.0953 4052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:06:17.0125 4052 IpInIp - ok 21:06:17.0203 4052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:06:17.0390 4052 IpNat - ok 21:06:17.0578 4052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:06:17.0750 4052 IPSec - ok 21:06:17.0812 4052 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 21:06:18.0000 4052 irda - ok 21:06:18.0015 4052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:06:18.0203 4052 IRENUM - ok 21:06:18.0281 4052 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:06:18.0468 4052 isapnp - ok 21:06:18.0656 4052 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 21:06:18.0656 4052 Iviaspi ( UnsignedFile.Multi.Generic ) - warning 21:06:18.0656 4052 Iviaspi - detected UnsignedFile.Multi.Generic (1) 21:06:18.0734 4052 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:06:18.0906 4052 Kbdclass - ok 21:06:19.0000 4052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:06:19.0187 4052 kmixer - ok 21:06:19.0234 4052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:06:19.0296 4052 KSecDD - ok 21:06:19.0437 4052 lbrtfdc - ok 21:06:19.0515 4052 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys 21:06:19.0531 4052 lenovo.smi - ok 21:06:19.0593 4052 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 21:06:19.0625 4052 MBAMProtector - ok 21:06:19.0671 4052 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 21:06:19.0687 4052 mdmxsdk - ok 21:06:19.0734 4052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:06:19.0921 4052 mnmdd - ok 21:06:20.0109 4052 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 21:06:20.0296 4052 Modem - ok 21:06:20.0343 4052 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:06:20.0531 4052 Mouclass - ok 21:06:20.0593 4052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:06:20.0781 4052 MountMgr - ok 21:06:20.0812 4052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 21:06:20.0984 4052 mraid35x - ok 21:06:21.0187 4052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:06:21.0375 4052 MRxDAV - ok 21:06:21.0468 4052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:06:21.0546 4052 MRxSmb - ok 21:06:21.0671 4052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:06:21.0875 4052 Msfs - ok 21:06:21.0921 4052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:06:22.0093 4052 MSKSSRV - ok 21:06:22.0140 4052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:06:22.0312 4052 MSPCLOCK - ok 21:06:22.0390 4052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:06:22.0593 4052 MSPQM - ok 21:06:22.0843 4052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:06:23.0015 4052 mssmbios - ok 21:06:23.0109 4052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:06:23.0171 4052 Mup - ok 21:06:23.0296 4052 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\naveng.sys 21:06:23.0328 4052 NAVENG - ok 21:06:23.0406 4052 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\navex15.sys 21:06:23.0500 4052 NAVEX15 - ok 21:06:23.0687 4052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:06:23.0890 4052 NDIS - ok 21:06:23.0937 4052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:06:24.0000 4052 NdisTapi - ok 21:06:24.0031 4052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:06:24.0203 4052 Ndisuio - ok 21:06:24.0218 4052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:06:24.0437 4052 NdisWan - ok 21:06:24.0625 4052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:06:24.0687 4052 NDProxy - ok 21:06:24.0765 4052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:06:24.0953 4052 NetBIOS - ok 21:06:24.0984 4052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:06:25.0734 4052 NetBT - ok 21:06:26.0000 4052 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 21:06:26.0171 4052 NETw3x32 - ok 21:06:26.0359 4052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:06:26.0546 4052 NIC1394 - ok 21:06:26.0609 4052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:06:26.0796 4052 Npfs - ok 21:06:26.0875 4052 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys 21:06:27.0062 4052 NSCIRDA - ok 21:06:27.0109 4052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:06:27.0312 4052 Ntfs - ok 21:06:27.0578 4052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:06:27.0781 4052 Null - ok 21:06:27.0875 4052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:06:28.0140 4052 nv - ok 21:06:28.0343 4052 NWADI (d4e1d20883977be696c07bbb57230be2) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 21:06:28.0406 4052 NWADI - ok 21:06:28.0437 4052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:06:28.0640 4052 NwlnkFlt - ok 21:06:28.0656 4052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:06:28.0828 4052 NwlnkFwd - ok 21:06:28.0890 4052 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 21:06:28.0953 4052 odysseyIM4 - ok 21:06:29.0140 4052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:06:29.0328 4052 ohci1394 - ok 21:06:29.0390 4052 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 21:06:29.0593 4052 Parport - ok 21:06:29.0593 4052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:06:29.0765 4052 PartMgr - ok 21:06:29.0796 4052 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 21:06:30.0000 4052 ParVdm - ok 21:06:30.0187 4052 PCASp50 - ok 21:06:30.0265 4052 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 21:06:30.0453 4052 PCI - ok 21:06:30.0468 4052 PCIDump - ok 21:06:30.0484 4052 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:06:30.0671 4052 PCIIde - ok 21:06:30.0687 4052 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 21:06:30.0859 4052 Pcmcia - ok 21:06:30.0875 4052 PDCOMP - ok 21:06:30.0890 4052 PDFRAME - ok 21:06:30.0906 4052 PDRELI - ok 21:06:30.0906 4052 PDRFRAME - ok 21:06:30.0937 4052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 21:06:31.0140 4052 perc2 - ok 21:06:31.0312 4052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 21:06:31.0515 4052 perc2hib - ok 21:06:31.0593 4052 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 21:06:31.0609 4052 pmem ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0609 4052 pmem - detected UnsignedFile.Multi.Generic (1) 21:06:31.0671 4052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:06:31.0859 4052 PptpMiniport - ok 21:06:31.0937 4052 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys 21:06:31.0968 4052 PrivateDisk ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0968 4052 PrivateDisk - detected UnsignedFile.Multi.Generic (1) 21:06:32.0140 4052 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 21:06:32.0156 4052 PROCDD - ok 21:06:32.0203 4052 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 21:06:32.0375 4052 Processor - ok 21:06:32.0421 4052 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys 21:06:32.0468 4052 psadd - ok 21:06:32.0500 4052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:06:32.0687 4052 PSched - ok 21:06:32.0921 4052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:06:33.0109 4052 Ptilink - ok 21:06:33.0203 4052 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:06:33.0218 4052 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 21:06:33.0218 4052 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 21:06:33.0250 4052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 21:06:33.0437 4052 ql1080 - ok 21:06:33.0437 4052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 21:06:33.0625 4052 Ql10wnt - ok 21:06:33.0640 4052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 21:06:33.0843 4052 ql12160 - ok 21:06:34.0031 4052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 21:06:34.0234 4052 ql1240 - ok 21:06:34.0265 4052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 21:06:34.0453 4052 ql1280 - ok 21:06:34.0484 4052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:06:34.0671 4052 RasAcd - ok 21:06:34.0781 4052 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 21:06:34.0875 4052 Rasirda - ok 21:06:35.0046 4052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:06:35.0234 4052 Rasl2tp - ok 21:06:35.0265 4052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:06:35.0437 4052 RasPppoe - ok 21:06:35.0484 4052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:06:35.0671 4052 Raspti - ok 21:06:35.0843 4052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:06:36.0015 4052 Rdbss - ok 21:06:36.0062 4052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:06:36.0234 4052 RDPCDD - ok 21:06:36.0281 4052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:06:36.0468 4052 rdpdr - ok 21:06:36.0656 4052 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 21:06:36.0718 4052 RDPWD - ok 21:06:36.0843 4052 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:06:37.0031 4052 redbook - ok 21:06:37.0156 4052 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys 21:06:37.0171 4052 s24trans ( UnsignedFile.Multi.Generic ) - warning 21:06:37.0171 4052 s24trans - detected UnsignedFile.Multi.Generic (1) 21:06:37.0281 4052 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Programme\Symantec Client Security\Symantec AntiVirus\savrt.sys 21:06:37.0312 4052 SAVRT - ok 21:06:37.0312 4052 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Programme\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys 21:06:37.0328 4052 SAVRTPEL - ok 21:06:37.0484 4052 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:06:37.0671 4052 sdbus - ok 21:06:37.0781 4052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:06:37.0968 4052 Secdrv - ok 21:06:38.0046 4052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:06:38.0234 4052 serenum - ok 21:06:38.0375 4052 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 21:06:38.0562 4052 Serial - ok 21:06:38.0656 4052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:06:38.0843 4052 Sfloppy - ok 21:06:38.0906 4052 Shockprf (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys 21:06:38.0937 4052 Shockprf - ok 21:06:39.0000 4052 Simbad - ok 21:06:39.0109 4052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 21:06:39.0281 4052 sisagp - ok 21:06:39.0390 4052 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys 21:06:39.0406 4052 Smapint ( UnsignedFile.Multi.Generic ) - warning 21:06:39.0406 4052 Smapint - detected UnsignedFile.Multi.Generic (1) 21:06:39.0484 4052 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys 21:06:39.0500 4052 smi2 ( UnsignedFile.Multi.Generic ) - warning 21:06:39.0500 4052 smi2 - detected UnsignedFile.Multi.Generic (1) 21:06:39.0546 4052 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys 21:06:39.0562 4052 smihlp2 - ok 21:06:39.0703 4052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 21:06:39.0796 4052 Sparrow - ok 21:06:39.0921 4052 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys 21:06:39.0953 4052 SPBBCDrv - ok 21:06:40.0125 4052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:06:40.0296 4052 splitter - ok 21:06:40.0359 4052 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 21:06:40.0531 4052 sr - ok 21:06:40.0578 4052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:06:40.0640 4052 Srv - ok 21:06:40.0703 4052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:06:40.0890 4052 swenum - ok 21:06:41.0093 4052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:06:41.0265 4052 swmidi - ok 21:06:41.0375 4052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 21:06:41.0546 4052 symc810 - ok 21:06:41.0593 4052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 21:06:41.0796 4052 symc8xx - ok 21:06:41.0921 4052 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 21:06:41.0937 4052 SYMDNS - ok 21:06:42.0031 4052 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Programme\Symantec\SYMEVENT.SYS 21:06:42.0046 4052 SymEvent - ok 21:06:42.0109 4052 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS 21:06:42.0140 4052 SYMFW - ok 21:06:42.0140 4052 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 21:06:42.0156 4052 SYMIDS - ok 21:06:42.0250 4052 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20120308.001\symidsco.sys 21:06:42.0265 4052 SYMIDSCO - ok 21:06:42.0406 4052 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 21:06:42.0421 4052 SYMNDIS - ok 21:06:42.0515 4052 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 21:06:42.0531 4052 SYMREDRV - ok 21:06:42.0578 4052 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 21:06:42.0593 4052 SYMTDI - ok 21:06:42.0640 4052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 21:06:42.0828 4052 sym_hi - ok 21:06:42.0859 4052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 21:06:43.0031 4052 sym_u3 - ok 21:06:43.0093 4052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:06:43.0265 4052 sysaudio - ok 21:06:43.0437 4052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:06:43.0546 4052 Tcpip - ok 21:06:43.0640 4052 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys 21:06:43.0656 4052 TcUsb - ok 21:06:43.0703 4052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:06:43.0890 4052 TDPIPE - ok 21:06:44.0062 4052 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS 21:06:44.0093 4052 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning 21:06:44.0093 4052 TDSMAPI - detected UnsignedFile.Multi.Generic (1) 21:06:44.0171 4052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:06:44.0359 4052 TDTCP - ok 21:06:44.0390 4052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:06:44.0578 4052 TermDD - ok 21:06:44.0656 4052 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys 21:06:44.0828 4052 TosIde - ok 21:06:44.0953 4052 Tp4Track (5c7396b8f083dc4637c584deccd50504) C:\WINDOWS\system32\DRIVERS\tp4track.sys 21:06:44.0968 4052 Tp4Track - ok 21:06:45.0078 4052 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys 21:06:45.0093 4052 TPDIGIMN - ok 21:06:45.0171 4052 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 21:06:45.0234 4052 TPHKDRV - ok 21:06:45.0281 4052 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys 21:06:45.0296 4052 TPPWRIF - ok 21:06:45.0359 4052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:06:45.0546 4052 Udfs - ok 21:06:45.0703 4052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 21:06:45.0812 4052 ultra - ok 21:06:45.0890 4052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:06:46.0078 4052 Update - ok 21:06:46.0296 4052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:06:46.0484 4052 usbccgp - ok 21:06:46.0593 4052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:06:46.0781 4052 usbehci - ok 21:06:46.0875 4052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:06:47.0046 4052 usbhub - ok 21:06:47.0234 4052 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 21:06:47.0421 4052 usbohci - ok 21:06:47.0468 4052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:06:47.0656 4052 usbprint - ok 21:06:47.0734 4052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:06:47.0906 4052 USBSTOR - ok 21:06:48.0046 4052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:06:48.0234 4052 usbuhci - ok 21:06:48.0296 4052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:06:48.0468 4052 VgaSave - ok 21:06:48.0562 4052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 21:06:48.0734 4052 viaagp - ok 21:06:48.0765 4052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:06:48.0953 4052 ViaIde - ok 21:06:49.0078 4052 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 21:06:49.0265 4052 VolSnap - ok 21:06:49.0375 4052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:06:49.0546 4052 Wanarp - ok 21:06:49.0625 4052 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:06:49.0656 4052 Wdf01000 - ok 21:06:49.0765 4052 WDICA - ok 21:06:49.0828 4052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:06:50.0015 4052 wdmaud - ok 21:06:50.0109 4052 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 21:06:50.0156 4052 winachsf - ok 21:06:50.0359 4052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:06:50.0546 4052 WS2IFSL - ok 21:06:50.0656 4052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:06:50.0718 4052 WudfPf - ok 21:06:50.0750 4052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:06:50.0796 4052 WudfRd - ok 21:06:50.0828 4052 MBR (0x1B8) (92d29754b68d05ee70cc87aababd4248) \Device\Harddisk0\DR0 21:06:50.0953 4052 \Device\Harddisk0\DR0 - ok 21:06:50.0953 4052 Boot (0x1200) (c447e1c7bc354db11275d563ad66d2a6) \Device\Harddisk0\DR0\Partition0 21:06:50.0953 4052 \Device\Harddisk0\DR0\Partition0 - ok 21:06:50.0953 4052 ============================================================ 21:06:50.0953 4052 Scan finished 21:06:50.0953 4052 ============================================================ 21:06:51.0062 5736 Detected object count: 27 21:06:51.0062 5736 Actual detected object count: 27 21:10:27.0390 5736 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 ANC ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 filtertdidriver ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 filtertdidriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 pmem ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
14.03.2012, 15:02
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 21:07
| #13 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, nach einigen Schwierigkeiten beim Lauf von Combo-Fix, habe ich es nun geschafft (Log wurde meist nicht erzeugt bzw. ist). Vielen Dank weiterhin für deine Hilfe Hier nun das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-14.01 - leno 17.03.2012 19:59:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3062.2103 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\leno\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-17 bis 2012-03-17 ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:42 . 2012-03-16 20:42 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\Avaya
2012-03-09 20:07 . 2012-03-09 20:07 -------- d-----w- C:\_OTL
2012-03-04 14:40 . 2012-03-04 14:40 -------- d-----w- c:\programme\7-Zip
2012-03-03 21:02 . 2012-03-03 21:10 -------- d-----w- c:\dokumente und einstellungen\leno\Lokale Einstellungen\Anwendungsdaten\NPE
2012-03-03 21:02 . 2012-03-03 21:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2012-03-03 19:44 . 2012-03-03 19:44 388096 ----a-r- c:\dokumente und einstellungen\leno\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-03 19:44 . 2012-03-03 19:44 -------- d-----w- c:\programme\TrendMicro
2012-03-03 17:23 . 2012-03-03 17:23 -------- d-----w- c:\programme\CCleaner
2012-03-03 17:14 . 2012-03-03 17:21 -------- d-----w- C:\bases
2012-03-03 16:30 . 2012-03-03 16:35 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\HPAppData
2012-03-03 16:30 . 2012-03-03 16:31 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-02-28 16:56 . 2004-10-22 01:16 180224 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-02-28 16:56 . 2004-10-22 01:17 274432 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-02-28 16:56 . 2004-10-22 01:17 69715 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-02-28 16:56 . 2004-10-22 01:16 5632 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-02-28 16:56 . 2004-10-22 01:18 749568 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-02-28 16:55 . 2012-02-28 16:55 192644 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-02-28 16:55 . 2012-02-28 16:55 323716 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-02-27 19:27 . 2012-02-27 19:27 -------- d-----w- c:\programme\ESET
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-02-27 19:09 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:03 . 2012-02-28 07:35 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-27 07:43 . 2012-02-27 17:02 -------- d-----w- c:\programme\Gemeinsame Dateien\Spigot
2012-02-27 07:42 . 2010-01-15 17:30 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2012-02-27 07:42 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-02-27 07:42 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-02-27 07:42 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-02-27 07:42 . 2012-02-27 07:52 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\FreeFLVConverter
2012-02-27 07:42 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-02-27 07:42 . 2009-06-19 17:51 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-02-27 07:42 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-02-26 21:09 . 2012-03-04 12:57 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\HPAppData
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 20:10 . 2011-12-21 06:23 228216 ----a-w- c:\windows\OptionPCCardInstaller_tmccUninstall.exe
2012-02-13 20:09 . 2011-12-21 06:22 75742 ----a-w- c:\windows\Novatel_V20051InstallerUninstall.exe
2012-02-13 20:08 . 2011-12-21 06:21 68261 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 65973 ----a-w- c:\windows\sem_GCXXUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 89716 ----a-w- c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 90499 ----a-w- c:\windows\OptionPCCardInstallerUninstall.exe
2012-02-03 09:57 . 2006-01-27 01:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 20:59 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-01-27 01:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-22 06:42 . 2011-12-22 06:42 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-22 06:42 . 2011-12-21 20:08 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-22 06:42 . 2011-12-21 20:08 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-21 21:02 . 2011-12-21 21:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-01-27 01:01 672768 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-01-27 01:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2006-01-27 01:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2006-01-27 01:01 371200 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\programme\Lenovo\TrackPoint\tp4serv.exe" [2011-11-01 95264]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-10-04 818240]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2011-10-04 208896]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-07-12 48752]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-30 86112]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2011-08-17 99688]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2011-12-21 249856]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\programme\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 12:41 100104 ----a-w- c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WTGU.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WTGU.lnk
backup=c:\windows\pss\WTGU.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51 202024 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 ----a-w- c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [14.01.2012 21:09 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.03.2011 19:12 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.12.2011 12:41 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [14.01.2012 21:09 292200]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.02.2012 20:09 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [14.01.2012 21:09 69632]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [14.01.2012 21:09 175168]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [12.12.2011 12:41 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [12.12.2011 12:41 142696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [12.03.2012 19:58 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.02.2012 20:09 20464]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [09.12.2011 00:41 24872]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [12.12.2011 12:41 101736]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [21.12.2011 20:26 7552]
S3 SavRoam;SAVRoam;c:\programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [30.08.2005 14:40 128608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-03-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-08 00:39]
.
2011-12-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2011-12-08 16:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
uInternet Settings,ProxyServer = proxy.intersoft-ag.de:3128
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\leno\Anwendungsdaten\Mozilla\Firefox\Profiles\52vhakko.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PC-Doctor for Windows - c:\programme\PCDR5\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-17 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe??????????????rogramme\Huawei Modems\DataCardMonitor.exe???????????)=?rogramme\Huawei Modems\?red\?????????+=?rogramme\Huawei Modems\DataCardMonitor.exe?R5???C?\? ?=? ?=?EMP=c:\dokume~1\leno\LOKALE~1\Temp?TMP=C
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1080)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-03-17 20:08:58
ComboFix-quarantined-files.txt 2012-03-17 19:08
.
Vor Suchlauf: 16 Verzeichnis(se), 45.301.776.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 45.288.345.600 Bytes frei
.
- - End Of File - - 10E167E4BED1F1BC203CF49951C85A2E
|
|
19.03.2012, 15:42
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2012, 20:56
| #15 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, der PC ist schon eine Weile privat, aber war früher Büro. Durch die letzte Rücksetzung hatte ich wieder den Schutz drauf (vorisnstalliert; ist aber nun abgelaufen, daher nicht mehr auf der Platte). Norton Internet Security 2012 ist jetzt aktiv. |
|
| Themen zu Hilfe bei Trojaner Trojan.gen.2 |
| antivirus, benötige, empfehlungen, entfern, eset, gefunde, gestern, gmer, hallo zusammen, hilfe bei trojaner, malwarebytes, nicht sicher, nichts, plagegeister, quarantäne, scan, symantec, system, troja, trojan.adh.2, trojan.gen.2, trojaner, verschoben, vollständige, woche, zusammen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
