| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Hilfe bei Trojaner Trojan.gen.2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
04.03.2012, 15:54
| #1 |
 |  Hilfe bei Trojaner Trojan.gen.2 Hallo zusammen, ich benötige eure Hilfe. Am 15.02. hat der Symantec Antivirus (10.0.0.846) per Auto-Protect den Trojaner Trojan.ADH.2 gefunden. Am 27.02. und auch gestern jeweils der Trojaner Trojan.Gen.2 - hier auch wieder im Auto-Protect. Alle wurden immer in die Quarantäne verschoben und dann entfernt. Ich mache seit letzter Woche fast jeden Tag vollständige Prüfungen, dabei wurde aber nichts gefunden. Beim Scan mit Eset auch immer alles okay. Wie werde ich den/ die Plagegeister wieder los bzw. was kann ich tun? Ein paar Logs habe ich angehangen (Malwarebytes, Gmer, Eset, DDS ...). Ich habe auch schon im Netz geschaut, aber auch nur die Empfehlungen der Online-Scanner gefunden und jeden Tag gescannt. Da aber gestern wieder zum Fund kam, kann das System nicht sicher sein. Wer kann mir helfen - vielen Dank. zebrakatz |
|
05.03.2012, 16:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Hilfe bei Trojaner Trojan.gen.2Zitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
07.03.2012, 18:14
| #3 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne,
__________________vielen Dank für deine Antwort. Ich habe eben einen Lauf gemacht ... und auch weitere ältere Logs mit in die zip-Datei geladen. Was sind das für Funde? Vielen Dank Liebe Grüße zebrakatz |
|
07.03.2012, 22:33
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.03.2012, 18:27
| #5 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, hier das OTL-Log via zip ... Danke zebrakatz |
|
08.03.2012, 19:54
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 16:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.01 22:31:24 | 000,363,750 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 19:50:00 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
[2012.02.15 08:27:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Hilfe bei Trojaner Trojan.gen.2 |
|
09.03.2012, 22:15
| #7 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, ich habe es mehrfach versucht. Leider bricht der OTL-Fix immer wieder ab - soll heissen der Rechner hängt sich auf und ich muss den Rechner hart neustarten. Zum Glück funktioniert das Hochfahren dann aber gut. Ich habe dein Script wie beschrieben eingefügt, auch ohne irgendwelche Progs, V-Scanner oder Netz. Kann ich irgendwie das Fix noch laufen lassen? Vielen Dank. zebrakatz |
|
10.03.2012, 16:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Mach den Fix im abgsicherten Modus mal
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2012, 22:12
| #9 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, Du hattest Recht, im abgesicherten Modus (als Administrator) funktionierte das natürlich einwandfrei - vielen Dank für den Tipp. Hier nun den Code: HTML-Code: All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File E:\AutoRun.exe not found.
File E:\autorun.ico not found.
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9 moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: leno
->Temp folder emptied: 262526932 bytes
->Temporary Internet Files folder emptied: 977120 bytes
->Java cache emptied: 58518 bytes
->FireFox cache emptied: 48982669 bytes
->Flash cache emptied: 487 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24996 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25186496 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 322,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.35.1 log created on 03102012_214845
Files\Folders moved on Reboot...
Registry entries deleted on Reboot... |
|
12.03.2012, 14:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2012, 21:24
| #11 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, hier das Log vom TDSS-Killer. Entfernt habe ich wie Du geschrieben hast erstmal nichts (über Skip weiter): HTML-Code: 21:05:39.0843 0688 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43 21:05:39.0875 0688 ============================================================ 21:05:39.0875 0688 Current date / time: 2012/03/13 21:05:39.0875 21:05:39.0875 0688 SystemInfo: 21:05:39.0875 0688 21:05:39.0875 0688 OS Version: 5.1.2600 ServicePack: 3.0 21:05:39.0875 0688 Product type: Workstation 21:05:39.0875 0688 ComputerName: LENOVO-C395390B 21:05:39.0875 0688 UserName: leno 21:05:39.0875 0688 Windows directory: C:\WINDOWS 21:05:39.0875 0688 System windows directory: C:\WINDOWS 21:05:39.0875 0688 Processor architecture: Intel x86 21:05:39.0875 0688 Number of processors: 2 21:05:39.0875 0688 Page size: 0x1000 21:05:39.0875 0688 Boot type: Normal boot 21:05:39.0875 0688 ============================================================ 21:05:42.0062 0688 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 21:05:42.0062 0688 \Device\Harddisk0\DR0: 21:05:42.0062 0688 MBR used 21:05:42.0062 0688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8CC37E1 21:05:42.0078 0688 Initialize success 21:05:42.0078 0688 ============================================================ 21:05:50.0671 4052 ============================================================ 21:05:50.0671 4052 Scan started 21:05:50.0671 4052 Mode: Manual; SigCheck; TDLFS; 21:05:50.0671 4052 ============================================================ 21:05:51.0218 4052 Abiosdsk - ok 21:05:51.0281 4052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 21:05:52.0859 4052 abp480n5 - ok 21:05:53.0093 4052 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys 21:05:53.0328 4052 ac97intc - ok 21:05:53.0390 4052 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:05:53.0593 4052 ACPI - ok 21:05:53.0609 4052 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 21:05:53.0812 4052 ACPIEC - ok 21:05:54.0015 4052 ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys 21:05:54.0078 4052 ADIHdAudAddService - ok 21:05:54.0125 4052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 21:05:54.0328 4052 adpu160m - ok 21:05:54.0343 4052 AEAudioService (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 21:05:54.0390 4052 AEAudioService - ok 21:05:54.0593 4052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 21:05:54.0765 4052 aec - ok 21:05:54.0859 4052 AegisP (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys 21:05:54.0890 4052 AegisP ( UnsignedFile.Multi.Generic ) - warning 21:05:54.0890 4052 AegisP - detected UnsignedFile.Multi.Generic (1) 21:05:54.0937 4052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:05:55.0000 4052 AFD - ok 21:05:55.0187 4052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 21:05:55.0390 4052 agp440 - ok 21:05:55.0406 4052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 21:05:55.0593 4052 agpCPQ - ok 21:05:55.0609 4052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 21:05:55.0703 4052 Aha154x - ok 21:05:55.0718 4052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 21:05:55.0921 4052 aic78u2 - ok 21:05:55.0937 4052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 21:05:56.0109 4052 aic78xx - ok 21:05:56.0140 4052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 21:05:56.0328 4052 AliIde - ok 21:05:56.0546 4052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 21:05:56.0734 4052 alim1541 - ok 21:05:56.0750 4052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 21:05:56.0937 4052 amdagp - ok 21:05:57.0031 4052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 21:05:57.0140 4052 amsint - ok 21:05:57.0187 4052 ANC (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS 21:05:57.0203 4052 ANC ( UnsignedFile.Multi.Generic ) - warning 21:05:57.0203 4052 ANC - detected UnsignedFile.Multi.Generic (1) 21:05:57.0406 4052 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 21:05:57.0593 4052 Arp1394 - ok 21:05:57.0640 4052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 21:05:57.0843 4052 asc - ok 21:05:57.0843 4052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 21:05:57.0937 4052 asc3350p - ok 21:05:57.0953 4052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 21:05:58.0156 4052 asc3550 - ok 21:05:58.0328 4052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:05:58.0500 4052 AsyncMac - ok 21:05:58.0531 4052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:05:58.0718 4052 atapi - ok 21:05:58.0875 4052 Atdisk - ok 21:05:58.0953 4052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:05:59.0140 4052 Atmarpc - ok 21:05:59.0250 4052 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 21:05:59.0312 4052 atmeltpm - ok 21:05:59.0468 4052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:05:59.0656 4052 audstub - ok 21:05:59.0718 4052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:05:59.0906 4052 Beep - ok 21:06:00.0000 4052 BTKRNL (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys 21:06:00.0062 4052 BTKRNL ( UnsignedFile.Multi.Generic ) - warning 21:06:00.0062 4052 BTKRNL - detected UnsignedFile.Multi.Generic (1) 21:06:00.0234 4052 BTWUSB (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys 21:06:00.0250 4052 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 21:06:00.0250 4052 BTWUSB - detected UnsignedFile.Multi.Generic (1) 21:06:00.0281 4052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 21:06:00.0484 4052 cbidf - ok 21:06:00.0484 4052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:06:00.0671 4052 cbidf2k - ok 21:06:00.0734 4052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 21:06:00.0828 4052 cd20xrnt - ok 21:06:00.0859 4052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:06:01.0031 4052 Cdaudio - ok 21:06:01.0296 4052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 21:06:01.0484 4052 Cdfs - ok 21:06:01.0546 4052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:06:01.0734 4052 Cdrom - ok 21:06:01.0750 4052 Changer - ok 21:06:01.0812 4052 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 21:06:02.0000 4052 CmBatt - ok 21:06:02.0031 4052 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys 21:06:02.0218 4052 CmdIde - ok 21:06:02.0406 4052 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 21:06:02.0593 4052 Compbatt - ok 21:06:02.0625 4052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 21:06:02.0812 4052 Cpqarray - ok 21:06:02.0859 4052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 21:06:03.0062 4052 dac2w2k - ok 21:06:03.0125 4052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 21:06:03.0328 4052 dac960nt - ok 21:06:03.0421 4052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 21:06:03.0609 4052 Disk - ok 21:06:03.0656 4052 DLABOIOM (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 21:06:03.0687 4052 DLABOIOM ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0687 4052 DLABOIOM - detected UnsignedFile.Multi.Generic (1) 21:06:03.0703 4052 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 21:06:03.0703 4052 DLACDBHM ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0703 4052 DLACDBHM - detected UnsignedFile.Multi.Generic (1) 21:06:03.0734 4052 DLADResN (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS 21:06:03.0750 4052 DLADResN ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0750 4052 DLADResN - detected UnsignedFile.Multi.Generic (1) 21:06:03.0906 4052 DLAIFS_M (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 21:06:03.0937 4052 DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning 21:06:03.0937 4052 DLAIFS_M - detected UnsignedFile.Multi.Generic (1) 21:06:04.0078 4052 DLAOPIOM (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 21:06:04.0093 4052 DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0093 4052 DLAOPIOM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0125 4052 DLAPoolM (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 21:06:04.0140 4052 DLAPoolM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0140 4052 DLAPoolM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0203 4052 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 21:06:04.0218 4052 DLARTL_N ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0218 4052 DLARTL_N - detected UnsignedFile.Multi.Generic (1) 21:06:04.0250 4052 DLAUDFAM (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 21:06:04.0281 4052 DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0281 4052 DLAUDFAM - detected UnsignedFile.Multi.Generic (1) 21:06:04.0406 4052 DLAUDF_M (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 21:06:04.0421 4052 DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning 21:06:04.0421 4052 DLAUDF_M - detected UnsignedFile.Multi.Generic (1) 21:06:04.0546 4052 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 21:06:04.0781 4052 dmboot - ok 21:06:04.0984 4052 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 21:06:05.0171 4052 dmio - ok 21:06:05.0203 4052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:06:05.0406 4052 dmload - ok 21:06:05.0437 4052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 21:06:05.0640 4052 DMusic - ok 21:06:05.0703 4052 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys 21:06:05.0734 4052 DozeHDD - ok 21:06:05.0906 4052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 21:06:06.0109 4052 dpti2o - ok 21:06:06.0171 4052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 21:06:06.0359 4052 drmkaud - ok 21:06:06.0437 4052 DRVMCDB (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 21:06:06.0468 4052 DRVMCDB ( UnsignedFile.Multi.Generic ) - warning 21:06:06.0468 4052 DRVMCDB - detected UnsignedFile.Multi.Generic (1) 21:06:06.0625 4052 DRVNDDM (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 21:06:06.0640 4052 DRVNDDM ( UnsignedFile.Multi.Generic ) - warning 21:06:06.0640 4052 DRVNDDM - detected UnsignedFile.Multi.Generic (1) 21:06:06.0703 4052 E100B (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys 21:06:06.0906 4052 E100B - ok 21:06:06.0953 4052 e1express (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 21:06:07.0015 4052 e1express - ok 21:06:07.0125 4052 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys 21:06:07.0156 4052 eeCtrl - ok 21:06:07.0296 4052 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 21:06:07.0343 4052 EGATHDRV ( UnsignedFile.Multi.Generic ) - warning 21:06:07.0343 4052 EGATHDRV - detected UnsignedFile.Multi.Generic (1) 21:06:07.0562 4052 EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys 21:06:07.0578 4052 EraserUtilDrv11122 - ok 21:06:07.0687 4052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 21:06:07.0875 4052 Fastfat - ok 21:06:07.0906 4052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 21:06:08.0125 4052 Fdc - ok 21:06:08.0281 4052 filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys 21:06:08.0296 4052 filtertdidriver ( UnsignedFile.Multi.Generic ) - warning 21:06:08.0296 4052 filtertdidriver - detected UnsignedFile.Multi.Generic (1) 21:06:08.0359 4052 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 21:06:08.0546 4052 Fips - ok 21:06:08.0765 4052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 21:06:08.0953 4052 Flpydisk - ok 21:06:09.0031 4052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 21:06:09.0234 4052 FltMgr - ok 21:06:09.0296 4052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:06:09.0484 4052 Fs_Rec - ok 21:06:09.0687 4052 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:06:09.0875 4052 Ftdisk - ok 21:06:09.0906 4052 G400 (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys 21:06:10.0125 4052 G400 - ok 21:06:10.0343 4052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:06:10.0515 4052 Gpc - ok 21:06:10.0656 4052 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:06:10.0843 4052 HDAudBus - ok 21:06:10.0921 4052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 21:06:11.0093 4052 hpn - ok 21:06:11.0156 4052 HSFHWAZL (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 21:06:11.0187 4052 HSFHWAZL - ok 21:06:11.0343 4052 HSF_DPV (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 21:06:11.0406 4052 HSF_DPV - ok 21:06:11.0468 4052 HSXHWAZL (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys 21:06:11.0546 4052 HSXHWAZL - ok 21:06:11.0718 4052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:06:11.0781 4052 HTTP - ok 21:06:11.0875 4052 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 21:06:11.0953 4052 hwdatacard - ok 21:06:12.0109 4052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 21:06:12.0296 4052 i2omgmt - ok 21:06:12.0343 4052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 21:06:12.0515 4052 i2omp - ok 21:06:12.0718 4052 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:06:12.0906 4052 i8042prt - ok 21:06:13.0218 4052 ialm (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 21:06:13.0875 4052 ialm - ok 21:06:14.0078 4052 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 21:06:14.0140 4052 iaStor ( UnsignedFile.Multi.Generic ) - warning 21:06:14.0140 4052 iaStor - detected UnsignedFile.Multi.Generic (1) 21:06:14.0328 4052 IBMPMDRV (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 21:06:14.0343 4052 IBMPMDRV - ok 21:06:14.0421 4052 IBMTPCHK (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys 21:06:14.0437 4052 IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning 21:06:14.0437 4052 IBMTPCHK - detected UnsignedFile.Multi.Generic (1) 21:06:14.0484 4052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:06:14.0656 4052 Imapi - ok 21:06:14.0718 4052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 21:06:14.0906 4052 ini910u - ok 21:06:15.0078 4052 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys 21:06:15.0265 4052 IntelIde - ok 21:06:15.0328 4052 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:06:15.0515 4052 intelppm - ok 21:06:16.0437 4052 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 21:06:16.0687 4052 Ip6Fw - ok 21:06:16.0734 4052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:06:16.0921 4052 IpFilterDriver - ok 21:06:16.0953 4052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:06:17.0125 4052 IpInIp - ok 21:06:17.0203 4052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:06:17.0390 4052 IpNat - ok 21:06:17.0578 4052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:06:17.0750 4052 IPSec - ok 21:06:17.0812 4052 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 21:06:18.0000 4052 irda - ok 21:06:18.0015 4052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:06:18.0203 4052 IRENUM - ok 21:06:18.0281 4052 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:06:18.0468 4052 isapnp - ok 21:06:18.0656 4052 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys 21:06:18.0656 4052 Iviaspi ( UnsignedFile.Multi.Generic ) - warning 21:06:18.0656 4052 Iviaspi - detected UnsignedFile.Multi.Generic (1) 21:06:18.0734 4052 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:06:18.0906 4052 Kbdclass - ok 21:06:19.0000 4052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 21:06:19.0187 4052 kmixer - ok 21:06:19.0234 4052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:06:19.0296 4052 KSecDD - ok 21:06:19.0437 4052 lbrtfdc - ok 21:06:19.0515 4052 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys 21:06:19.0531 4052 lenovo.smi - ok 21:06:19.0593 4052 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys 21:06:19.0625 4052 MBAMProtector - ok 21:06:19.0671 4052 mdmxsdk (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 21:06:19.0687 4052 mdmxsdk - ok 21:06:19.0734 4052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:06:19.0921 4052 mnmdd - ok 21:06:20.0109 4052 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 21:06:20.0296 4052 Modem - ok 21:06:20.0343 4052 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:06:20.0531 4052 Mouclass - ok 21:06:20.0593 4052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 21:06:20.0781 4052 MountMgr - ok 21:06:20.0812 4052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 21:06:20.0984 4052 mraid35x - ok 21:06:21.0187 4052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:06:21.0375 4052 MRxDAV - ok 21:06:21.0468 4052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:06:21.0546 4052 MRxSmb - ok 21:06:21.0671 4052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 21:06:21.0875 4052 Msfs - ok 21:06:21.0921 4052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:06:22.0093 4052 MSKSSRV - ok 21:06:22.0140 4052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:06:22.0312 4052 MSPCLOCK - ok 21:06:22.0390 4052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 21:06:22.0593 4052 MSPQM - ok 21:06:22.0843 4052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:06:23.0015 4052 mssmbios - ok 21:06:23.0109 4052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:06:23.0171 4052 Mup - ok 21:06:23.0296 4052 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\naveng.sys 21:06:23.0328 4052 NAVENG - ok 21:06:23.0406 4052 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\navex15.sys 21:06:23.0500 4052 NAVEX15 - ok 21:06:23.0687 4052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 21:06:23.0890 4052 NDIS - ok 21:06:23.0937 4052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:06:24.0000 4052 NdisTapi - ok 21:06:24.0031 4052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:06:24.0203 4052 Ndisuio - ok 21:06:24.0218 4052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:06:24.0437 4052 NdisWan - ok 21:06:24.0625 4052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:06:24.0687 4052 NDProxy - ok 21:06:24.0765 4052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:06:24.0953 4052 NetBIOS - ok 21:06:24.0984 4052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:06:25.0734 4052 NetBT - ok 21:06:26.0000 4052 NETw3x32 (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys 21:06:26.0171 4052 NETw3x32 - ok 21:06:26.0359 4052 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 21:06:26.0546 4052 NIC1394 - ok 21:06:26.0609 4052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 21:06:26.0796 4052 Npfs - ok 21:06:26.0875 4052 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys 21:06:27.0062 4052 NSCIRDA - ok 21:06:27.0109 4052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 21:06:27.0312 4052 Ntfs - ok 21:06:27.0578 4052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:06:27.0781 4052 Null - ok 21:06:27.0875 4052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:06:28.0140 4052 nv - ok 21:06:28.0343 4052 NWADI (d4e1d20883977be696c07bbb57230be2) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys 21:06:28.0406 4052 NWADI - ok 21:06:28.0437 4052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:06:28.0640 4052 NwlnkFlt - ok 21:06:28.0656 4052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:06:28.0828 4052 NwlnkFwd - ok 21:06:28.0890 4052 odysseyIM4 (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 21:06:28.0953 4052 odysseyIM4 - ok 21:06:29.0140 4052 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 21:06:29.0328 4052 ohci1394 - ok 21:06:29.0390 4052 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys 21:06:29.0593 4052 Parport - ok 21:06:29.0593 4052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 21:06:29.0765 4052 PartMgr - ok 21:06:29.0796 4052 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 21:06:30.0000 4052 ParVdm - ok 21:06:30.0187 4052 PCASp50 - ok 21:06:30.0265 4052 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 21:06:30.0453 4052 PCI - ok 21:06:30.0468 4052 PCIDump - ok 21:06:30.0484 4052 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:06:30.0671 4052 PCIIde - ok 21:06:30.0687 4052 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 21:06:30.0859 4052 Pcmcia - ok 21:06:30.0875 4052 PDCOMP - ok 21:06:30.0890 4052 PDFRAME - ok 21:06:30.0906 4052 PDRELI - ok 21:06:30.0906 4052 PDRFRAME - ok 21:06:30.0937 4052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 21:06:31.0140 4052 perc2 - ok 21:06:31.0312 4052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 21:06:31.0515 4052 perc2hib - ok 21:06:31.0593 4052 pmem (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys 21:06:31.0609 4052 pmem ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0609 4052 pmem - detected UnsignedFile.Multi.Generic (1) 21:06:31.0671 4052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:06:31.0859 4052 PptpMiniport - ok 21:06:31.0937 4052 PrivateDisk (ebe579425ccb8377bfc7c0b50c05eb56) C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys 21:06:31.0968 4052 PrivateDisk ( UnsignedFile.Multi.Generic ) - warning 21:06:31.0968 4052 PrivateDisk - detected UnsignedFile.Multi.Generic (1) 21:06:32.0140 4052 PROCDD (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS 21:06:32.0156 4052 PROCDD - ok 21:06:32.0203 4052 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 21:06:32.0375 4052 Processor - ok 21:06:32.0421 4052 psadd (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys 21:06:32.0468 4052 psadd - ok 21:06:32.0500 4052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 21:06:32.0687 4052 PSched - ok 21:06:32.0921 4052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:06:33.0109 4052 Ptilink - ok 21:06:33.0203 4052 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:06:33.0218 4052 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 21:06:33.0218 4052 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 21:06:33.0250 4052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 21:06:33.0437 4052 ql1080 - ok 21:06:33.0437 4052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 21:06:33.0625 4052 Ql10wnt - ok 21:06:33.0640 4052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 21:06:33.0843 4052 ql12160 - ok 21:06:34.0031 4052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 21:06:34.0234 4052 ql1240 - ok 21:06:34.0265 4052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 21:06:34.0453 4052 ql1280 - ok 21:06:34.0484 4052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:06:34.0671 4052 RasAcd - ok 21:06:34.0781 4052 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 21:06:34.0875 4052 Rasirda - ok 21:06:35.0046 4052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:06:35.0234 4052 Rasl2tp - ok 21:06:35.0265 4052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:06:35.0437 4052 RasPppoe - ok 21:06:35.0484 4052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:06:35.0671 4052 Raspti - ok 21:06:35.0843 4052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:06:36.0015 4052 Rdbss - ok 21:06:36.0062 4052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:06:36.0234 4052 RDPCDD - ok 21:06:36.0281 4052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:06:36.0468 4052 rdpdr - ok 21:06:36.0656 4052 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 21:06:36.0718 4052 RDPWD - ok 21:06:36.0843 4052 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:06:37.0031 4052 redbook - ok 21:06:37.0156 4052 s24trans (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys 21:06:37.0171 4052 s24trans ( UnsignedFile.Multi.Generic ) - warning 21:06:37.0171 4052 s24trans - detected UnsignedFile.Multi.Generic (1) 21:06:37.0281 4052 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Programme\Symantec Client Security\Symantec AntiVirus\savrt.sys 21:06:37.0312 4052 SAVRT - ok 21:06:37.0312 4052 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Programme\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys 21:06:37.0328 4052 SAVRTPEL - ok 21:06:37.0484 4052 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 21:06:37.0671 4052 sdbus - ok 21:06:37.0781 4052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:06:37.0968 4052 Secdrv - ok 21:06:38.0046 4052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:06:38.0234 4052 serenum - ok 21:06:38.0375 4052 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 21:06:38.0562 4052 Serial - ok 21:06:38.0656 4052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:06:38.0843 4052 Sfloppy - ok 21:06:38.0906 4052 Shockprf (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys 21:06:38.0937 4052 Shockprf - ok 21:06:39.0000 4052 Simbad - ok 21:06:39.0109 4052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 21:06:39.0281 4052 sisagp - ok 21:06:39.0390 4052 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys 21:06:39.0406 4052 Smapint ( UnsignedFile.Multi.Generic ) - warning 21:06:39.0406 4052 Smapint - detected UnsignedFile.Multi.Generic (1) 21:06:39.0484 4052 smi2 (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys 21:06:39.0500 4052 smi2 ( UnsignedFile.Multi.Generic ) - warning 21:06:39.0500 4052 smi2 - detected UnsignedFile.Multi.Generic (1) 21:06:39.0546 4052 smihlp2 (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys 21:06:39.0562 4052 smihlp2 - ok 21:06:39.0703 4052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 21:06:39.0796 4052 Sparrow - ok 21:06:39.0921 4052 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys 21:06:39.0953 4052 SPBBCDrv - ok 21:06:40.0125 4052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 21:06:40.0296 4052 splitter - ok 21:06:40.0359 4052 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 21:06:40.0531 4052 sr - ok 21:06:40.0578 4052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:06:40.0640 4052 Srv - ok 21:06:40.0703 4052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:06:40.0890 4052 swenum - ok 21:06:41.0093 4052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 21:06:41.0265 4052 swmidi - ok 21:06:41.0375 4052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 21:06:41.0546 4052 symc810 - ok 21:06:41.0593 4052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 21:06:41.0796 4052 symc8xx - ok 21:06:41.0921 4052 SYMDNS (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS 21:06:41.0937 4052 SYMDNS - ok 21:06:42.0031 4052 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Programme\Symantec\SYMEVENT.SYS 21:06:42.0046 4052 SymEvent - ok 21:06:42.0109 4052 SYMFW (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS 21:06:42.0140 4052 SYMFW - ok 21:06:42.0140 4052 SYMIDS (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS 21:06:42.0156 4052 SYMIDS - ok 21:06:42.0250 4052 SYMIDSCO (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20120308.001\symidsco.sys 21:06:42.0265 4052 SYMIDSCO - ok 21:06:42.0406 4052 SYMNDIS (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 21:06:42.0421 4052 SYMNDIS - ok 21:06:42.0515 4052 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 21:06:42.0531 4052 SYMREDRV - ok 21:06:42.0578 4052 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 21:06:42.0593 4052 SYMTDI - ok 21:06:42.0640 4052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 21:06:42.0828 4052 sym_hi - ok 21:06:42.0859 4052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 21:06:43.0031 4052 sym_u3 - ok 21:06:43.0093 4052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 21:06:43.0265 4052 sysaudio - ok 21:06:43.0437 4052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:06:43.0546 4052 Tcpip - ok 21:06:43.0640 4052 TcUsb (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys 21:06:43.0656 4052 TcUsb - ok 21:06:43.0703 4052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:06:43.0890 4052 TDPIPE - ok 21:06:44.0062 4052 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS 21:06:44.0093 4052 TDSMAPI ( UnsignedFile.Multi.Generic ) - warning 21:06:44.0093 4052 TDSMAPI - detected UnsignedFile.Multi.Generic (1) 21:06:44.0171 4052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 21:06:44.0359 4052 TDTCP - ok 21:06:44.0390 4052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:06:44.0578 4052 TermDD - ok 21:06:44.0656 4052 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys 21:06:44.0828 4052 TosIde - ok 21:06:44.0953 4052 Tp4Track (5c7396b8f083dc4637c584deccd50504) C:\WINDOWS\system32\DRIVERS\tp4track.sys 21:06:44.0968 4052 Tp4Track - ok 21:06:45.0078 4052 TPDIGIMN (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys 21:06:45.0093 4052 TPDIGIMN - ok 21:06:45.0171 4052 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 21:06:45.0234 4052 TPHKDRV - ok 21:06:45.0281 4052 TPPWRIF (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys 21:06:45.0296 4052 TPPWRIF - ok 21:06:45.0359 4052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 21:06:45.0546 4052 Udfs - ok 21:06:45.0703 4052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 21:06:45.0812 4052 ultra - ok 21:06:45.0890 4052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 21:06:46.0078 4052 Update - ok 21:06:46.0296 4052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:06:46.0484 4052 usbccgp - ok 21:06:46.0593 4052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:06:46.0781 4052 usbehci - ok 21:06:46.0875 4052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:06:47.0046 4052 usbhub - ok 21:06:47.0234 4052 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 21:06:47.0421 4052 usbohci - ok 21:06:47.0468 4052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 21:06:47.0656 4052 usbprint - ok 21:06:47.0734 4052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:06:47.0906 4052 USBSTOR - ok 21:06:48.0046 4052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:06:48.0234 4052 usbuhci - ok 21:06:48.0296 4052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 21:06:48.0468 4052 VgaSave - ok 21:06:48.0562 4052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 21:06:48.0734 4052 viaagp - ok 21:06:48.0765 4052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 21:06:48.0953 4052 ViaIde - ok 21:06:49.0078 4052 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 21:06:49.0265 4052 VolSnap - ok 21:06:49.0375 4052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:06:49.0546 4052 Wanarp - ok 21:06:49.0625 4052 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 21:06:49.0656 4052 Wdf01000 - ok 21:06:49.0765 4052 WDICA - ok 21:06:49.0828 4052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 21:06:50.0015 4052 wdmaud - ok 21:06:50.0109 4052 winachsf (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 21:06:50.0156 4052 winachsf - ok 21:06:50.0359 4052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 21:06:50.0546 4052 WS2IFSL - ok 21:06:50.0656 4052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:06:50.0718 4052 WudfPf - ok 21:06:50.0750 4052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:06:50.0796 4052 WudfRd - ok 21:06:50.0828 4052 MBR (0x1B8) (92d29754b68d05ee70cc87aababd4248) \Device\Harddisk0\DR0 21:06:50.0953 4052 \Device\Harddisk0\DR0 - ok 21:06:50.0953 4052 Boot (0x1200) (c447e1c7bc354db11275d563ad66d2a6) \Device\Harddisk0\DR0\Partition0 21:06:50.0953 4052 \Device\Harddisk0\DR0\Partition0 - ok 21:06:50.0953 4052 ============================================================ 21:06:50.0953 4052 Scan finished 21:06:50.0953 4052 ============================================================ 21:06:51.0062 5736 Detected object count: 27 21:06:51.0062 5736 Actual detected object count: 27 21:10:27.0390 5736 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 ANC ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0390 5736 DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0390 5736 DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0406 5736 DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0406 5736 DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 filtertdidriver ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 filtertdidriver ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 iaStor ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0421 5736 pmem ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0421 5736 pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 Smapint ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 smi2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:10:27.0437 5736 TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user 21:10:27.0437 5736 TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
24.03.2012, 20:35
| #12 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, sorry mein Fehler. Ich dachte für die 4 Logs passt zip besser. Hier nun per Code-Tags. 1) Norton Internet Security (Virus Fund): Code:
ATTFilter Scanstatistiken:
Scanzeit: 4.085 Sekunden
Scanziele: Gesamter Computer
Zähler:
Gescannte Elemente insgesamt: 337.594
– Dateien und Laufwerke: 331.683
– Registrierungseinträge: 471
– Prozesse und Elemente beim Start: 4.819
– Netzwerk und Browser-Elemente: 614
– Sonstiges: 4
– Vertrauenswürdige Dateien: 1.530
– Übersprungene Dateien: 376
Erkannte Sicherheitsrisiken insgesamt: 1
Behobene Elemente insgesamt: 1
Elemente insgesamt, die Aufmerksamkeit erfordern: 0
Behobene Bedrohungen:
Trojan.ADH.2
Typ: Anomalie
Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz)
Kategorien: Virus
Status: Ausgeschlossen
-----------
1 Datei
c:\system volume information\_restore{b991f27a-883f-42a9-a172-eaab1d37fffa}\rp149\a0020067.exe - Ausgeschlossen
1 Browser-Cache
Nicht behobene Bedrohungen:
Keine nicht behobenen Risiken
2) GMER-Log: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-22 21:14:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS541680J9SA00 rev.SB2IC7JP
Running: 3fktjv7y.exe; Driver: C:\DOKUME~1\leno\LOKALE~1\Temp\uwecrkoc.sys
---- System - GMER 1.0.15 ----
SSDT 89BB8110 ZwAlertResumeThread
SSDT 89BD2468 ZwAlertThread
SSDT 8AA58CB8 ZwAllocateVirtualMemory
SSDT 8957E1C0 ZwAssignProcessToJobObject
SSDT 89D2E840 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8827D40]
SSDT 89BB2008 ZwCreateMutant
SSDT 89B92F80 ZwCreateSymbolicLinkObject
SSDT 89B70D40 ZwCreateThread
SSDT 89B670D8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA8827FC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8828680]
SSDT 8AA4FC38 ZwDuplicateObject
SSDT 8AA14C80 ZwFreeVirtualMemory
SSDT 89BD8110 ZwImpersonateAnonymousToken
SSDT 89BD8008 ZwImpersonateThread
SSDT 8AA58C80 ZwLoadDriver
SSDT 894DD310 ZwMapViewOfSection
SSDT 89BB2130 ZwOpenEvent
SSDT 8A9FC698 ZwOpenProcess
SSDT 89BDC290 ZwOpenProcessToken
SSDT 89BAB130 ZwOpenSection
SSDT 8AA502C8 ZwOpenThread
SSDT 8957E0F0 ZwProtectVirtualMemory
SSDT 89BD2508 ZwResumeThread
SSDT 89B8DA90 ZwSetContextThread
SSDT 8AA41498 ZwSetInformationProcess
SSDT 89B671B8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8828910]
SSDT 89BAB008 ZwSuspendProcess
SSDT 89BD25C8 ZwSuspendThread
SSDT 89BBF150 ZwTerminateProcess
SSDT 89BAE840 ZwTerminateThread
SSDT 89BE7080 ZwUnmapViewOfSection
SSDT 8AC46E58 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C60 805044FC 4 Bytes CALL CF34CED3
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + 6 7C91D0F4 4 Bytes [68, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + B 7C91D0F9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + 6 7C91D114 4 Bytes [28, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + B 7C91D119 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + 6 7C91D184 4 Bytes [68, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + B 7C91D189 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [A8, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + 6 7C91D5D4 4 Bytes [A8, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + B 7C91D5D9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + 6 7C91D5E4 4 Bytes CALL 7B91ECEA
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + B 7C91D5E9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6 7C91D604 1 Byte [28]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [28, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C91D614 1 Byte [68]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes [68, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [28, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + 6 7C91D634 4 Bytes [A8, 02, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + B 7C91D639 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes CALL 7B91ED6B
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C91D674 1 Byte [E8]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes CALL 7B91ED7C
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes [68, 04, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 1 Byte [A8]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [A8, 03, 17, 00]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes CALL 7B91F61D
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002D00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 002D00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateEventW 7C80A749 5 Bytes JMP 002D0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 002D0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!OpenEventW 7C8131E0 5 Bytes JMP 002D0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatA 7E368E28 5 Bytes JMP 003C02F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatW 7E36AF34 5 Bytes JMP 003C02B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClassExA 7E377C39 5 Bytes JMP 003C0530
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ActivateKeyboardLayout 7E378673 5 Bytes JMP 003C04F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!IsClipboardFormatAvailable 7E37F166 5 Bytes JMP 003C00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber 7E37F17A 2 Bytes JMP 003C0330
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber + 3 7E37F17D 2 Bytes [04, 82] {ADD AL, 0x82}
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CloseClipboard 7E380265 5 Bytes JMP 003C00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!OpenClipboard 7E380277 5 Bytes JMP 003C0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardViewer 7E380473 5 Bytes JMP 003C04B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ChangeClipboardChain 7E380487 5 Bytes JMP 003C0430
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EmptyClipboard 7E380D96 5 Bytes JMP 003C0130
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardOwner 7E380DA8 5 Bytes JMP 003C0370
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardData 7E380DBA 5 Bytes JMP 003C0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardData 7E380F9E 5 Bytes JMP 003C0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameA 7E381290 5 Bytes JMP 003C0270
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CountClipboardFormats 7E38167F 5 Bytes JMP 003C01F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetOpenClipboardWindow 7E381691 5 Bytes JMP 003C03F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EnumClipboardFormats 7E38E53D 5 Bytes JMP 003C01B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameW 7E3A957F 5 Bytes JMP 003C0230
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer 7E3BCB94 3 Bytes JMP 003C0470
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer + 4 7E3BCB98 1 Byte [82]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat 7E3BCC96 3 Bytes JMP 003C03B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat + 4 7E3BCC9A 1 Byte [82]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetDeviceCaps 77EF5A71 5 Bytes JMP 003D0370
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectObject 77EF5B70 5 Bytes JMP 003D05B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextColor 77EF5D77 5 Bytes JMP 003D0970
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetBkMode 77EF5EDB 5 Bytes JMP 003D0830
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!IntersectClipRect 77EF6A56 5 Bytes JMP 003D03B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetClipBox 77EF6AA1 5 Bytes JMP 003D0330
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteObject 77EF6BFA 5 Bytes JMP 003D01B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteDC 77EF6E5F 5 Bytes JMP 003D0170
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtSelectClipRgn 77EF7874 5 Bytes JMP 003D02F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipRgn 77EF7AA0 5 Bytes JMP 003D0570
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsW 77EF7DB9 5 Bytes JMP 003D0D30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutW 77EF8086 5 Bytes JMP 003D08B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetStretchBltMode 77EF8597 5 Bytes JMP 003D05F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RestoreDC 77EF8B28 5 Bytes JMP 003D04F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SaveDC 77EF8BEE 5 Bytes JMP 003D0530
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextAlign 77EF8C8B 5 Bytes JMP 003D0930
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!MoveToEx 77EFA21A 5 Bytes JMP 003D0430
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceW 77EFA5CB 5 Bytes JMP 003D0C70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits 77EFB0AE 2 Bytes JMP 003D06B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits + 3 77EFB0B1 2 Bytes [4D, 88]
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetWorldTransform 77EFB457 5 Bytes JMP 003D0630
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 003D00B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCW 77EFBE38 5 Bytes JMP 003D00F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtEscape 77EFC3CC 5 Bytes JMP 003D02B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutA 77EFD3FA 5 Bytes JMP 003D0870
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!LineTo 77EFD997 5 Bytes JMP 003D03F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsA 77EFDF45 5 Bytes JMP 003D0CF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetICMMode 77EFE868 5 Bytes JMP 003D0CB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Rectangle 77EFE9BE 5 Bytes JMP 003D08F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetFontData 77EFF314 5 Bytes JMP 003D0BB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceA 77EFF365 5 Bytes JMP 003D0C30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetPolyFillMode 77F00817 5 Bytes JMP 003D0A70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetMiterLimit 77F00E8E 5 Bytes JMP 003D0AB0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Escape 77F06F5A 5 Bytes JMP 003D0270
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ResetDCW 77F0B9AF 5 Bytes JMP 003D09F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateICW 77F0C813 5 Bytes JMP 003D0130
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!BeginPath 77F0D4B0 5 Bytes JMP 003D0770
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPath 77F0D530 5 Bytes JMP 003D09B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipPath 77F0D5B7 5 Bytes JMP 003D0A30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPage 77F0DC61 5 Bytes JMP 003D0230
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndDoc 77F0DEF1 5 Bytes JMP 003D01F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyBezierTo 77F0EBD1 5 Bytes JMP 003D0470
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolylineTo 77F0EC7E 5 Bytes JMP 003D04B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CloseFigure 77F0ED1A 5 Bytes JMP 003D0070
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartPage 77F0F49E 5 Bytes JMP 003D0670
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RemoveFontResourceW 77F1D07C 5 Bytes JMP 003D0B70
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetGlyphOutlineW 77F1E6D1 5 Bytes JMP 003D0BF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AddFontResourceW 77F1FFAB 5 Bytes JMP 003D0B30
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateScalableFontResourceW 77F20160 5 Bytes JMP 003D0AF0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AbortDoc 77F24CD2 5 Bytes JMP 003D0030
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartDocW 77F25962 5 Bytes JMP 003D0730
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StrokePath 77F260B7 5 Bytes JMP 003D06F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!FillPath 77F26144 5 Bytes JMP 003D07B0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyDraw 77F2667B 5 Bytes JMP 003D07F0
.text C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ole32.dll!OleSetClipboard 77517808 5 Bytes JMP 003F0030
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 002D0110
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom] 003E01D0
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptAcquireContextW] 003E0050
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptGenRandom] 003E01D0
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptReleaseContext] 003E0090
IAT C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 002D0110
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A6147D20
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- EOF - GMER 1.0.15 ----
3) Osam-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:39:17 on 23.03.2012 OS: Windows XP Professional Service Pack 3 (Build 2600) Default Browser: Mozilla Corporation Firefox 3.6.24 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\PCDR5\pcdr5cuiw32.exe "PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE (File found, but it contains no detailed information) "Symantec NetDetect.job" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE [Control Panel Objects] -----( %SystemRoot%\system32 )----- "btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl "javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl "PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl "tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl "TP98.CPL" - "Lenovo Group Limited" - C:\WINDOWS\system32\TP98.CPL "TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl "ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl "SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys "ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS "APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys "BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys "Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys "catchme" (catchme) - ? - C:\DOKUME~1\leno\LOKALE~1\Temp\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS "DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS "DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS "DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS "DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS "DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS "DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS "DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS "DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS "DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys "DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS "DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS "EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys "filtertdidriver" (filtertdidriver) - "Huawei Technologies Co., Ltd." - C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys "IBM eGatherer" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS "IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys (File found, but it contains no detailed information) "IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120322.002\IDSxpx86.sys "IPS-Helper-Treiber" (PROCDD) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\PROCDD.SYS "IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\smiif32.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVENG.SYS "NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVEX15.SYS "Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\ccSetx86.sys "PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\drivers\PCASp50.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys "PrivateDisk" (PrivateDisk) - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys "Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys "Smapint" (Smapint) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\Smapint.sys "SMI Helper Driver (smihlp2)" (smihlp2) - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys "smi2" (smi2) - "IBM Corp." - C:\Programme\SMI2\smi2.sys "Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMDS.SYS "Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys "Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMEFA.SYS "Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\Ironx86.SYS "Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS "Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS "Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\SRTSPX.SYS "SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS "TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS (File found, but it contains no detailed information) "TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys "WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - (File not found | COM-object registry key not found) {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll {F6A51CCC-6AA6-46ad-B726-97466F0A38BF} "SafeGuard® PrivateDisk extension" - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\pdshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll (File found, but it contains no detailed information) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) <binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll <binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm {0FE81B52-73FA-425F-8F06-3F32451AC73F} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {F040E541-A427-4CF7-85D8-75E3E0F476C5} "CPwmIEBrowserHelper Object" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll {5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll {E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll {6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\leno\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe "AwaySch" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwaySch.EXE "BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog (File found, but it contains no detailed information) "cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent "DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Programme\Huawei Modems\DataCardMonitor.exe "DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE "ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup "ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start "LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe "LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe "LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PDService.exe" - "Utimaco Safeware AG" - "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" "PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" "TP4EX" - "Lenovo Group Limited" - tp4ex.exe "TPKMAPHELPER" - "Lenovo" - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper "TpShocks" - "Lenovo." - TpShocks.exe "TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll "Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll "PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe "Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe "Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe (File found, but it contains no detailed information) "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe "Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe "IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINDOWS\system32\IPSSVC.EXE "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe "Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE "Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe "Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe "Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe "System Update" (SUService) - "Lenovo Group Limited" - c:\programme\lenovo\system update\suservice.exe "ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe "ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe "TSS Core Service" (TSSCoreService) - "IBM" - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe "TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "ACNotify" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll "AwayNotify" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwayNotify.dll "psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru 4) aswMBR-Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 21:44:19
-----------------------------
21:44:19.843 OS Version: Windows 5.1.2600 Service Pack 3
21:44:19.843 Number of processors: 2 586 0xE0C
21:44:19.843 ComputerName: LENOVO-C395390B UserName: leno
21:44:22.406 Initialize success
21:59:50.013 AVAST engine defs: 12032301
22:00:32.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:00:32.703 Disk 0 Vendor: HITACHI_HTS541680J9SA00 SB2IC7JP Size: 76319MB BusType: 3
22:00:32.735 Disk 0 MBR read successfully
22:00:32.735 Disk 0 MBR scan
22:00:32.844 Disk 0 unknown MBR code
22:00:32.844 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 72070 MB offset 63
22:00:32.891 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 4245 MB offset 147601440
22:00:32.907 Disk 0 scanning sectors +156295440
22:00:33.047 Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:28.453 Service scanning
22:02:54.344 Modules scanning
22:03:19.610 Module: C:\WINDOWS\System32\DLA\DLADResN.SYS **SUSPICIOUS**
22:03:25.844 Disk 0 trace - called modules:
22:03:25.860 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:03:25.860 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acfaab8]
22:03:25.860 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8ac48140]
22:03:25.875 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac47940]
22:03:27.578 AVAST engine scan C:\WINDOWS
22:03:46.860 AVAST engine scan C:\WINDOWS\system32
22:17:19.313 AVAST engine scan C:\WINDOWS\system32\drivers
22:18:21.328 AVAST engine scan C:\Dokumente und Einstellungen\leno
22:34:52.500 AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:35:54.672 Scan finished successfully
22:49:50.016 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\MBR.dat"
22:49:50.016 The log file has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\aswMBR-23032012.txt"
|
|
14.03.2012, 15:02
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2 Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.03.2012, 21:07
| #14 |
| | Hilfe bei Trojaner Trojan.gen.2 Hallo Arne, nach einigen Schwierigkeiten beim Lauf von Combo-Fix, habe ich es nun geschafft (Log wurde meist nicht erzeugt bzw. ist). Vielen Dank weiterhin für deine Hilfe Hier nun das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-03-14.01 - leno 17.03.2012 19:59:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3062.2103 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\leno\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-17 bis 2012-03-17 ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:42 . 2012-03-16 20:42 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\Avaya
2012-03-09 20:07 . 2012-03-09 20:07 -------- d-----w- C:\_OTL
2012-03-04 14:40 . 2012-03-04 14:40 -------- d-----w- c:\programme\7-Zip
2012-03-03 21:02 . 2012-03-03 21:10 -------- d-----w- c:\dokumente und einstellungen\leno\Lokale Einstellungen\Anwendungsdaten\NPE
2012-03-03 21:02 . 2012-03-03 21:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2012-03-03 19:44 . 2012-03-03 19:44 388096 ----a-r- c:\dokumente und einstellungen\leno\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-03 19:44 . 2012-03-03 19:44 -------- d-----w- c:\programme\TrendMicro
2012-03-03 17:23 . 2012-03-03 17:23 -------- d-----w- c:\programme\CCleaner
2012-03-03 17:14 . 2012-03-03 17:21 -------- d-----w- C:\bases
2012-03-03 16:30 . 2012-03-03 16:35 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\HPAppData
2012-03-03 16:30 . 2012-03-03 16:31 -------- d-----r- c:\dokumente und einstellungen\LocalService\Favoriten
2012-02-28 16:56 . 2004-10-22 01:16 180224 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-02-28 16:56 . 2004-10-22 01:17 274432 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-02-28 16:56 . 2004-10-22 01:17 69715 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-02-28 16:56 . 2004-10-22 01:16 5632 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-02-28 16:56 . 2004-10-22 01:18 749568 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-02-28 16:55 . 2012-02-28 16:55 192644 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-02-28 16:55 . 2012-02-28 16:55 323716 ----a-w- c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-02-27 19:27 . 2012-02-27 19:27 -------- d-----w- c:\programme\ESET
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2012-02-27 19:09 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-27 17:03 . 2012-02-28 07:35 -------- d-----w- c:\windows\SxsCaPendDel
2012-02-27 07:43 . 2012-02-27 17:02 -------- d-----w- c:\programme\Gemeinsame Dateien\Spigot
2012-02-27 07:42 . 2010-01-15 17:30 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2012-02-27 07:42 . 2009-06-19 17:51 84512 ----a-w- c:\windows\system32\PICCLP32.OCX
2012-02-27 07:42 . 2009-06-19 17:51 364544 ----a-w- c:\windows\system32\PropertyGrid.ocx
2012-02-27 07:42 . 2009-06-19 17:51 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2012-02-27 07:42 . 2012-02-27 07:52 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\FreeFLVConverter
2012-02-27 07:42 . 2009-06-19 17:51 9728 ----a-w- c:\windows\system32\PCCLPFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51 24576 ----a-w- c:\windows\system32\ControlSubX.ocx
2012-02-27 07:42 . 2009-06-19 17:51 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-02-27 07:42 . 2009-06-19 17:51 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-02-26 21:09 . 2012-03-04 12:57 -------- d-----w- c:\dokumente und einstellungen\leno\Anwendungsdaten\HPAppData
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 20:10 . 2011-12-21 06:23 228216 ----a-w- c:\windows\OptionPCCardInstaller_tmccUninstall.exe
2012-02-13 20:09 . 2011-12-21 06:22 75742 ----a-w- c:\windows\Novatel_V20051InstallerUninstall.exe
2012-02-13 20:08 . 2011-12-21 06:21 68261 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 65973 ----a-w- c:\windows\sem_GCXXUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 89716 ----a-w- c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59 90499 ----a-w- c:\windows\OptionPCCardInstallerUninstall.exe
2012-02-03 09:57 . 2006-01-27 01:00 1860224 ----a-w- c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 20:59 3072 ------w- c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-01-27 01:00 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-12-22 06:42 . 2011-12-22 06:42 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-22 06:42 . 2011-12-21 20:08 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-22 06:42 . 2011-12-21 20:08 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-21 21:02 . 2011-12-21 21:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-01-27 01:01 672768 ----a-w- c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-01-27 01:01 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2006-01-27 01:01 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2006-01-27 01:01 371200 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\programme\Lenovo\TrackPoint\tp4serv.exe" [2011-11-01 95264]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-10-04 818240]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2011-10-04 208896]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-07-12 48752]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-30 86112]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2011-08-17 99688]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2011-12-21 249856]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07 49152 ----a-w- c:\programme\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 12:41 100104 ----a-w- c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WTGU.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WTGU.lnk
backup=c:\windows\pss\WTGU.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51 202024 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17 49152 ----a-w- c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25 1828136 ----a-w- c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57 153136 ----a-w- c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09 413696 ----a-w- c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56 204288 ------w- c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [14.01.2012 21:09 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.03.2011 19:12 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.12.2011 12:41 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [14.01.2012 21:09 292200]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.02.2012 20:09 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [14.01.2012 21:09 69632]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [14.01.2012 21:09 175168]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [12.12.2011 12:41 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [12.12.2011 12:41 142696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [12.03.2012 19:58 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.02.2012 20:09 20464]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [09.12.2011 00:41 24872]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [12.12.2011 12:41 101736]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [21.12.2011 20:26 7552]
S3 SavRoam;SAVRoam;c:\programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [30.08.2005 14:40 128608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-03-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-08 00:39]
.
2011-12-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2011-12-08 16:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
uInternet Settings,ProxyServer = proxy.intersoft-ag.de:3128
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\leno\Anwendungsdaten\Mozilla\Firefox\Profiles\52vhakko.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PC-Doctor for Windows - c:\programme\PCDR5\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-17 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe??????????????rogramme\Huawei Modems\DataCardMonitor.exe???????????)=?rogramme\Huawei Modems\?red\?????????+=?rogramme\Huawei Modems\DataCardMonitor.exe?R5???C?\? ?=? ?=?EMP=c:\dokume~1\leno\LOKALE~1\Temp?TMP=C
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1080)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-03-17 20:08:58
ComboFix-quarantined-files.txt 2012-03-17 19:08
.
Vor Suchlauf: 16 Verzeichnis(se), 45.301.776.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 45.288.345.600 Bytes frei
.
- - End Of File - - 10E167E4BED1F1BC203CF49951C85A2E
|
|
19.03.2012, 15:42
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Hilfe bei Trojaner Trojan.gen.2Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Hilfe bei Trojaner Trojan.gen.2 |
| antivirus, benötige, empfehlungen, entfern, eset, gefunde, gestern, gmer, hallo zusammen, hilfe bei trojaner, malwarebytes, nicht sicher, nichts, plagegeister, quarantäne, scan, symantec, system, troja, trojan.adh.2, trojan.gen.2, trojaner, verschoben, vollständige, woche, zusammen |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
