| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.03.2012, 11:51
| #16 |
 |  Bundespolizei Trojaner Ok! Da war ich wohl etwas vorschnell...wird gemacht, sobald ich heut wieder zuhause bin. Gruß, Max |
|
08.03.2012, 19:24
| #17 |
| | Bundespolizei Trojaner Also, hier das Logfile.
__________________Code:
ATTFilter 19:20:44.0150 1920 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
19:20:44.0251 1920 ============================================================
19:20:44.0251 1920 Current date / time: 2012/03/08 19:20:44.0251
19:20:44.0251 1920 SystemInfo:
19:20:44.0251 1920
19:20:44.0251 1920 OS Version: 6.1.7601 ServicePack: 1.0
19:20:44.0251 1920 Product type: Workstation
19:20:44.0251 1920 ComputerName: MEANMACHINE
19:20:44.0251 1920 UserName: DerMax
19:20:44.0251 1920 Windows directory: C:\Windows
19:20:44.0251 1920 System windows directory: C:\Windows
19:20:44.0251 1920 Processor architecture: Intel x86
19:20:44.0251 1920 Number of processors: 2
19:20:44.0251 1920 Page size: 0x1000
19:20:44.0251 1920 Boot type: Normal boot
19:20:44.0251 1920 ============================================================
19:20:45.0923 1920 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000050
19:20:45.0957 1920 \Device\Harddisk0\DR0:
19:20:45.0957 1920 MBR used
19:20:45.0957 1920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11EEF471
19:20:45.0959 1920 Initialize success
19:20:45.0959 1920 ============================================================
19:20:52.0709 5452 ============================================================
19:20:52.0709 5452 Scan started
19:20:52.0709 5452 Mode: Manual; SigCheck; TDLFS;
19:20:52.0709 5452 ============================================================
19:20:53.0138 5452 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:20:53.0200 5452 1394ohci - ok
19:20:53.0252 5452 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:20:53.0282 5452 ACPI - ok
19:20:53.0402 5452 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:20:53.0447 5452 AcpiPmi - ok
19:20:53.0585 5452 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:20:53.0613 5452 adp94xx - ok
19:20:53.0688 5452 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:20:53.0713 5452 adpahci - ok
19:20:53.0793 5452 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:20:53.0831 5452 adpu320 - ok
19:20:53.0917 5452 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:20:53.0951 5452 AFD - ok
19:20:54.0014 5452 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:20:54.0046 5452 agp440 - ok
19:20:54.0123 5452 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:20:54.0153 5452 aic78xx - ok
19:20:54.0258 5452 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:20:54.0277 5452 aliide - ok
19:20:54.0329 5452 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:20:54.0382 5452 amdagp - ok
19:20:54.0410 5452 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:20:54.0430 5452 amdide - ok
19:20:54.0524 5452 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:20:54.0559 5452 AmdK8 - ok
19:20:54.0625 5452 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:20:54.0658 5452 AmdPPM - ok
19:20:54.0758 5452 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:20:54.0791 5452 amdsata - ok
19:20:54.0920 5452 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:20:54.0974 5452 amdsbs - ok
19:20:55.0037 5452 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:20:55.0061 5452 amdxata - ok
19:20:55.0103 5452 ApfiltrService (baaa6516aec2622b8fba6165ff5d68c2) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:20:55.0144 5452 ApfiltrService - ok
19:20:55.0249 5452 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:20:55.0298 5452 AppID - ok
19:20:55.0439 5452 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:20:55.0472 5452 arc - ok
19:20:55.0522 5452 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:20:55.0556 5452 arcsas - ok
19:20:55.0641 5452 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:20:55.0701 5452 AsyncMac - ok
19:20:55.0762 5452 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:20:55.0782 5452 atapi - ok
19:20:55.0904 5452 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:20:55.0962 5452 b06bdrv - ok
19:20:56.0019 5452 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:20:56.0081 5452 b57nd60x - ok
19:20:56.0172 5452 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:20:56.0208 5452 Beep - ok
19:20:56.0400 5452 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:20:56.0437 5452 blbdrive - ok
19:20:56.0523 5452 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:20:56.0562 5452 bowser - ok
19:20:56.0628 5452 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:20:56.0670 5452 BrFiltLo - ok
19:20:56.0746 5452 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:20:56.0786 5452 BrFiltUp - ok
19:20:56.0855 5452 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:20:56.0896 5452 Brserid - ok
19:20:56.0968 5452 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:20:57.0008 5452 BrSerWdm - ok
19:20:57.0053 5452 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:20:57.0079 5452 BrUsbMdm - ok
19:20:57.0101 5452 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:20:57.0126 5452 BrUsbSer - ok
19:20:57.0245 5452 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
19:20:57.0298 5452 BthEnum - ok
19:20:57.0400 5452 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:20:57.0441 5452 BTHMODEM - ok
19:20:57.0506 5452 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:20:57.0533 5452 BthPan - ok
19:20:57.0646 5452 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
19:20:57.0677 5452 BTHPORT - ok
19:20:57.0810 5452 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
19:20:57.0849 5452 BTHUSB - ok
19:20:57.0955 5452 btusbflt (f549c3fb145a4928e40bb1518b2034dc) C:\Windows\system32\drivers\btusbflt.sys
19:20:58.0005 5452 btusbflt - ok
19:20:58.0132 5452 btwaudio (f8b4f60768328faa2ffe2727f66809f8) C:\Windows\system32\drivers\btwaudio.sys
19:20:58.0168 5452 btwaudio - ok
19:20:58.0234 5452 btwavdt (fa7446dd38de84d4988d1f2ebb854589) C:\Windows\system32\DRIVERS\btwavdt.sys
19:20:58.0267 5452 btwavdt - ok
19:20:58.0359 5452 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys
19:20:58.0381 5452 btwl2cap - ok
19:20:58.0507 5452 btwrchid (d5862fbc1cbc0404614fd9d85c8d880e) C:\Windows\system32\DRIVERS\btwrchid.sys
19:20:58.0525 5452 btwrchid - ok
19:20:58.0623 5452 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:20:58.0676 5452 cdfs - ok
19:20:58.0750 5452 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
19:20:58.0776 5452 cdrom - ok
19:20:58.0866 5452 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:20:58.0900 5452 circlass - ok
19:20:58.0954 5452 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:20:58.0989 5452 CLFS - ok
19:20:59.0102 5452 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:20:59.0149 5452 CmBatt - ok
19:20:59.0210 5452 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:20:59.0231 5452 cmdide - ok
19:20:59.0336 5452 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:20:59.0373 5452 CNG - ok
19:20:59.0501 5452 CnxtHdAudService (e7f65666aea26f7585e5947a2f5d5218) C:\Windows\system32\drivers\CHDRTN32.sys
19:20:59.0536 5452 CnxtHdAudService - ok
19:20:59.0603 5452 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:20:59.0624 5452 Compbatt - ok
19:20:59.0716 5452 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:20:59.0750 5452 CompositeBus - ok
19:20:59.0858 5452 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:20:59.0879 5452 crcdisk - ok
19:20:59.0988 5452 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
19:21:00.0019 5452 CSC - ok
19:21:00.0123 5452 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:21:00.0178 5452 DfsC - ok
19:21:00.0261 5452 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:21:00.0306 5452 discache - ok
19:21:00.0429 5452 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:21:00.0464 5452 Disk - ok
19:21:00.0620 5452 DozeHDD (6d279bb0de1d8e34f454e1b353f4d738) C:\Windows\system32\DRIVERS\DozeHDD.sys
19:21:00.0642 5452 DozeHDD - ok
19:21:00.0757 5452 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:21:00.0779 5452 drmkaud - ok
19:21:00.0908 5452 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:21:00.0945 5452 DXGKrnl - ok
19:21:01.0149 5452 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:21:01.0228 5452 ebdrv - ok
19:21:01.0380 5452 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:21:01.0411 5452 elxstor - ok
19:21:01.0479 5452 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:21:01.0502 5452 ErrDev - ok
19:21:01.0591 5452 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:21:01.0635 5452 exfat - ok
19:21:01.0690 5452 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:21:01.0730 5452 fastfat - ok
19:21:01.0830 5452 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:21:01.0871 5452 fdc - ok
19:21:01.0924 5452 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:21:01.0973 5452 FileInfo - ok
19:21:02.0061 5452 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:21:02.0107 5452 Filetrace - ok
19:21:02.0152 5452 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:21:02.0179 5452 flpydisk - ok
19:21:02.0263 5452 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:21:02.0293 5452 FltMgr - ok
19:21:02.0361 5452 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:21:02.0392 5452 FsDepends - ok
19:21:02.0468 5452 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:21:02.0491 5452 Fs_Rec - ok
19:21:02.0578 5452 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:21:02.0616 5452 fvevol - ok
19:21:02.0701 5452 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:21:02.0733 5452 gagp30kx - ok
19:21:02.0922 5452 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:21:02.0950 5452 hcw85cir - ok
19:21:03.0030 5452 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:21:03.0061 5452 HdAudAddService - ok
19:21:03.0160 5452 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:21:03.0186 5452 HDAudBus - ok
19:21:03.0282 5452 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:21:03.0347 5452 HidBatt - ok
19:21:03.0467 5452 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:21:03.0499 5452 HidBth - ok
19:21:03.0537 5452 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:21:03.0570 5452 HidIr - ok
19:21:03.0663 5452 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:21:03.0693 5452 HidUsb - ok
19:21:03.0813 5452 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:21:03.0845 5452 HpSAMD - ok
19:21:03.0992 5452 HSF_DPV (7aca9dbad8be6831c29676986c56da82) C:\Windows\system32\DRIVERS\HSX_DPV.sys
19:21:04.0033 5452 HSF_DPV - ok
19:21:04.0172 5452 HSXHWAZL (16d32741f8e4725e76455b64edcc9cf1) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
19:21:04.0203 5452 HSXHWAZL - ok
19:21:04.0286 5452 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:21:04.0339 5452 HTTP - ok
19:21:04.0423 5452 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:21:04.0451 5452 hwpolicy - ok
19:21:04.0532 5452 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:21:04.0606 5452 i8042prt - ok
19:21:04.0713 5452 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:21:04.0750 5452 iaStorV - ok
19:21:04.0854 5452 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\Windows\system32\DRIVERS\ibmpmdrv.sys
19:21:04.0878 5452 IBMPMDRV - ok
19:21:05.0075 5452 igfx (1f50623259df354776df04c56504a2d7) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:21:05.0172 5452 igfx - ok
19:21:05.0291 5452 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:21:05.0320 5452 iirsp - ok
19:21:05.0389 5452 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:21:05.0411 5452 intelide - ok
19:21:05.0499 5452 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:21:05.0538 5452 intelppm - ok
19:21:05.0587 5452 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:21:05.0651 5452 IpFilterDriver - ok
19:21:05.0747 5452 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:21:05.0791 5452 IPMIDRV - ok
19:21:05.0893 5452 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:21:05.0934 5452 IPNAT - ok
19:21:05.0990 5452 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:21:06.0017 5452 IRENUM - ok
19:21:06.0093 5452 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:21:06.0123 5452 isapnp - ok
19:21:06.0188 5452 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:21:06.0215 5452 iScsiPrt - ok
19:21:06.0255 5452 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:21:06.0286 5452 kbdclass - ok
19:21:06.0383 5452 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:21:06.0414 5452 kbdhid - ok
19:21:06.0530 5452 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:21:06.0565 5452 KSecDD - ok
19:21:06.0607 5452 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:21:06.0657 5452 KSecPkg - ok
19:21:06.0798 5452 lenovo.smi (9aac267a225f3caebb9e633f7eb16e4b) C:\Windows\system32\DRIVERS\smiif32.sys
19:21:06.0817 5452 lenovo.smi - ok
19:21:06.0908 5452 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:21:06.0956 5452 lltdio - ok
19:21:07.0063 5452 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:21:07.0100 5452 LSI_FC - ok
19:21:07.0212 5452 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:21:07.0248 5452 LSI_SAS - ok
19:21:07.0363 5452 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:21:07.0392 5452 LSI_SAS2 - ok
19:21:07.0500 5452 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:21:07.0539 5452 LSI_SCSI - ok
19:21:07.0652 5452 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:21:07.0708 5452 luafv - ok
19:21:07.0817 5452 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
19:21:07.0839 5452 mdmxsdk - ok
19:21:07.0887 5452 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:21:07.0912 5452 megasas - ok
19:21:08.0015 5452 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:21:08.0042 5452 MegaSR - ok
19:21:08.0148 5452 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:21:08.0191 5452 Modem - ok
19:21:08.0291 5452 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:21:08.0321 5452 monitor - ok
19:21:08.0390 5452 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:21:08.0421 5452 mouclass - ok
19:21:08.0532 5452 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:21:08.0562 5452 mouhid - ok
19:21:08.0670 5452 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:21:08.0711 5452 mountmgr - ok
19:21:08.0802 5452 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
19:21:08.0838 5452 MpFilter - ok
19:21:08.0919 5452 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:21:09.0006 5452 mpio - ok
19:21:09.0160 5452 MpKslcbc0b04b (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3D16D336-C2BD-4DD8-A3C7-45F383D425E6}\MpKslcbc0b04b.sys
19:21:09.0188 5452 MpKslcbc0b04b - ok
19:21:09.0332 5452 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
19:21:09.0360 5452 MpNWMon - ok
19:21:09.0460 5452 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:21:09.0511 5452 mpsdrv - ok
19:21:09.0628 5452 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:21:09.0660 5452 MRxDAV - ok
19:21:09.0736 5452 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:21:09.0765 5452 mrxsmb - ok
19:21:09.0820 5452 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:21:09.0850 5452 mrxsmb10 - ok
19:21:09.0953 5452 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:21:10.0000 5452 mrxsmb20 - ok
19:21:10.0063 5452 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:21:10.0085 5452 msahci - ok
19:21:10.0199 5452 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:21:10.0228 5452 msdsm - ok
19:21:10.0346 5452 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:21:10.0386 5452 Msfs - ok
19:21:10.0485 5452 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:21:10.0520 5452 mshidkmdf - ok
19:21:10.0640 5452 MSHUSBVideo (29e0ec2a9dc4c7913657a51dfff97856) C:\Windows\system32\Drivers\nx6000.sys
19:21:10.0665 5452 MSHUSBVideo - ok
19:21:10.0778 5452 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:21:10.0797 5452 msisadrv - ok
19:21:10.0915 5452 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:21:10.0951 5452 MSKSSRV - ok
19:21:11.0089 5452 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:21:11.0124 5452 MSPCLOCK - ok
19:21:11.0243 5452 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:21:11.0279 5452 MSPQM - ok
19:21:11.0384 5452 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:21:11.0438 5452 MsRPC - ok
19:21:11.0533 5452 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:21:11.0561 5452 mssmbios - ok
19:21:11.0630 5452 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:21:11.0664 5452 MSTEE - ok
19:21:11.0692 5452 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:21:11.0716 5452 MTConfig - ok
19:21:11.0775 5452 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:21:11.0808 5452 Mup - ok
19:21:11.0885 5452 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:21:11.0917 5452 NativeWifiP - ok
19:21:12.0038 5452 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:21:12.0083 5452 NDIS - ok
19:21:12.0203 5452 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:21:12.0245 5452 NdisCap - ok
19:21:12.0365 5452 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:21:12.0410 5452 NdisTapi - ok
19:21:12.0538 5452 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:21:12.0584 5452 Ndisuio - ok
19:21:12.0698 5452 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:21:12.0736 5452 NdisWan - ok
19:21:12.0853 5452 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:21:12.0900 5452 NDProxy - ok
19:21:12.0977 5452 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:21:13.0023 5452 NetBIOS - ok
19:21:13.0117 5452 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:21:13.0185 5452 NetBT - ok
19:21:13.0415 5452 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:21:13.0507 5452 netw5v32 - ok
19:21:13.0633 5452 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:21:13.0661 5452 nfrd960 - ok
19:21:13.0766 5452 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:21:13.0801 5452 NisDrv - ok
19:21:13.0937 5452 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:21:13.0981 5452 Npfs - ok
19:21:14.0088 5452 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:21:14.0126 5452 nsiproxy - ok
19:21:14.0268 5452 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:21:14.0424 5452 Ntfs - ok
19:21:14.0543 5452 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:21:14.0577 5452 Null - ok
19:21:14.0686 5452 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:21:14.0729 5452 nvraid - ok
19:21:14.0836 5452 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:21:14.0880 5452 nvstor - ok
19:21:14.0978 5452 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:21:15.0006 5452 nv_agp - ok
19:21:15.0064 5452 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:21:15.0098 5452 ohci1394 - ok
19:21:15.0200 5452 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:21:15.0245 5452 Parport - ok
19:21:15.0360 5452 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:21:15.0394 5452 partmgr - ok
19:21:15.0492 5452 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:21:15.0515 5452 Parvdm - ok
19:21:15.0624 5452 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:21:15.0650 5452 pci - ok
19:21:15.0741 5452 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:21:15.0759 5452 pciide - ok
19:21:15.0821 5452 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:21:15.0848 5452 pcmcia - ok
19:21:15.0869 5452 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:21:15.0899 5452 pcw - ok
19:21:15.0989 5452 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:21:16.0037 5452 PEAUTH - ok
19:21:16.0237 5452 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:21:16.0293 5452 PptpMiniport - ok
19:21:16.0401 5452 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:21:16.0433 5452 Processor - ok
19:21:16.0544 5452 psadd (72de205cd4006dc45b1401859c506679) C:\Windows\system32\DRIVERS\psadd.sys
19:21:16.0568 5452 psadd - ok
19:21:16.0636 5452 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:21:16.0692 5452 Psched - ok
19:21:16.0840 5452 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:21:16.0885 5452 ql2300 - ok
19:21:16.0998 5452 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:21:17.0041 5452 ql40xx - ok
19:21:17.0156 5452 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:21:17.0190 5452 QWAVEdrv - ok
19:21:17.0292 5452 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:21:17.0335 5452 RasAcd - ok
19:21:17.0440 5452 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:21:17.0488 5452 RasAgileVpn - ok
19:21:17.0566 5452 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:21:17.0622 5452 Rasl2tp - ok
19:21:17.0715 5452 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:21:17.0754 5452 RasPppoe - ok
19:21:17.0881 5452 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:21:17.0934 5452 RasSstp - ok
19:21:18.0049 5452 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:21:18.0094 5452 rdbss - ok
19:21:18.0149 5452 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:21:18.0177 5452 rdpbus - ok
19:21:18.0222 5452 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:21:18.0254 5452 RDPCDD - ok
19:21:18.0333 5452 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
19:21:18.0366 5452 RDPDR - ok
19:21:18.0429 5452 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:21:18.0462 5452 RDPENCDD - ok
19:21:18.0535 5452 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:21:18.0568 5452 RDPREFMP - ok
19:21:18.0675 5452 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
19:21:18.0740 5452 RDPWD - ok
19:21:18.0830 5452 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:21:18.0888 5452 rdyboost - ok
19:21:18.0974 5452 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:21:19.0003 5452 RFCOMM - ok
19:21:19.0082 5452 rimmptsk (d65ac8797f0286ed269500747d6290a4) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:21:19.0114 5452 rimmptsk - ok
19:21:19.0197 5452 rimsptsk (49ec82b44eb93374ed9988da7e0e0151) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:21:19.0228 5452 rimsptsk - ok
19:21:19.0279 5452 rismxdp (3f400c3ccd0818858602ddb37b5de719) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:21:19.0309 5452 rismxdp - ok
19:21:19.0416 5452 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:21:19.0469 5452 rspndr - ok
19:21:19.0571 5452 s1018bus (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:21:19.0611 5452 s1018bus - ok
19:21:19.0716 5452 s1018mdfl (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:21:19.0736 5452 s1018mdfl - ok
19:21:19.0851 5452 s1018mdm (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:21:19.0896 5452 s1018mdm - ok
19:21:20.0009 5452 s1018mgmt (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:21:20.0086 5452 s1018mgmt ( UnsignedFile.Multi.Generic ) - warning
19:21:20.0087 5452 s1018mgmt - detected UnsignedFile.Multi.Generic (1)
19:21:20.0193 5452 s1018nd5 (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:21:20.0214 5452 s1018nd5 - ok
19:21:20.0288 5452 s1018obex (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:21:20.0331 5452 s1018obex - ok
19:21:20.0414 5452 s1018unic (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:21:20.0458 5452 s1018unic - ok
19:21:20.0564 5452 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
19:21:20.0586 5452 s3cap - ok
19:21:20.0699 5452 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:21:20.0741 5452 sbp2port - ok
19:21:20.0900 5452 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:21:20.0939 5452 scfilter - ok
19:21:21.0005 5452 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
19:21:21.0034 5452 sdbus - ok
19:21:21.0129 5452 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:21:21.0169 5452 secdrv - ok
19:21:21.0283 5452 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:21:21.0309 5452 Serenum - ok
19:21:21.0415 5452 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:21:21.0473 5452 Serial - ok
19:21:21.0581 5452 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:21:21.0606 5452 sermouse - ok
19:21:21.0670 5452 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:21:21.0693 5452 sffdisk - ok
19:21:21.0717 5452 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:21:21.0741 5452 sffp_mmc - ok
19:21:21.0821 5452 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:21:21.0847 5452 sffp_sd - ok
19:21:21.0907 5452 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:21:21.0931 5452 sfloppy - ok
19:21:21.0979 5452 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:21:22.0010 5452 sisagp - ok
19:21:22.0121 5452 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:21:22.0151 5452 SiSRaid2 - ok
19:21:22.0255 5452 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:21:22.0288 5452 SiSRaid4 - ok
19:21:22.0408 5452 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:21:22.0464 5452 Smb - ok
19:21:22.0545 5452 smihlp (3c4a61ccb2cf32ed6e09f559b4adb6cf) C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys
19:21:22.0568 5452 smihlp - ok
19:21:22.0697 5452 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:21:22.0719 5452 spldr - ok
19:21:22.0872 5452 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
19:21:23.0565 5452 sptd - ok
19:21:23.0720 5452 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:21:23.0754 5452 srv - ok
19:21:23.0880 5452 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:21:23.0909 5452 srv2 - ok
19:21:23.0979 5452 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:21:24.0011 5452 SrvHsfHDA - ok
19:21:24.0123 5452 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:21:24.0164 5452 SrvHsfV92 - ok
19:21:24.0302 5452 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:21:24.0340 5452 SrvHsfWinac - ok
19:21:24.0440 5452 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:21:24.0469 5452 srvnet - ok
19:21:24.0546 5452 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:21:24.0568 5452 stexstor - ok
19:21:24.0657 5452 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
19:21:24.0687 5452 storflt - ok
19:21:24.0794 5452 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
19:21:24.0819 5452 storvsc - ok
19:21:24.0904 5452 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:21:24.0924 5452 swenum - ok
19:21:25.0048 5452 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:21:25.0100 5452 Tcpip - ok
19:21:25.0259 5452 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:21:25.0309 5452 TCPIP6 - ok
19:21:25.0442 5452 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:21:25.0485 5452 tcpipreg - ok
19:21:25.0584 5452 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
19:21:25.0614 5452 TcUsb - ok
19:21:25.0726 5452 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:21:25.0763 5452 TDPIPE - ok
19:21:25.0808 5452 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
19:21:25.0860 5452 TDTCP - ok
19:21:25.0954 5452 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:21:26.0011 5452 tdx - ok
19:21:26.0115 5452 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:21:26.0151 5452 TermDD - ok
19:21:26.0310 5452 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys
19:21:26.0339 5452 TPM - ok
19:21:26.0465 5452 TPPWRIF (c16ec6a5390904d3971179553852025b) C:\Windows\system32\drivers\Tppwr32v.sys
19:21:26.0483 5452 TPPWRIF - ok
19:21:26.0602 5452 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:21:26.0642 5452 tssecsrv - ok
19:21:26.0760 5452 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:21:26.0795 5452 TsUsbFlt - ok
19:21:26.0920 5452 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:21:26.0959 5452 tunnel - ok
19:21:27.0017 5452 TVTI2C (cac5d5979850c9ad41a88033013bc806) C:\Windows\system32\DRIVERS\Tvti2c.sys
19:21:27.0042 5452 TVTI2C - ok
19:21:27.0074 5452 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:21:27.0109 5452 uagp35 - ok
19:21:27.0206 5452 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:21:27.0245 5452 udfs - ok
19:21:27.0332 5452 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:21:27.0366 5452 uliagpkx - ok
19:21:27.0396 5452 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:21:27.0429 5452 umbus - ok
19:21:27.0494 5452 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:21:27.0516 5452 UmPass - ok
19:21:27.0585 5452 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
19:21:27.0629 5452 usbaudio - ok
19:21:27.0685 5452 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
19:21:27.0706 5452 usbbus - ok
19:21:27.0774 5452 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:21:27.0814 5452 usbccgp - ok
19:21:27.0881 5452 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:21:27.0906 5452 usbcir - ok
19:21:27.0961 5452 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
19:21:27.0983 5452 UsbDiag - ok
19:21:28.0057 5452 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
19:21:28.0090 5452 usbehci - ok
19:21:28.0144 5452 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:21:28.0175 5452 usbhub - ok
19:21:28.0275 5452 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
19:21:28.0300 5452 USBModem - ok
19:21:28.0364 5452 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:21:28.0390 5452 usbohci - ok
19:21:28.0412 5452 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:21:28.0441 5452 usbprint - ok
19:21:28.0562 5452 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:21:28.0597 5452 usbscan - ok
19:21:28.0699 5452 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:21:28.0742 5452 USBSTOR - ok
19:21:28.0838 5452 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
19:21:28.0865 5452 usbuhci - ok
19:21:28.0940 5452 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:21:28.0972 5452 usbvideo - ok
19:21:29.0056 5452 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:21:29.0081 5452 vdrvroot - ok
19:21:29.0152 5452 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:21:29.0180 5452 vga - ok
19:21:29.0207 5452 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:21:29.0247 5452 VgaSave - ok
19:21:29.0319 5452 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:21:29.0346 5452 vhdmp - ok
19:21:29.0462 5452 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:21:29.0494 5452 viaagp - ok
19:21:29.0561 5452 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:21:29.0594 5452 ViaC7 - ok
19:21:29.0666 5452 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:21:29.0725 5452 viaide - ok
19:21:29.0803 5452 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
19:21:29.0849 5452 vmbus - ok
19:21:29.0938 5452 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
19:21:29.0962 5452 VMBusHID - ok
19:21:30.0050 5452 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:21:30.0082 5452 volmgr - ok
19:21:30.0151 5452 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:21:30.0178 5452 volmgrx - ok
19:21:30.0220 5452 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:21:30.0248 5452 volsnap - ok
19:21:30.0344 5452 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:21:30.0390 5452 vsmraid - ok
19:21:30.0439 5452 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
19:21:30.0468 5452 vwifibus - ok
19:21:30.0505 5452 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:21:30.0531 5452 WacomPen - ok
19:21:30.0643 5452 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0696 5452 WANARP - ok
19:21:30.0700 5452 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:21:30.0755 5452 Wanarpv6 - ok
19:21:30.0885 5452 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:21:30.0906 5452 Wd - ok
19:21:30.0959 5452 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:21:30.0991 5452 Wdf01000 - ok
19:21:31.0091 5452 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:21:31.0127 5452 WfpLwf - ok
19:21:31.0161 5452 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:21:31.0183 5452 WIMMount - ok
19:21:31.0225 5452 winachsf (65445280effba80c73de3c8578b70974) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
19:21:31.0260 5452 winachsf - ok
19:21:31.0404 5452 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
19:21:31.0454 5452 WinUsb - ok
19:21:31.0581 5452 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:21:31.0606 5452 WmiAcpi - ok
19:21:31.0765 5452 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:21:31.0803 5452 ws2ifsl - ok
19:21:31.0884 5452 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:21:31.0941 5452 WudfPf - ok
19:21:32.0045 5452 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:21:32.0084 5452 WUDFRd - ok
19:21:32.0197 5452 XAudio (7e46367b80600d04dd83f41ef1c860df) C:\Windows\system32\DRIVERS\xaudio.sys
19:21:32.0217 5452 XAudio - ok
19:21:32.0335 5452 MBR (0x1B8) (e77f725e68ee1df1d03146569de28e1d) \Device\Harddisk0\DR0
19:21:32.0450 5452 \Device\Harddisk0\DR0 - ok
19:21:32.0454 5452 Boot (0x1200) (37db130c8f2d66142b39400eb0767ea8) \Device\Harddisk0\DR0\Partition0
19:21:32.0455 5452 \Device\Harddisk0\DR0\Partition0 - ok
19:21:32.0456 5452 ============================================================
19:21:32.0456 5452 Scan finished
19:21:32.0456 5452 ============================================================
19:21:32.0466 4740 Detected object count: 1
19:21:32.0466 4740 Actual detected object count: 1
19:21:39.0611 4740 s1018mgmt ( UnsignedFile.Multi.Generic ) - skipped by user
19:21:39.0611 4740 s1018mgmt ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von MaxiMax (08.03.2012 um 19:24 Uhr) Grund: verschrieben |
|
08.03.2012, 20:10
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Bundespolizei Trojaner Dann bitte jetzt CF ausführen:
__________________ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ |
|
09.03.2012, 08:28
| #19 |
| | Bundespolizei Trojaner Guten Morgen, hier das Combofix Log. Code:
ATTFilter ComboFix 12-03-08.04 - DerMax 09.03.2012 1:44.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.1177 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\DerMax\AppData\Local\lame_enc.dll
c:\users\DerMax\AppData\Local\no23xwrapper.dll
c:\users\DerMax\AppData\Local\ogg.dll
c:\users\DerMax\AppData\Local\vorbis.dll
c:\users\DerMax\AppData\Local\vorbisenc.dll
c:\users\DerMax\AppData\Local\vorbisfile.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-09 bis 2012-03-09 ))))))))))))))))))))))))))))))
.
.
2012-03-09 00:36 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8DB8D718-2CB5-426E-A453-0A4C90841843}\mpengine.dll
2012-03-08 18:08 . 2012-03-08 18:08 -------- d-----w- c:\program files\PriceGong
2012-03-07 20:24 . 2010-09-07 13:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23 -------- d-----w- c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40 -------- d-----w- C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26 -------- d-----w- c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20 -------- d-----w- c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39 -------- d-----w- c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41 285216 ----a-w- c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00 60928 ----a-w- c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10 7680 ----a-w- c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28 -------- d-----w- C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29 -------- d-----w- c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20 89570 ----a-w- c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00 527424 ------w- c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59 834624 ------w- c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48 100680 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19 176128 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46 55624 ----a-w- c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06 1322048 ----a-w- c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03 69568 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-HotKeysCmds - c:\windows\system32\hkcmd.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'Explorer.exe'(3884)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\GR\PWMRT32V.DLL
c:\progra~2\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ThinkVantage Fingerprint Software\upeksvr.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~2\LENOVO\VIRTSCRL\virtscrl.exe
c:\windows\system32\taskhost.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-09 08:22:44 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-09 07:22
.
Vor Suchlauf: 17 Verzeichnis(se), 63.405.760.512 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 62.671.544.320 Bytes frei
.
- - End Of File - - 078D2527C8609BD52BB3994B1748857D
|
|
09.03.2012, 09:49
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\program files\PriceGong
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
09.03.2012, 10:44
| #21 |
| | Bundespolizei Trojaner Bitteschön, das Combofix Log Code:
ATTFilter ComboFix 12-03-08.04 - DerMax 09.03.2012 10:09:44.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2038.1281 [GMT 1:00]
ausgeführt von:: c:\users\DerMax\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\DerMax\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\PriceGong
c:\program files\PriceGong\2.6.3\PriceGong.crx
c:\program files\PriceGong\2.6.3\PriceGongIE.dll
c:\program files\PriceGong\uninst.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-09 bis 2012-03-09 ))))))))))))))))))))))))))))))
.
.
2012-03-09 09:24 . 2012-03-09 09:24 -------- d-----w- c:\users\DerMax\AppData\Local\temp
2012-03-09 09:24 . 2012-03-09 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 07:25 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9D5D452A-77F7-49B8-B954-36D572972C80}\mpengine.dll
2012-03-07 20:24 . 2010-09-07 13:09 13680 ----a-w- c:\windows\system32\drivers\smiif32.sys
2012-03-07 20:23 . 2012-03-07 20:23 -------- d-----w- c:\program files\Common Files\SPBA
2012-03-07 15:40 . 2012-03-07 15:40 -------- d-----w- C:\_OTL
2012-03-07 07:26 . 2012-03-07 07:26 -------- d-----w- c:\program files\ESET
2012-03-06 22:20 . 2012-03-06 22:20 -------- d-----w- c:\windows\Sun
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\users\DerMax\AppData\Roaming\Malwarebytes
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-05 12:52 . 2012-03-05 12:52 -------- d-----w- c:\programdata\Malwarebytes
2012-03-05 12:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-04 23:38 . 2012-03-04 23:39 -------- d-----w- c:\users\DerMax\AppData\Roaming\kodak
2012-02-15 07:39 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:39 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:39 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:39 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-10 12:07 . 2012-02-10 12:07 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{642CADAF-A371-49C3-B939-A6ABDB1A11A1}\gapaengine.dll
2012-02-09 18:15 . 2007-08-21 12:32 98304 ----a-w- c:\windows\system32\redmonnt.dll
2012-02-09 17:28 . 1998-09-14 15:41 285216 ----a-w- c:\windows\system32\drivers\Onsio.sys
2012-02-09 17:28 . 1998-08-01 19:00 60928 ----a-w- c:\windows\system32\drivers\Smplscsi.sys
2012-02-09 17:28 . 1997-02-14 20:10 7680 ----a-w- c:\windows\system32\drivers\Onsreged.sys
2012-02-09 17:28 . 2012-02-09 17:28 -------- d-----w- C:\Kpcms
2012-02-09 17:28 . 2012-02-09 17:29 -------- d-----w- c:\program files\ScanWizard 5
2012-02-09 17:28 . 2000-01-04 05:39 212992 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ILog.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 21:20 . 2012-03-05 21:20 89570 ----a-w- c:\windows\system32\hkcmd.zip
2012-02-21 19:01 . 2011-05-22 11:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-08 06:03 . 2009-11-22 00:18 6552120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2009-11-20 23:46 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-23 02:06 . 2011-06-26 13:00 527424 ------w- c:\windows\PWMBTHLV.EXE
2012-01-23 02:06 . 2011-06-26 12:59 834624 ------w- c:\windows\system32\PWMCP32V.cpl
2012-01-23 02:06 . 2011-06-26 12:59 25968 ------w- c:\windows\system32\drivers\DOZEHDD.SYS
2012-01-23 02:06 . 2011-06-26 12:59 13424 ------w- c:\windows\system32\drivers\TPPWR32V.SYS
2012-02-19 13:03 . 2011-03-23 17:43 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2012-01-23 1322048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2011-07-14 55624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-8-5 804128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2011-07-14 15:48 100680 ----a-w- c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2009-12-02 23:19 176128 ----a-w- c:\program files\Apoint2K\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 06:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-08-07 01:15 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 17:38 62752 ----a-w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-08-07 01:15 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSQLLauncher]
2011-07-14 14:46 55624 ----a-w- c:\program files\ThinkVantage Fingerprint Software\launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2012-01-23 02:06 1322048 ----a-w- c:\progra~2\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-12 17:03 69568 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2011-08-05 10:29 159456 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-24 30560]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2012-01-23 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2012-01-23 175168]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1343400]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 268512]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-07 691696]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2012-01-23 25968]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [2011-05-30 11976]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-08-18 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-08-18 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2012-01-23 292200]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-13 17:46]
.
2012-02-21 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-09 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\DerMax\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\DerMax\AppData\Roaming\Mozilla\Firefox\Profiles\foct8zfa.default\
FF - prefs.js: browser.startup.homepage - chrome://superstart/content/index.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PriceGong - c:\program files\PriceGong\uninst.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2325422704-4038905648-3740114079-1000\Software\SecuROM\License information*]
"datasecu"=hex:1d,25,3b,fc,50,3b,69,fa,45,b4,db,74,45,ca,8f,ad,f3,f8,95,68,3b,
4a,02,2d,a5,18,2a,06,7b,80,91,67,9c,6a,79,9e,f7,45,89,0e,bb,bf,9a,65,13,71,\
"rkeysecu"=hex:a5,b5,4e,17,2f,f7,20,15,19,d7,f0,9b,e5,97,83,a8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(568)
c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\program files\ThinkVantage Fingerprint Software\infql2.dll
.
Zeit der Fertigstellung: 2012-03-09 10:25:46
ComboFix-quarantined-files.txt 2012-03-09 09:25
ComboFix2.txt 2012-03-09 07:22
.
Vor Suchlauf: 21 Verzeichnis(se), 62.728.560.640 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 62.672.936.960 Bytes frei
.
- - End Of File - - 2AE03A6A83E28C62447BE5D2CB5C5BF2
|
|
09.03.2012, 11:30
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.03.2012, 14:02
| #23 |
| | Bundespolizei Trojaner Also, hier schonmal die Logs von GMER und Osam. Das aswMBR ist irgendwann hängengeblieben. Ich werde das heute Abend nochmal laufen lassen und dir dann das Log schicken. Muss jetzt los. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-09 12:43:15
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 HITACHI_HTS542516K9SA00 rev.BBCZC3HP
Running: t3pf7xqy.exe; Driver: C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C5D369 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C96D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3352] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[3924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7562FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0 0x31 0x06 0x1E 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04 0xCD 0x0E 0x3F 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x00 0x43 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x7B 0x0D 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x65 0xF3 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@6c0e0d3d04e0 0x31 0x06 0x1E 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1ee809c@f8db7fcdec04 0xCD 0x0E 0x3F 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x80 0x00 0x43 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x14 0x7B 0x0D 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x7D 0x65 0xF3 0xCF ...
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 12:51:14 on 09.03.2012 OS: Windows 7 Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe "SystemToolsDailyTest.job" - "PC-Doctor, Inc." - C:\Program Files\PC-Doctor\uaclauncher.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PWMCP32V.cpl" - "Lenovo Group Limited" - C:\Windows\system32\PWMCP32V.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\Users\DerMax\AppData\Local\Temp\catchme.sys (File not found) "DozeHDD" (DozeHDD) - "Lenovo." - C:\Windows\System32\DRIVERS\DozeHDD.sys "fwlcipow" (fwlcipow) - ? - C:\Users\DerMax\AppData\Local\Temp\fwlcipow.sys (Hidden registry entry, rootkit activity | File not found) "Sony Ericsson Device 1018 driver (WDM)" (s1018bus) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018bus.sys "Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)" (s1018nd5) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018nd5.sys "Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)" (s1018unic) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018unic.sys "Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)" (s1018mgmt) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mgmt.sys "Sony Ericsson Device 1018 USB WMC Modem Driver" (s1018mdm) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdm.sys "Sony Ericsson Device 1018 USB WMC Modem Filter" (s1018mdfl) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018mdfl.sys "Sony Ericsson Device 1018 USB WMC OBEX Interface" (s1018obex) - "MCCI Corporation" - C:\Windows\System32\DRIVERS\s1018obex.sys "TC USB Kernel Driver" (TcUsb) - "UPEK Inc." - C:\Windows\System32\Drivers\tcusb.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {5F327514-6C5E-4d60-8F16-D07FA08A78ED} "Auto Update Property Sheet Extension" - ? - C:\Windows\system32\wuaucpl.cpl (File not found) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll {83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - c:\PROGRA~2\MICROS~4\shellext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {8FF88D21-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D27-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Context Menu Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D25-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 DragDrop Shell Extension" - ? - (File not found | COM-object registry key not found) {8FF88D23-7BD0-11D1-BFB7-00AA00262A11} "WinAce Archiver 2.69 Property Sheet Shell Extension" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Notification packages" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\DerMax\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "MSC" - "Microsoft Corporation" - "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "PSQLLauncher" - "Authentec Inc." - "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup "PWMTRV" - "Lenovo Group Limited" - rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe "Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Program Files\ThinkPad\Utilities\PWMEWSVC.EXE "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Lenovo Auto Scroll" (Lenovo.VIRTSCRLSVC) - "Lenovo Group Limited" - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe "Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE "Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe "Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "MSCamSvc" (MSCamSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft LifeCam\MSCamS32.exe "Power Manager DBC Service" (Power Manager DBC Service) - "Lenovo" - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE "SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Zune Network Sharing Service" (ZuneNetworkSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneNss.exe "Zune Windows Mobile Connectivity Service" (WMZuneComm) - "Microsoft Corporation" - c:\Program Files\Zune\WMZuneComm.exe "Zune Wireless Configuration Service" (ZuneWlanCfgSvc) - "Microsoft Corporation" - c:\Program Files\Zune\ZuneWlanCfgSvc.exe [Winlogon] -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "psfus" - "Authentec Inc." - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
09.03.2012, 14:05
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.03.2012, 23:52
| #25 |
| | Bundespolizei Trojaner So, dieses mal hats geklappt. Hier das Log. Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220 OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220 Number of processors: 2 586 0x1706
21:43:47.220 ComputerName: MEANMACHINE UserName: DerMax
21:43:48.093 Initialize success
21:43:51.806 AVAST engine defs: 12030801
21:43:57.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828 Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999 Disk 0 MBR read successfully
21:43:58.015 Disk 0 MBR scan
21:43:58.015 Disk 0 unknown MBR code
21:43:58.077 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146910 MB offset 63
21:43:58.140 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5714 MB offset 300872880
21:43:58.264 Disk 0 scanning sectors +312575760
21:43:58.639 Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805 Service scanning
21:45:51.380 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695 Modules scanning
21:48:36.428 Disk 0 trace - called modules:
21:48:37.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006 3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021 Scan finished successfully
23:47:54.205 Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205 The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"
|
|
10.03.2012, 16:31
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
10.03.2012, 22:55
| #27 |
| | Bundespolizei Trojaner Hallo Arne, hat geklappt, ohne Dateiverluste. Hier das Log. Code:
ATTFilter aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-09 21:43:47
-----------------------------
21:43:47.220 OS Version: Windows 6.1.7601 Service Pack 1
21:43:47.220 Number of processors: 2 586 0x1706
21:43:47.220 ComputerName: MEANMACHINE UserName: DerMax
21:43:48.093 Initialize success
21:43:51.806 AVAST engine defs: 12030801
21:43:57.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
21:43:57.828 Disk 0 Vendor: HITACHI_HTS542516K9SA00 BBCZC3HP Size: 152627MB BusType: 11
21:43:57.999 Disk 0 MBR read successfully
21:43:58.015 Disk 0 MBR scan
21:43:58.015 Disk 0 unknown MBR code
21:43:58.077 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 146910 MB offset 63
21:43:58.140 Disk 0 Partition 2 00 12 Compaq diag MSDOS5.0 5714 MB offset 300872880
21:43:58.264 Disk 0 scanning sectors +312575760
21:43:58.639 Disk 0 scanning C:\Windows\system32\drivers
21:45:39.805 Service scanning
21:45:51.380 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
21:46:09.695 Modules scanning
21:48:36.428 Disk 0 trace - called modules:
21:48:37.006 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
21:48:37.006 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a81260]
21:48:37.006 3 CLASSPNP.SYS[8907259e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x859a2030]
21:48:37.021 Scan finished successfully
23:47:54.205 Disk 0 MBR has been saved successfully to "C:\Users\DerMax\Desktop\MBR.dat"
23:47:54.205 The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-10 22:50:16
-----------------------------
22:50:16.141 OS Version: Windows 6.1.7601 Service Pack 1
22:50:16.141 Number of processors: 2 586 0x1706
22:50:16.141 ComputerName: MEANMACHINE UserName: DerMax
22:50:42.770 Initialize success
22:50:49.650 AVAST engine defs: 12031002
22:51:04.594 The log file has been saved successfully to "C:\Users\DerMax\Desktop\aswMBR.txt"
|
|
12.03.2012, 14:59
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Das ist was schiefgegangen. Mach das Log mit aswMBR bitte nochmal neu
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.03.2012, 16:43
| #29 |
| | Bundespolizei Trojaner Hallo Arne, was meinst du denn genau mit Log neu machen? Nochmal scannen? Vielleicht hab ich dich da einfach falsch verstanden?! Gruß, Max |
|
12.03.2012, 16:46
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei Trojaner Ja mit aswMBR ein neues Log machen! Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei Trojaner |
| 32 bit, adobe, avira, bildschirm, bingbar, booten, converter, defender, entfernen, exe-dateien, explorer, firefox, google, google earth, helper, microsoft security, microsoft security essentials, mozilla, mp3, notification, plug-in, registry, scan, security, software, svchost.exe, system, temp, trojane, trojaner, updates, vista, vista 32 bit, windows |
Linear-Darstellung
