|
Plagegeister aller Art und deren Bekämpfung: ThinkPoint vollständig entfernt?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
17.11.2010, 00:05 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
17.11.2010, 00:13 | #17 |
| ThinkPoint vollständig entfernt? Datei: Qoobox.zip empfangen
__________________Vorgang erfolgreich abgeschlossen. |
17.11.2010, 08:39 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Das Log bringt mir leider nichts...
__________________Führ mal im abgesicherten Modus das Kaspersky-TDSS-Tool aus => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ |
17.11.2010, 08:54 | #19 |
| ThinkPoint vollständig entfernt? Hat nichts gefunden, hier der Log: Code:
ATTFilter 2010/11/17 08:45:33.0598 TDSS rootkit removing tool 2.4.7.1 Nov 16 2010 08:18:13 2010/11/17 08:45:33.0598 ================================================================================ 2010/11/17 08:45:33.0598 SystemInfo: 2010/11/17 08:45:33.0598 2010/11/17 08:45:33.0598 OS Version: 6.0.6000 ServicePack: 0.0 2010/11/17 08:45:33.0598 Product type: Workstation 2010/11/17 08:45:33.0598 ComputerName: FUJITSUSIEMENSS 2010/11/17 08:45:33.0598 UserName: *** 2010/11/17 08:45:33.0598 Windows directory: C:\Windows 2010/11/17 08:45:33.0598 System windows directory: C:\Windows 2010/11/17 08:45:33.0598 Processor architecture: Intel x86 2010/11/17 08:45:33.0598 Number of processors: 2 2010/11/17 08:45:33.0598 Page size: 0x1000 2010/11/17 08:45:33.0598 Boot type: Safe boot with network 2010/11/17 08:45:33.0598 ================================================================================ 2010/11/17 08:45:34.0768 Initialize success 2010/11/17 08:45:44.0128 ================================================================================ 2010/11/17 08:45:44.0128 Scan started 2010/11/17 08:45:44.0128 Mode: Manual; 2010/11/17 08:45:44.0128 ================================================================================ 2010/11/17 08:45:44.0409 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys 2010/11/17 08:45:44.0471 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2010/11/17 08:45:44.0534 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2010/11/17 08:45:44.0565 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2010/11/17 08:45:44.0612 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2010/11/17 08:45:44.0659 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys 2010/11/17 08:45:44.0721 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2010/11/17 08:45:44.0768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2010/11/17 08:45:44.0830 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2010/11/17 08:45:44.0861 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2010/11/17 08:45:44.0924 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2010/11/17 08:45:44.0955 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2010/11/17 08:45:44.0986 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2010/11/17 08:45:45.0142 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2010/11/17 08:45:45.0205 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2010/11/17 08:45:45.0283 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/11/17 08:45:45.0345 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys 2010/11/17 08:45:45.0439 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\Windows\system32\DRIVERS\avgntflt.sys 2010/11/17 08:45:45.0485 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\Windows\system32\DRIVERS\avipbb.sys 2010/11/17 08:45:45.0548 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys 2010/11/17 08:45:45.0735 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys 2010/11/17 08:45:45.0766 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2010/11/17 08:45:45.0797 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2010/11/17 08:45:45.0875 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2010/11/17 08:45:45.0953 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2010/11/17 08:45:46.0000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2010/11/17 08:45:46.0016 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2010/11/17 08:45:46.0156 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/11/17 08:45:46.0312 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/11/17 08:45:46.0359 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys 2010/11/17 08:45:46.0468 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys 2010/11/17 08:45:46.0515 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys 2010/11/17 08:45:46.0765 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys 2010/11/17 08:45:46.0827 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys 2010/11/17 08:45:46.0889 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2010/11/17 08:45:46.0936 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys 2010/11/17 08:45:47.0014 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/11/17 08:45:47.0045 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2010/11/17 08:45:47.0061 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys 2010/11/17 08:45:47.0077 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2010/11/17 08:45:47.0123 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2010/11/17 08:45:47.0201 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys 2010/11/17 08:45:47.0279 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys 2010/11/17 08:45:47.0357 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys 2010/11/17 08:45:47.0404 DXGKrnl (a2b160c1bb13ee3303c342e551373c59) C:\Windows\System32\drivers\dxgkrnl.sys 2010/11/17 08:45:47.0482 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 2010/11/17 08:45:47.0545 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2010/11/17 08:45:47.0623 Ecache (0efc7531b936ee57fdb4e837664c509f) C:\Windows\system32\drivers\ecache.sys 2010/11/17 08:45:47.0685 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2010/11/17 08:45:47.0794 enodpl (b4556f3d468c8dcb0b259d9d866cd4c4) C:\Windows\system32\drivers\enodpl.sys 2010/11/17 08:45:47.0825 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys 2010/11/17 08:45:47.0872 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2010/11/17 08:45:47.0919 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys 2010/11/17 08:45:47.0950 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys 2010/11/17 08:45:47.0997 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/11/17 08:45:48.0044 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys 2010/11/17 08:45:48.0091 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys 2010/11/17 08:45:48.0153 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys 2010/11/17 08:45:48.0200 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys 2010/11/17 08:45:48.0247 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2010/11/17 08:45:48.0293 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/11/17 08:45:48.0403 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\Windows\system32\drivers\grmnusb.sys 2010/11/17 08:45:48.0481 hamachi (7929a161f9951d173ca9900fe7067391) C:\Windows\system32\DRIVERS\hamachi.sys 2010/11/17 08:45:48.0543 HdAudAddService (de4020f928a2f8a6327f5687f36d361b) C:\Windows\system32\drivers\CHDART.sys 2010/11/17 08:45:48.0590 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/11/17 08:45:48.0637 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys 2010/11/17 08:45:48.0699 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2010/11/17 08:45:48.0761 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys 2010/11/17 08:45:48.0808 hotcore2 (65c8824cbe8c17219a98b445610d2c75) C:\Windows\system32\drivers\hotcore2.sys 2010/11/17 08:45:48.0839 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2010/11/17 08:45:48.0917 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/11/17 08:45:48.0980 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2010/11/17 08:45:49.0058 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2010/11/17 08:45:49.0136 HTTP (ea24fe637d974a8a31bc650f478e3533) C:\Windows\system32\drivers\HTTP.sys 2010/11/17 08:45:49.0198 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\Windows\system32\DRIVERS\ewusbmdm.sys 2010/11/17 08:45:49.0276 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2010/11/17 08:45:49.0339 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/11/17 08:45:49.0463 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2010/11/17 08:45:49.0573 iaStor (de01bf14ffb150c779fd561bd0e3c5c5) C:\Windows\system32\drivers\iastor.sys 2010/11/17 08:45:49.0651 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2010/11/17 08:45:49.0791 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys 2010/11/17 08:45:49.0853 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2010/11/17 08:45:49.0900 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys 2010/11/17 08:45:49.0931 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2010/11/17 08:45:49.0978 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/11/17 08:45:50.0025 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2010/11/17 08:45:50.0072 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys 2010/11/17 08:45:50.0119 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys 2010/11/17 08:45:50.0165 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2010/11/17 08:45:50.0212 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/11/17 08:45:50.0243 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2010/11/17 08:45:50.0290 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2010/11/17 08:45:50.0353 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\drivers\jgogo.sys 2010/11/17 08:45:50.0399 JRAID (6568289bc2e9ca3e8082817f0933685b) C:\Windows\system32\drivers\jraid.sys 2010/11/17 08:45:50.0446 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/11/17 08:45:50.0509 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/11/17 08:45:50.0587 KSecDD (0a829977b078dea11641fc2af87ceade) C:\Windows\system32\Drivers\ksecdd.sys 2010/11/17 08:45:50.0665 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys 2010/11/17 08:45:50.0711 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2010/11/17 08:45:50.0743 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2010/11/17 08:45:50.0805 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2010/11/17 08:45:50.0836 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys 2010/11/17 08:45:50.0883 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2010/11/17 08:45:50.0930 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2010/11/17 08:45:50.0992 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys 2010/11/17 08:45:51.0055 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys 2010/11/17 08:45:51.0101 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys 2010/11/17 08:45:51.0133 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys 2010/11/17 08:45:51.0164 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys 2010/11/17 08:45:51.0195 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2010/11/17 08:45:51.0242 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys 2010/11/17 08:45:51.0273 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2010/11/17 08:45:51.0335 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys 2010/11/17 08:45:51.0382 mrxsmb (8af705ce1bb907932157fab821170f27) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/11/17 08:45:51.0429 mrxsmb10 (47e13ab23371be3279eef22bbfa2c1be) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/11/17 08:45:51.0445 mrxsmb20 (90b3fc7bd6b3d7ee7635debba2187f66) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/11/17 08:45:51.0491 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 2010/11/17 08:45:51.0523 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2010/11/17 08:45:51.0569 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys 2010/11/17 08:45:51.0601 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys 2010/11/17 08:45:51.0647 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys 2010/11/17 08:45:51.0694 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/11/17 08:45:51.0725 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys 2010/11/17 08:45:51.0757 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys 2010/11/17 08:45:51.0788 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/11/17 08:45:51.0819 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys 2010/11/17 08:45:51.0866 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys 2010/11/17 08:45:51.0928 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys 2010/11/17 08:45:51.0991 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys 2010/11/17 08:45:52.0037 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/11/17 08:45:52.0069 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/11/17 08:45:52.0100 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/11/17 08:45:52.0131 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys 2010/11/17 08:45:52.0147 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys 2010/11/17 08:45:52.0178 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys 2010/11/17 08:45:52.0318 NETw3v32 (acc6170d80c69e50145b370023b64ed3) C:\Windows\system32\DRIVERS\NETw3v32.sys 2010/11/17 08:45:52.0396 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2010/11/17 08:45:52.0427 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys 2010/11/17 08:45:52.0474 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys 2010/11/17 08:45:52.0568 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys 2010/11/17 08:45:52.0630 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2010/11/17 08:45:52.0661 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys 2010/11/17 08:45:52.0708 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys 2010/11/17 08:45:52.0739 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys 2010/11/17 08:45:52.0771 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2010/11/17 08:45:52.0802 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2010/11/17 08:45:52.0895 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/11/17 08:45:52.0958 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2010/11/17 08:45:52.0973 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys 2010/11/17 08:45:53.0020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2010/11/17 08:45:53.0051 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys 2010/11/17 08:45:53.0083 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 2010/11/17 08:45:53.0129 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2010/11/17 08:45:53.0192 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2010/11/17 08:45:53.0317 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys 2010/11/17 08:45:53.0348 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2010/11/17 08:45:53.0426 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys 2010/11/17 08:45:53.0488 qkbfiltr (3a9036152131478f2d6e1e8531df6825) C:\Windows\system32\DRIVERS\qkbfiltr.sys 2010/11/17 08:45:53.0582 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2010/11/17 08:45:53.0644 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2010/11/17 08:45:53.0675 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys 2010/11/17 08:45:53.0707 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys 2010/11/17 08:45:53.0753 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/11/17 08:45:53.0769 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/11/17 08:45:53.0800 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys 2010/11/17 08:45:53.0831 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/11/17 08:45:53.0878 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2010/11/17 08:45:53.0894 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys 2010/11/17 08:45:53.0941 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys 2010/11/17 08:45:54.0003 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/11/17 08:45:54.0050 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2010/11/17 08:45:54.0097 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2010/11/17 08:45:54.0143 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys 2010/11/17 08:45:54.0190 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys 2010/11/17 08:45:54.0253 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/11/17 08:45:54.0315 ROOTMODEM (d49d61312b273de069584d48c81c8b1d) C:\Windows\system32\Drivers\RootMdm.sys 2010/11/17 08:45:54.0362 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys 2010/11/17 08:45:54.0471 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 2010/11/17 08:45:54.0487 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 2010/11/17 08:45:54.0533 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2010/11/17 08:45:54.0611 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys 2010/11/17 08:45:54.0643 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/11/17 08:45:54.0705 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\Windows\System32\Drivers\SENTINEL.SYS 2010/11/17 08:45:54.0736 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys 2010/11/17 08:45:54.0767 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2010/11/17 08:45:54.0814 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys 2010/11/17 08:45:54.0892 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/11/17 08:45:54.0923 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2010/11/17 08:45:54.0970 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/11/17 08:45:55.0001 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/11/17 08:45:55.0048 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2010/11/17 08:45:55.0079 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys 2010/11/17 08:45:55.0111 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2010/11/17 08:45:55.0173 SLEE_15_DRIVER (40c0e715e1ebb2d1990c7d79cc0d79e3) C:\Windows\system32\drivers\Sleen15.sys 2010/11/17 08:45:55.0204 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys 2010/11/17 08:45:55.0251 Sntnlusb (a1ff7d99b199cea1f3df371ba70d2780) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS 2010/11/17 08:45:55.0298 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys 2010/11/17 08:45:55.0376 srv (038579c35f7cad4a4bbf735dbf83277d) C:\Windows\system32\DRIVERS\srv.sys 2010/11/17 08:45:55.0423 srv2 (6971a757af8cb5e2cbcbb76cc530db6c) C:\Windows\system32\DRIVERS\srv2.sys 2010/11/17 08:45:55.0469 srvnet (9e1a4603b874eebce0298113951abefb) C:\Windows\system32\DRIVERS\srvnet.sys 2010/11/17 08:45:55.0532 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 2010/11/17 08:45:55.0579 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys 2010/11/17 08:45:55.0625 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2010/11/17 08:45:55.0657 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2010/11/17 08:45:55.0703 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2010/11/17 08:45:55.0766 SynTP (2d2c815364a878c7e358d5f549711197) C:\Windows\system32\DRIVERS\SynTP.sys 2010/11/17 08:45:55.0828 tandpl (126d7b3b4c7b724491c604060e1f4e14) C:\Windows\system32\drivers\tandpl.sys 2010/11/17 08:45:55.0906 Tcpip (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\drivers\tcpip.sys 2010/11/17 08:45:55.0969 Tcpip6 (2c1f7005aa3b62721bfdb307bd5f5010) C:\Windows\system32\DRIVERS\tcpip.sys 2010/11/17 08:45:56.0000 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys 2010/11/17 08:45:56.0031 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys 2010/11/17 08:45:56.0062 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys 2010/11/17 08:45:56.0093 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys 2010/11/17 08:45:56.0156 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys 2010/11/17 08:45:56.0218 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/11/17 08:45:56.0265 tunmp (65e953bc0084d44498b51f59784d2a82) C:\Windows\system32\DRIVERS\tunmp.sys 2010/11/17 08:45:56.0296 tunnel (4a39bda5e0fd30bdf4884f9d33ae6105) C:\Windows\system32\DRIVERS\tunnel.sys 2010/11/17 08:45:56.0343 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2010/11/17 08:45:56.0405 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys 2010/11/17 08:45:56.0452 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2010/11/17 08:45:56.0483 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2010/11/17 08:45:56.0530 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2010/11/17 08:45:56.0561 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2010/11/17 08:45:56.0608 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys 2010/11/17 08:45:56.0686 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys 2010/11/17 08:45:56.0749 usbaudio (f6bf998ae33e3fb6c7d27f0560f1173f) C:\Windows\system32\drivers\usbaudio.sys 2010/11/17 08:45:56.0811 usbccgp (51480458e6e9863f856ebf35aae801b4) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/11/17 08:45:56.0873 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2010/11/17 08:45:56.0920 usbehci (11fa3acbf0de0286829c69e01fe705e4) C:\Windows\system32\DRIVERS\usbehci.sys 2010/11/17 08:45:56.0951 usbhub (6a7858a38b5105731e219e7c6a238730) C:\Windows\system32\DRIVERS\usbhub.sys 2010/11/17 08:45:56.0998 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2010/11/17 08:45:57.0029 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys 2010/11/17 08:45:57.0092 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys 2010/11/17 08:45:57.0139 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/11/17 08:45:57.0154 usbuhci (4013315fed70a2d293b998cbba4022ee) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/11/17 08:45:57.0263 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/11/17 08:45:57.0310 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys 2010/11/17 08:45:57.0373 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2010/11/17 08:45:57.0404 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2010/11/17 08:45:57.0435 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2010/11/17 08:45:57.0497 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys 2010/11/17 08:45:57.0560 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys 2010/11/17 08:45:57.0622 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys 2010/11/17 08:45:57.0653 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys 2010/11/17 08:45:57.0700 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2010/11/17 08:45:57.0747 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2010/11/17 08:45:57.0778 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/17 08:45:57.0794 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/17 08:45:57.0856 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2010/11/17 08:45:57.0919 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys 2010/11/17 08:45:58.0028 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2010/11/17 08:45:58.0106 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2010/11/17 08:45:58.0184 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys 2010/11/17 08:45:58.0215 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys 2010/11/17 08:45:58.0262 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/11/17 08:45:58.0309 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys 2010/11/17 08:45:58.0402 ================================================================================ 2010/11/17 08:45:58.0402 Scan finished 2010/11/17 08:45:58.0402 ================================================================================ 2010/11/17 08:46:10.0570 Deinitialize success |
17.11.2010, 14:24 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Hm, keine Funde. Mach mal im abgesicherten Modus einen Lauf mit GMER damit konnte ich letztens erst bei einem Nachbarn das Windows auf seinem Netbook retten ohne format c:
__________________ Logfiles bitte immer in CODE-Tags posten |
17.11.2010, 18:28 | #21 |
| ThinkPoint vollständig entfernt?Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net Rootkit scan 2010-11-17 16:46:18 Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD12 rev.04.0 Running: vc8x5ep7.exe; Driver: C:\Users\***\AppData\Local\Temp\pwadyaoc.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7429FBC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7426B9AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7425A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [7425CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74258AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7426CF28] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74257D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74257CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74256A64] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742EC1D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74277F56] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [742590CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74262179] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [742621A4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74267F1C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74267D3E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1672] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742983D5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16782_none_9ea1072ec96e0be7\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 556 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\***\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat??\??\C:\Users\***\AppData\Local\MICROS~1\Windows\History\History.IE5\index.dat??\??\C:\Users\***\AppData\Local\MICROS~1\Windows\History\History.IE5\MSHIST~2\index.dat??\??\C:\Users\***\AppData\Roaming\MICROS~1\Windows\IETLDC~1\index.dat??\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir??\??\C:\test0123?\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 1613 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 304253038 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 0 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 012d0853-d0d1-4298-8770-a885e89 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@00119f595885 0x9B 0x52 0x19 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@000f86903db2 0xAB 0x1F 0x6D 0x3E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 21881 Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 667 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@LeaseObtainedTime 1289894347 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@T1 1290196747 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@T2 1290423547 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{611233CE-9FF0-4A73-8032-8E8A799B114D}@LeaseTerminatesTime 1290499147 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Dhcpv6Iaid 151001975 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{0cd3b578-61f0-4015-88eb-134b6d596d34}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4e92352a-72ec-43a1-9c52-226a806baf9e}@Dhcpv6Iaid 318898260 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{4e92352a-72ec-43a1-9c52-226a806baf9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Dhcpv6Iaid 335564886 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{57c4973b-2757-46fc-8abc-d867c898a568}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Dhcpv6Iaid 201333540 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{611233ce-9ff0-4a73-8032-8e8a799b114d}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6Iaid 117445666 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Dhcpv6Iaid 369119318 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{ee0f16a9-2cd9-49cd-8cf6-b391af9f1768}@Domain Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6Iaid 100668450 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Dhcpv6Iaid 301994466 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Dhcpv6State 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@NameServer Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\{fb65f9d8-0bbf-4b39-aa3a-41e0418a8b6f}@Domain Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@00119f595885 0x9B 0x52 0x19 0x33 ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011e2fc3aa1@000f86903db2 0xAB 0x1F 0x6D 0x3E ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021091A0070400000000000F01FEC\Usage@OneNoteFilesIntl_1031 1030751820 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021092B0070400000000000F01FEC\Usage@MsoExportPdf 1030765387 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000021092B0070400000000000F01FEC\Usage@MsoExportXps 1030765277 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10070400000000000F01FEC\Usage@OutlookMAPI2Intl_1031 1030780924 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109A10070400000000000F01FEC\Usage@OUTLOOKFilesIntl_1031 1030750994 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10001400000000000F01FEC\Usage@SpellingAndGrammarFilesExp1_1040 1030753026 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10070400000000000F01FEC\Usage@SpellingAndGrammarFiles_1031 1030754482 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F10090400000000000F01FEC\Usage@SpellingAndGrammarFiles_1033 1030754437 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109F100C0400000000000F01FEC\Usage@SpellingAndGrammarFiles_1036 1030753075 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@OUTLOOKFiles 1030753500 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@ProductFiles 1030758609 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@EXCELFiles 1030756779 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119030000000000000000F01FEC\Usage@WORDFiles 1030754513 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119150000000000000000F01FEC\Usage@ProductFiles 1030751132 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002119150000000000000000F01FEC\Usage@AlwaysInstalled 1030751425 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\704000001E872D116BF00006799C897E\Usage@SpellingFiles 1030758874 Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Events\{52C5ACC0-8173-4A6A-8B23-B88FD2EABB0C} ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 09: copy of MBR ---- EOF - GMER 1.0.15 ---- Geändert von Jonas66 (17.11.2010 um 18:33 Uhr) |
17.11.2010, 19:27 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt? Ich seh da keine Hinweise, leider Es wird wohl auf format c: hinauslaufen. Du kannst selbstverständlich relevante Daten sichern, aber bitte nichts Ausführbares. Dann nimmste auch keine Schädlinge mit. Tut mit Leid für dich! Dass nach der CF-Anwendung das System nicht mehr richtig hochfährt ist ziemlich selten.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.11.2010, 08:24 | #23 |
| ThinkPoint vollständig entfernt? Ja, letztlich hat CF dem System den Rest gegeben, aber auf Dauer mit den Rootkits leben, wäre ja auch keine Lösung gewesen. Da das System seit 3 Jahren lief, hatte es das eh mal nötig. Die Passwörter sollte ich wahrscheinlich alle ändern, oder? Wie wahrscheinlich ist es, das Passwörter ausgespäht wurden? Ansonsten, für die investierte Zeit und bis hoffentlich nicht so bald wieder |
18.11.2010, 13:43 | #24 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | ThinkPoint vollständig entfernt?Zitat:
Änder einfach alle Passwörter wenn das System wieder frisch ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu ThinkPoint vollständig entfernt? |
0x00000001, 32 bit, ad-aware, ad.yieldmanager, antivir, avgntflt.sys, avira, backdoor.gbot, blockiert, bonjour, browser, computer, corp./icp, dropbox, dwm.exe, entfernen, entfernt?, error, excel, firefox, firefox.exe, flash player, free download, funktioniert nicht mehr, google, google earth, hijack.shell, home, home premium, iastor.sys, iexplore.exe, install.exe, joke.stressreducer, location, logfile, malware.packer, microsoft office word, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, pup.keylogger, saver, scan, sched.exe, searchplugins, security, senden, shell32.dll, skype.exe, software, start menu, studio, symantec, teamspeak, thinkpoint, tower, updates, visual studio, vlc media player, windows, windows updates |