Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   50€-Trojaner: auch mich hat es erwischt. (https://www.trojaner-board.de/107981-50-trojaner-mich-hat-erwischt.html)

cosinus 15.01.2012 18:39
Zitat:
\Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf )
\Device\Harddisk0\DR0 ( TDSS File System )
Das TDSS File System und den Sinowal (und bitte nur diese beiden!!) bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.

borodin 15.01.2012 22:04
So, hier ist der nächste log:
Code:
21:57:14.0078 5928        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
21:57:14.0093 5928        ============================================================
21:57:14.0093 5928        Current date / time: 2012/01/15 21:57:14.0093
21:57:14.0093 5928        SystemInfo:
21:57:14.0093 5928       
21:57:14.0093 5928        OS Version: 5.1.2600 ServicePack: 3.0
21:57:14.0093 5928        Product type: Workstation
21:57:14.0093 5928        ComputerName: ***1
21:57:14.0093 5928        UserName: ***
21:57:14.0093 5928        Windows directory: C:\WINDOWS
21:57:14.0093 5928        System windows directory: C:\WINDOWS
21:57:14.0093 5928        Processor architecture: Intel x86
21:57:14.0093 5928        Number of processors: 4
21:57:14.0093 5928        Page size: 0x1000
21:57:14.0093 5928        Boot type: Normal boot
21:57:14.0093 5928        ============================================================
21:57:14.0453 5928        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
21:57:14.0515 5928        Drive \Device\Harddisk1\DR2 - Size: 0x7470C06000, SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:57:14.0578 5928        Initialize success
21:57:21.0406 4692        ============================================================
21:57:21.0406 4692        Scan started
21:57:21.0406 4692        Mode: Manual; SigCheck; TDLFS;
21:57:21.0406 4692        ============================================================
21:57:22.0453 4692        Abiosdsk - ok
21:57:22.0453 4692        abp480n5 - ok
21:57:22.0500 4692        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:57:24.0140 4692        ACPI - ok
21:57:24.0234 4692        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:57:24.0437 4692        ACPIEC - ok
21:57:24.0531 4692        adfs            (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
21:57:24.0531 4692        adfs - ok
21:57:24.0546 4692        adpu160m - ok
21:57:24.0593 4692        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:57:24.0703 4692        aec - ok
21:57:24.0750 4692        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:57:24.0781 4692        AFD - ok
21:57:24.0796 4692        Aha154x - ok
21:57:24.0812 4692        aic78u2 - ok
21:57:24.0812 4692        aic78xx - ok
21:57:24.0828 4692        AliIde - ok
21:57:24.0890 4692        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
21:57:25.0078 4692        Ambfilt - ok
21:57:25.0156 4692        amsint - ok
21:57:25.0187 4692        ApfiltrService  (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
21:57:25.0203 4692        ApfiltrService - ok
21:57:25.0218 4692        asc - ok
21:57:25.0218 4692        asc3350p - ok
21:57:25.0234 4692        asc3550 - ok
21:57:25.0250 4692        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:57:25.0390 4692        AsyncMac - ok
21:57:25.0421 4692        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
21:57:25.0515 4692        atapi - ok
21:57:25.0531 4692        Atdisk - ok
21:57:25.0546 4692        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:57:25.0656 4692        Atmarpc - ok
21:57:25.0718 4692        ATSwpWDF        (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
21:57:25.0734 4692        ATSwpWDF - ok
21:57:25.0828 4692        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:57:25.0937 4692        audstub - ok
21:57:25.0953 4692        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:57:26.0062 4692        Beep - ok
21:57:26.0078 4692        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:57:26.0171 4692        cbidf2k - ok
21:57:26.0171 4692        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:57:26.0265 4692        CCDECODE - ok
21:57:26.0265 4692        cd20xrnt - ok
21:57:26.0265 4692        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:57:26.0375 4692        Cdaudio - ok
21:57:26.0406 4692        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:57:26.0515 4692        Cdfs - ok
21:57:26.0531 4692        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:57:26.0625 4692        Cdrom - ok
21:57:26.0625 4692        Changer - ok
21:57:26.0656 4692        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:57:26.0781 4692        CmBatt - ok
21:57:26.0796 4692        CmdIde - ok
21:57:26.0812 4692        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:57:26.0921 4692        Compbatt - ok
21:57:26.0937 4692        Cpqarray - ok
21:57:26.0937 4692        dac2w2k - ok
21:57:26.0953 4692        dac960nt - ok
21:57:26.0984 4692        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:57:27.0062 4692        Disk - ok
21:57:27.0109 4692        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:57:27.0234 4692        dmboot - ok
21:57:27.0328 4692        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:57:27.0406 4692        dmio - ok
21:57:27.0421 4692        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:57:27.0484 4692        dmload - ok
21:57:27.0531 4692        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:57:27.0593 4692        DMusic - ok
21:57:27.0609 4692        dpti2o - ok
21:57:27.0640 4692        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:57:27.0734 4692        drmkaud - ok
21:57:27.0781 4692        e1kexpress      (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
21:57:27.0796 4692        e1kexpress - ok
21:57:27.0828 4692        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:57:27.0890 4692        Fastfat - ok
21:57:27.0906 4692        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
21:57:27.0968 4692        Fdc - ok
21:57:27.0968 4692        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:57:28.0062 4692        Fips - ok
21:57:28.0171 4692        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
21:57:28.0234 4692        Flpydisk - ok
21:57:28.0265 4692        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:57:28.0343 4692        FltMgr - ok
21:57:28.0359 4692        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:57:28.0421 4692        Fs_Rec - ok
21:57:28.0437 4692        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:57:28.0500 4692        Ftdisk - ok
21:57:28.0515 4692        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:57:28.0593 4692        Gpc - ok
21:57:28.0671 4692        guardian2      (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
21:57:28.0671 4692        guardian2 - ok
21:57:28.0718 4692        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:57:28.0843 4692        HDAudBus - ok
21:57:28.0890 4692        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
21:57:28.0921 4692        HECI - ok
21:57:28.0953 4692        hpn - ok
21:57:28.0984 4692        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:57:29.0046 4692        HTTP - ok
21:57:29.0093 4692        i2omgmt - ok
21:57:29.0125 4692        i2omp - ok
21:57:29.0140 4692        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:57:29.0234 4692        i8042prt - ok
21:57:29.0265 4692        iaStor          (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
21:57:29.0296 4692        iaStor - ok
21:57:29.0312 4692        IFXTPM          (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
21:57:29.0359 4692        IFXTPM - ok
21:57:29.0421 4692        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:57:29.0484 4692        Imapi - ok
21:57:29.0531 4692        Impcd          (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
21:57:29.0562 4692        Impcd - ok
21:57:29.0562 4692        ini910u - ok
21:57:29.0734 4692        IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
21:57:29.0921 4692        IntcAzAudAddService - ok
21:57:30.0000 4692        IntelIde - ok
21:57:30.0031 4692        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:57:30.0125 4692        intelppm - ok
21:57:30.0140 4692        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:57:30.0234 4692        Ip6Fw - ok
21:57:30.0234 4692        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:57:30.0296 4692        IpFilterDriver - ok
21:57:30.0312 4692        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:57:30.0421 4692        IpInIp - ok
21:57:30.0453 4692        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:57:30.0531 4692        IpNat - ok
21:57:30.0593 4692        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:57:30.0687 4692        IPSec - ok
21:57:30.0718 4692        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:57:30.0750 4692        IRENUM - ok
21:57:30.0828 4692        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:57:30.0906 4692        isapnp - ok
21:57:30.0937 4692        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:57:31.0015 4692        Kbdclass - ok
21:57:31.0062 4692        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:57:31.0156 4692        kmixer - ok
21:57:31.0156 4692        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:57:31.0234 4692        KSecDD - ok
21:57:31.0250 4692        lbrtfdc - ok
21:57:31.0296 4692        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:57:31.0296 4692        MBAMProtector - ok
21:57:31.0359 4692        mfeavfk        (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
21:57:31.0359 4692        mfeavfk - ok
21:57:31.0468 4692        mfebopk        (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
21:57:31.0468 4692        mfebopk - ok
21:57:31.0500 4692        mfehidk        (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
21:57:31.0531 4692        mfehidk - ok
21:57:31.0531 4692        mferkdk - ok
21:57:31.0546 4692        mfesmfk - ok
21:57:31.0562 4692        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:57:31.0640 4692        mnmdd - ok
21:57:31.0671 4692        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:57:31.0750 4692        Modem - ok
21:57:31.0890 4692        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
21:57:31.0968 4692        Monfilt - ok
21:57:31.0984 4692        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:57:32.0078 4692        Mouclass - ok
21:57:32.0109 4692        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:57:32.0171 4692        MountMgr - ok
21:57:32.0250 4692        MPFP - ok
21:57:32.0250 4692        mraid35x - ok
21:57:32.0265 4692        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:57:32.0343 4692        MRxDAV - ok
21:57:32.0390 4692        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:57:32.0437 4692        MRxSmb - ok
21:57:32.0515 4692        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:57:32.0578 4692        Msfs - ok
21:57:32.0609 4692        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:57:32.0687 4692        MSKSSRV - ok
21:57:32.0703 4692        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:57:32.0765 4692        MSPCLOCK - ok
21:57:32.0796 4692        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:57:32.0875 4692        MSPQM - ok
21:57:32.0890 4692        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:57:32.0953 4692        mssmbios - ok
21:57:32.0968 4692        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
21:57:33.0078 4692        MSTEE - ok
21:57:33.0187 4692        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:57:33.0218 4692        Mup - ok
21:57:33.0250 4692        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:57:33.0343 4692        NABTSFEC - ok
21:57:33.0375 4692        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:57:33.0500 4692        NDIS - ok
21:57:33.0531 4692        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:57:33.0609 4692        NdisIP - ok
21:57:33.0640 4692        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:57:33.0671 4692        NdisTapi - ok
21:57:33.0765 4692        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:57:33.0875 4692        Ndisuio - ok
21:57:33.0906 4692        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:57:33.0968 4692        NdisWan - ok
21:57:33.0984 4692        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:57:34.0031 4692        NDProxy - ok
21:57:34.0046 4692        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:57:34.0156 4692        NetBIOS - ok
21:57:34.0203 4692        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:57:34.0312 4692        NetBT - ok
21:57:34.0406 4692        Netdevio        (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
21:57:34.0421 4692        Netdevio ( UnsignedFile.Multi.Generic ) - warning
21:57:34.0421 4692        Netdevio - detected UnsignedFile.Multi.Generic (1)
21:57:34.0546 4692        NETw5x32        (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
21:57:34.0812 4692        NETw5x32 - ok
21:57:34.0906 4692        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:57:34.0968 4692        Npfs - ok
21:57:34.0984 4692        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:57:35.0062 4692        Ntfs - ok
21:57:35.0078 4692        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:57:35.0156 4692        Null - ok
21:57:35.0375 4692        nv              (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:57:35.0796 4692        nv - ok
21:57:35.0906 4692        NVHDA          (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
21:57:35.0906 4692        NVHDA - ok
21:57:35.0921 4692        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:57:36.0015 4692        NwlnkFlt - ok
21:57:36.0031 4692        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:57:36.0109 4692        NwlnkFwd - ok
21:57:36.0140 4692        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
21:57:36.0203 4692        Parport - ok
21:57:36.0234 4692        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:57:36.0296 4692        PartMgr - ok
21:57:36.0312 4692        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:57:36.0390 4692        ParVdm - ok
21:57:36.0500 4692        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21:57:36.0531 4692        pccsmcfd - ok
21:57:36.0546 4692        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:57:36.0609 4692        PCI - ok
21:57:36.0625 4692        PCIDump - ok
21:57:36.0640 4692        PCIIde - ok
21:57:36.0656 4692        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:57:36.0718 4692        Pcmcia - ok
21:57:36.0734 4692        PDCOMP - ok
21:57:36.0734 4692        PDFRAME - ok
21:57:36.0750 4692        PDRELI - ok
21:57:36.0750 4692        PDRFRAME - ok
21:57:36.0765 4692        perc2 - ok
21:57:36.0765 4692        perc2hib - ok
21:57:36.0796 4692        PGEffect        (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
21:57:36.0843 4692        PGEffect - ok
21:57:36.0875 4692        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:57:37.0015 4692        PptpMiniport - ok
21:57:37.0062 4692        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:57:37.0140 4692        PSched - ok
21:57:37.0187 4692        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:57:37.0281 4692        Ptilink - ok
21:57:37.0281 4692        ql1080 - ok
21:57:37.0296 4692        Ql10wnt - ok
21:57:37.0296 4692        ql12160 - ok
21:57:37.0312 4692        ql1240 - ok
21:57:37.0312 4692        ql1280 - ok
21:57:37.0359 4692        QsFsFltr        (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
21:57:37.0375 4692        QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
21:57:37.0375 4692        QsFsFltr - detected UnsignedFile.Multi.Generic (1)
21:57:37.0390 4692        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:57:37.0484 4692        RasAcd - ok
21:57:37.0484 4692        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:57:37.0562 4692        Rasl2tp - ok
21:57:37.0640 4692        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:57:37.0718 4692        RasPppoe - ok
21:57:37.0765 4692        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:57:37.0843 4692        Raspti - ok
21:57:37.0859 4692        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:57:37.0937 4692        Rdbss - ok
21:57:37.0953 4692        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:57:38.0000 4692        RDPCDD - ok
21:57:38.0046 4692        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:57:38.0125 4692        rdpdr - ok
21:57:38.0203 4692        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:57:38.0234 4692        RDPWD - ok
21:57:38.0312 4692        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:57:38.0406 4692        redbook - ok
21:57:38.0453 4692        rimspci        (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
21:57:38.0468 4692        rimspci - ok
21:57:38.0468 4692        risdpcie        (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
21:57:38.0484 4692        risdpcie - ok
21:57:38.0500 4692        rixdpcie        (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
21:57:38.0531 4692        rixdpcie - ok
21:57:38.0578 4692        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:57:38.0640 4692        sdbus - ok
21:57:38.0656 4692        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:57:38.0687 4692        Secdrv - ok
21:57:38.0734 4692        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
21:57:38.0796 4692        Serial - ok
21:57:38.0812 4692        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:57:38.0906 4692        Sfloppy - ok
21:57:38.0921 4692        Simbad - ok
21:57:38.0937 4692        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:57:39.0000 4692        SLIP - ok
21:57:39.0000 4692        Sparrow - ok
21:57:39.0031 4692        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:57:39.0109 4692        splitter - ok
21:57:39.0140 4692        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:57:39.0171 4692        sr - ok
21:57:39.0187 4692        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:57:39.0218 4692        Srv - ok
21:57:39.0281 4692        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:57:39.0359 4692        streamip - ok
21:57:39.0390 4692        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:57:39.0468 4692        swenum - ok
21:57:39.0500 4692        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:57:39.0562 4692        swmidi - ok
21:57:39.0562 4692        symc810 - ok
21:57:39.0578 4692        symc8xx - ok
21:57:39.0578 4692        sym_hi - ok
21:57:39.0593 4692        sym_u3 - ok
21:57:39.0625 4692        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:57:39.0687 4692        sysaudio - ok
21:57:39.0734 4692        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:57:39.0812 4692        Tcpip - ok
21:57:39.0828 4692        tdcmdpst        (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
21:57:39.0875 4692        tdcmdpst - ok
21:57:39.0953 4692        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:57:40.0031 4692        TDPIPE - ok
21:57:40.0078 4692        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:57:40.0140 4692        TDTCP - ok
21:57:40.0171 4692        tdudf          (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
21:57:40.0187 4692        tdudf - ok
21:57:40.0203 4692        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:57:40.0265 4692        TermDD - ok
21:57:40.0296 4692        Thpdrv          (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
21:57:40.0296 4692        Thpdrv - ok
21:57:40.0312 4692        Thpevm          (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
21:57:40.0359 4692        Thpevm - ok
21:57:40.0375 4692        TMEI3E          (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
21:57:40.0390 4692        TMEI3E ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0390 4692        TMEI3E - detected UnsignedFile.Multi.Generic (1)
21:57:40.0453 4692        TosIde - ok
21:57:40.0500 4692        Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
21:57:40.0515 4692        Tosrfcom - ok
21:57:40.0546 4692        tosrfec        (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
21:57:40.0546 4692        tosrfec - ok
21:57:40.0578 4692        tos_sps32      (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
21:57:40.0593 4692        tos_sps32 - ok
21:57:40.0609 4692        trudf          (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
21:57:40.0640 4692        trudf - ok
21:57:40.0656 4692        TVALZ          (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
21:57:40.0671 4692        TVALZ - ok
21:57:40.0703 4692        TVALZFL        (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
21:57:40.0718 4692        TVALZFL ( UnsignedFile.Multi.Generic ) - warning
21:57:40.0718 4692        TVALZFL - detected UnsignedFile.Multi.Generic (1)
21:57:40.0750 4692        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:57:40.0828 4692        Udfs - ok
21:57:40.0859 4692        ultra - ok
21:57:40.0890 4692        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:57:41.0000 4692        Update - ok
21:57:41.0031 4692        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:57:41.0093 4692        usbccgp - ok
21:57:41.0125 4692        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:57:41.0187 4692        usbehci - ok
21:57:41.0187 4692        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:57:41.0250 4692        usbhub - ok
21:57:41.0296 4692        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:57:41.0390 4692        USBSTOR - ok
21:57:41.0406 4692        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
21:57:41.0468 4692        usbvideo - ok
21:57:41.0484 4692        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:57:41.0546 4692        VgaSave - ok
21:57:41.0562 4692        ViaIde - ok
21:57:41.0578 4692        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:57:41.0640 4692        VolSnap - ok
21:57:41.0656 4692        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:57:41.0734 4692        Wanarp - ok
21:57:41.0750 4692        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:57:41.0765 4692        Wdf01000 - ok
21:57:41.0781 4692        WDICA - ok
21:57:41.0812 4692        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:57:41.0890 4692        wdmaud - ok
21:57:41.0984 4692        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:57:42.0062 4692        WSTCODEC - ok
21:57:42.0109 4692        WudfPf          (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:57:42.0187 4692        WudfPf - ok
21:57:42.0250 4692        WudfRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:57:42.0281 4692        WudfRd - ok
21:57:42.0281 4692        xcpip - ok
21:57:42.0296 4692        xpsec - ok
21:57:42.0312 4692        MBR (0x1B8)    (f381baacfc1778337c007982b0c32d82) \Device\Harddisk0\DR0
21:57:42.0312 4692        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - infected
21:57:42.0312 4692        \Device\Harddisk0\DR0 - detected Backdoor.Win32.Sinowal.knf (0)
21:57:42.0343 4692        \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:57:42.0343 4692        \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:57:42.0343 4692        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
21:57:42.0515 4692        \Device\Harddisk1\DR2 - ok
21:57:42.0515 4692        Boot (0x1200)  (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
21:57:42.0531 4692        \Device\Harddisk0\DR0\Partition0 - ok
21:57:42.0531 4692        Boot (0x1200)  (da5def75bb81028110fdb12e54669dc1) \Device\Harddisk1\DR2\Partition0
21:57:42.0531 4692        \Device\Harddisk1\DR2\Partition0 - ok
21:57:42.0531 4692        ============================================================
21:57:42.0531 4692        Scan finished
21:57:42.0531 4692        ============================================================
21:57:42.0640 2992        Detected object count: 6
21:57:42.0640 2992        Actual detected object count: 6
21:58:10.0140 2992        Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992        Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992        QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992        QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992        TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992        TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0140 2992        TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
21:58:10.0140 2992        TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:58:10.0156 2992        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - will be cured on reboot
21:58:10.0187 2992        \Device\Harddisk0\DR0 - ok
21:58:10.0187 2992        \Device\Harddisk0\DR0 ( Backdoor.Win32.Sinowal.knf ) - User select action: Cure
21:58:10.0187 2992        \Device\Harddisk0\DR0\TDLFS - deleted
21:58:10.0187 2992        \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
21:58:14.0765 4616        Deinitialize success

cosinus 16.01.2012 13:56
Du solltest neu starten und ein neues Log machen

borodin 17.01.2012 17:07
So, nun der log nach Neustart!

Code:
17:05:47.0703 7104        TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
17:05:47.0718 7104        ============================================================
17:05:47.0718 7104        Current date / time: 2012/01/17 17:05:47.0718
17:05:47.0718 7104        SystemInfo:
17:05:47.0718 7104       
17:05:47.0718 7104        OS Version: 5.1.2600 ServicePack: 3.0
17:05:47.0718 7104        Product type: Workstation
17:05:47.0718 7104        ComputerName: ***1
17:05:47.0718 7104        UserName: ***
17:05:47.0718 7104        Windows directory: C:\WINDOWS
17:05:47.0718 7104        System windows directory: C:\WINDOWS
17:05:47.0718 7104        Processor architecture: Intel x86
17:05:47.0718 7104        Number of processors: 4
17:05:47.0718 7104        Page size: 0x1000
17:05:47.0718 7104        Boot type: Normal boot
17:05:47.0718 7104        ============================================================
17:05:48.0078 7104        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
17:05:48.0109 7104        Initialize success
17:05:54.0687 1860        ============================================================
17:05:54.0687 1860        Scan started
17:05:54.0687 1860        Mode: Manual; SigCheck; TDLFS;
17:05:54.0687 1860        ============================================================
17:05:54.0984 1860        Abiosdsk - ok
17:05:55.0000 1860        abp480n5 - ok
17:05:55.0062 1860        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:05:55.0406 1860        ACPI - ok
17:05:55.0437 1860        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:05:55.0531 1860        ACPIEC - ok
17:05:55.0578 1860        adfs            (73685e15ef8b0bd9c30f1af413f13d49) C:\WINDOWS\system32\drivers\adfs.sys
17:05:55.0593 1860        adfs - ok
17:05:55.0593 1860        adpu160m - ok
17:05:55.0640 1860        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:05:55.0765 1860        aec - ok
17:05:55.0859 1860        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:05:55.0921 1860        AFD - ok
17:05:55.0921 1860        Aha154x - ok
17:05:55.0937 1860        aic78u2 - ok
17:05:55.0937 1860        aic78xx - ok
17:05:55.0953 1860        AliIde - ok
17:05:56.0031 1860        Ambfilt        (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
17:05:56.0218 1860        Ambfilt - ok
17:05:56.0281 1860        amsint - ok
17:05:56.0328 1860        ApfiltrService  (c5b1284c94c90d28e1876d350e9ca297) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
17:05:56.0359 1860        ApfiltrService - ok
17:05:56.0375 1860        asc - ok
17:05:56.0375 1860        asc3350p - ok
17:05:56.0390 1860        asc3550 - ok
17:05:56.0406 1860        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:05:56.0546 1860        AsyncMac - ok
17:05:56.0578 1860        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
17:05:56.0718 1860        atapi - ok
17:05:56.0718 1860        Atdisk - ok
17:05:56.0734 1860        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:05:56.0906 1860        Atmarpc - ok
17:05:56.0984 1860        ATSwpWDF        (b693cec3751764087b76648f7cf12651) C:\WINDOWS\system32\Drivers\ATSwpWDF.sys
17:05:57.0031 1860        ATSwpWDF - ok
17:05:57.0125 1860        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:05:57.0187 1860        audstub - ok
17:05:57.0203 1860        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:05:57.0296 1860        Beep - ok
17:05:57.0312 1860        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:05:57.0375 1860        cbidf2k - ok
17:05:57.0375 1860        CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:05:57.0515 1860        CCDECODE - ok
17:05:57.0515 1860        cd20xrnt - ok
17:05:57.0531 1860        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:05:57.0593 1860        Cdaudio - ok
17:05:57.0625 1860        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:05:57.0718 1860        Cdfs - ok
17:05:57.0718 1860        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:05:57.0796 1860        Cdrom - ok
17:05:57.0812 1860        Changer - ok
17:05:57.0843 1860        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:05:58.0000 1860        CmBatt - ok
17:05:58.0000 1860        CmdIde - ok
17:05:58.0015 1860        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:05:58.0093 1860        Compbatt - ok
17:05:58.0093 1860        Cpqarray - ok
17:05:58.0109 1860        dac2w2k - ok
17:05:58.0109 1860        dac960nt - ok
17:05:58.0140 1860        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:05:58.0203 1860        Disk - ok
17:05:58.0250 1860        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:05:58.0328 1860        dmboot - ok
17:05:58.0406 1860        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:05:58.0500 1860        dmio - ok
17:05:58.0515 1860        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:05:58.0593 1860        dmload - ok
17:05:58.0640 1860        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:05:58.0781 1860        DMusic - ok
17:05:58.0796 1860        dpti2o - ok
17:05:58.0843 1860        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:05:58.0968 1860        drmkaud - ok
17:05:59.0015 1860        e1kexpress      (0c95246539ed1fbeb2d6b3b1f34cdd42) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
17:05:59.0031 1860        e1kexpress - ok
17:05:59.0062 1860        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:05:59.0187 1860        Fastfat - ok
17:05:59.0203 1860        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:05:59.0328 1860        Fdc - ok
17:05:59.0343 1860        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:05:59.0500 1860        Fips - ok
17:05:59.0609 1860        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:05:59.0734 1860        Flpydisk - ok
17:05:59.0750 1860        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:05:59.0906 1860        FltMgr - ok
17:05:59.0921 1860        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:06:00.0046 1860        Fs_Rec - ok
17:06:00.0062 1860        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:06:00.0187 1860        Ftdisk - ok
17:06:00.0218 1860        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:06:00.0359 1860        Gpc - ok
17:06:00.0406 1860        guardian2      (db3794c1e876ca318d2ba3d1d38cba8a) C:\WINDOWS\system32\Drivers\oz776.sys
17:06:00.0421 1860        guardian2 - ok
17:06:00.0515 1860        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:06:00.0671 1860        HDAudBus - ok
17:06:00.0703 1860        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\WINDOWS\system32\DRIVERS\HECI.sys
17:06:00.0734 1860        HECI - ok
17:06:00.0796 1860        HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:06:00.0921 1860        HidUsb - ok
17:06:00.0921 1860        hpn - ok
17:06:00.0968 1860        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:06:01.0031 1860        HTTP - ok
17:06:01.0109 1860        i2omgmt - ok
17:06:01.0125 1860        i2omp - ok
17:06:01.0140 1860        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:06:01.0296 1860        i8042prt - ok
17:06:01.0328 1860        iaStor          (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\WINDOWS\system32\drivers\iaStor.sys
17:06:01.0343 1860        iaStor - ok
17:06:01.0375 1860        IFXTPM          (91c5e9f49f32110ced27e2f902fad607) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
17:06:01.0437 1860        IFXTPM - ok
17:06:01.0500 1860        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:06:01.0593 1860        Imapi - ok
17:06:01.0640 1860        Impcd          (03c0d99bc2913226f1cea7cb0d984659) C:\WINDOWS\system32\DRIVERS\Impcd.sys
17:06:01.0671 1860        Impcd - ok
17:06:01.0687 1860        ini910u - ok
17:06:01.0875 1860        IntcAzAudAddService (74bd9d8ede748b33b2f2aaba941cba5a) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:06:02.0156 1860        IntcAzAudAddService - ok
17:06:02.0234 1860        IntelIde - ok
17:06:02.0265 1860        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:06:02.0406 1860        intelppm - ok
17:06:02.0437 1860        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:06:02.0562 1860        Ip6Fw - ok
17:06:02.0562 1860        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:06:02.0703 1860        IpFilterDriver - ok
17:06:02.0703 1860        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:06:02.0796 1860        IpInIp - ok
17:06:02.0828 1860        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:06:02.0890 1860        IpNat - ok
17:06:02.0937 1860        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:06:03.0015 1860        IPSec - ok
17:06:03.0031 1860        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:06:03.0062 1860        IRENUM - ok
17:06:03.0093 1860        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:06:03.0171 1860        isapnp - ok
17:06:03.0265 1860        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:06:03.0406 1860        Kbdclass - ok
17:06:03.0453 1860        kbdhid          (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:06:03.0593 1860        kbdhid - ok
17:06:03.0671 1860        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:06:03.0812 1860        kmixer - ok
17:06:03.0828 1860        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:06:03.0906 1860        KSecDD - ok
17:06:03.0921 1860        lbrtfdc - ok
17:06:03.0968 1860        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:06:03.0984 1860        MBAMProtector - ok
17:06:04.0109 1860        mfeavfk        (cde41293db871a75cd99eb0ce781356b) C:\WINDOWS\system32\drivers\mfeavfk.sys
17:06:04.0125 1860        mfeavfk - ok
17:06:04.0187 1860        mfebopk        (e22385f64bdf0ad81157479496e33c4a) C:\WINDOWS\system32\drivers\mfebopk.sys
17:06:04.0187 1860        mfebopk - ok
17:06:04.0250 1860        mfehidk        (56d330981866a72f061dd16cc5004513) C:\WINDOWS\system32\drivers\mfehidk.sys
17:06:04.0265 1860        mfehidk - ok
17:06:04.0281 1860        mferkdk - ok
17:06:04.0281 1860        mfesmfk - ok
17:06:04.0328 1860        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:06:04.0468 1860        mnmdd - ok
17:06:04.0546 1860        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:06:04.0687 1860        Modem - ok
17:06:04.0812 1860        Monfilt        (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
17:06:04.0906 1860        Monfilt - ok
17:06:04.0937 1860        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:06:05.0078 1860        Mouclass - ok
17:06:05.0171 1860        mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:06:05.0312 1860        mouhid - ok
17:06:05.0343 1860        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:06:05.0468 1860        MountMgr - ok
17:06:05.0468 1860        MPFP - ok
17:06:05.0484 1860        mraid35x - ok
17:06:05.0484 1860        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:06:05.0593 1860        MRxDAV - ok
17:06:05.0640 1860        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:06:05.0671 1860        MRxSmb - ok
17:06:05.0687 1860        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:06:05.0796 1860        Msfs - ok
17:06:05.0812 1860        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:06:05.0968 1860        MSKSSRV - ok
17:06:06.0031 1860        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:06:06.0093 1860        MSPCLOCK - ok
17:06:06.0125 1860        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:06:06.0203 1860        MSPQM - ok
17:06:06.0218 1860        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:06:06.0281 1860        mssmbios - ok
17:06:06.0312 1860        MSTEE          (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:06:06.0390 1860        MSTEE - ok
17:06:06.0421 1860        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:06:06.0453 1860        Mup - ok
17:06:06.0531 1860        NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:06:06.0687 1860        NABTSFEC - ok
17:06:06.0718 1860        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:06:06.0843 1860        NDIS - ok
17:06:06.0875 1860        NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:06:07.0015 1860        NdisIP - ok
17:06:07.0046 1860        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:06:07.0093 1860        NdisTapi - ok
17:06:07.0171 1860        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:06:07.0296 1860        Ndisuio - ok
17:06:07.0343 1860        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:06:07.0406 1860        NdisWan - ok
17:06:07.0437 1860        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:06:07.0500 1860        NDProxy - ok
17:06:07.0515 1860        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:06:07.0578 1860        NetBIOS - ok
17:06:07.0625 1860        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:06:07.0703 1860        NetBT - ok
17:06:07.0781 1860        Netdevio        (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:06:07.0796 1860        Netdevio ( UnsignedFile.Multi.Generic ) - warning
17:06:07.0796 1860        Netdevio - detected UnsignedFile.Multi.Generic (1)
17:06:07.0953 1860        NETw5x32        (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:06:08.0171 1860        NETw5x32 - ok
17:06:08.0281 1860        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:06:08.0421 1860        Npfs - ok
17:06:08.0437 1860        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:06:08.0625 1860        Ntfs - ok
17:06:08.0656 1860        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:06:08.0781 1860        Null - ok
17:06:09.0046 1860        nv              (3aa257bbeccc1cef9b305ed2dd86d032) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:06:09.0578 1860        nv - ok
17:06:09.0687 1860        NVHDA          (04b3177ed656f1d3a6ebf48f5beea8a8) C:\WINDOWS\system32\drivers\nvhda32.sys
17:06:09.0703 1860        NVHDA - ok
17:06:09.0718 1860        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:06:09.0843 1860        NwlnkFlt - ok
17:06:09.0875 1860        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:06:10.0000 1860        NwlnkFwd - ok
17:06:10.0046 1860        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
17:06:10.0187 1860        Parport - ok
17:06:10.0203 1860        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:06:10.0328 1860        PartMgr - ok
17:06:10.0359 1860        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:06:10.0500 1860        ParVdm - ok
17:06:10.0593 1860        pccsmcfd        (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
17:06:10.0656 1860        pccsmcfd - ok
17:06:10.0671 1860        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:06:10.0796 1860        PCI - ok
17:06:10.0796 1860        PCIDump - ok
17:06:10.0812 1860        PCIIde - ok
17:06:10.0843 1860        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:06:10.0937 1860        Pcmcia - ok
17:06:10.0937 1860        PDCOMP - ok
17:06:10.0953 1860        PDFRAME - ok
17:06:10.0968 1860        PDRELI - ok
17:06:10.0968 1860        PDRFRAME - ok
17:06:10.0984 1860        perc2 - ok
17:06:10.0984 1860        perc2hib - ok
17:06:11.0015 1860        PGEffect        (1b5011dd8d57f53aed31ff0f7d635802) C:\WINDOWS\system32\DRIVERS\pgeffect.sys
17:06:11.0062 1860        PGEffect - ok
17:06:11.0109 1860        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:06:11.0234 1860        PptpMiniport - ok
17:06:11.0265 1860        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:06:11.0328 1860        PSched - ok
17:06:11.0343 1860        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:06:11.0421 1860        Ptilink - ok
17:06:11.0500 1860        ql1080 - ok
17:06:11.0515 1860        Ql10wnt - ok
17:06:11.0531 1860        ql12160 - ok
17:06:11.0531 1860        ql1240 - ok
17:06:11.0546 1860        ql1280 - ok
17:06:11.0562 1860        QsFsFltr        (8b1d0cdd82174c5421a1fc547a15f724) C:\WINDOWS\system32\DRIVERS\QsFsFltr.sys
17:06:11.0593 1860        QsFsFltr ( UnsignedFile.Multi.Generic ) - warning
17:06:11.0593 1860        QsFsFltr - detected UnsignedFile.Multi.Generic (1)
17:06:11.0593 1860        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:06:11.0750 1860        RasAcd - ok
17:06:11.0781 1860        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:06:11.0890 1860        Rasl2tp - ok
17:06:11.0906 1860        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:06:12.0015 1860        RasPppoe - ok
17:06:12.0031 1860        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:06:12.0093 1860        Raspti - ok
17:06:12.0187 1860        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:06:12.0265 1860        Rdbss - ok
17:06:12.0296 1860        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:06:12.0359 1860        RDPCDD - ok
17:06:12.0390 1860        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:06:12.0468 1860        rdpdr - ok
17:06:12.0515 1860        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:06:12.0546 1860        RDPWD - ok
17:06:12.0671 1860        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:06:12.0796 1860        redbook - ok
17:06:12.0843 1860        rimspci        (af213955c4d952c914620e8db0cd0cf7) C:\WINDOWS\system32\DRIVERS\rimspe86.sys
17:06:12.0859 1860        rimspci - ok
17:06:12.0875 1860        risdpcie        (85cba4b868a9daaa2dd5e3952f396982) C:\WINDOWS\system32\DRIVERS\risdpe86.sys
17:06:12.0890 1860        risdpcie - ok
17:06:12.0906 1860        rixdpcie        (764c1f3453e779724ba647327de7ddd4) C:\WINDOWS\system32\DRIVERS\rixdpe86.sys
17:06:12.0921 1860        rixdpcie - ok
17:06:12.0953 1860        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
17:06:13.0109 1860        sdbus - ok
17:06:13.0187 1860        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:06:13.0218 1860        Secdrv - ok
17:06:13.0250 1860        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
17:06:13.0375 1860        Serial - ok
17:06:13.0390 1860        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:06:13.0531 1860        Sfloppy - ok
17:06:13.0546 1860        Simbad - ok
17:06:13.0546 1860        SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:06:13.0671 1860        SLIP - ok
17:06:13.0687 1860        Sparrow - ok
17:06:13.0718 1860        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:06:13.0828 1860        splitter - ok
17:06:13.0859 1860        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:06:13.0921 1860        sr - ok
17:06:14.0015 1860        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:06:14.0093 1860        Srv - ok
17:06:14.0125 1860        streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:06:14.0265 1860        streamip - ok
17:06:14.0265 1860        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:06:14.0343 1860        swenum - ok
17:06:14.0375 1860        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:06:14.0437 1860        swmidi - ok
17:06:14.0437 1860        symc810 - ok
17:06:14.0453 1860        symc8xx - ok
17:06:14.0453 1860        sym_hi - ok
17:06:14.0468 1860        sym_u3 - ok
17:06:14.0484 1860        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:06:14.0546 1860        sysaudio - ok
17:06:14.0656 1860        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:06:14.0750 1860        Tcpip - ok
17:06:14.0765 1860        tdcmdpst        (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
17:06:14.0828 1860        tdcmdpst - ok
17:06:14.0859 1860        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:06:15.0000 1860        TDPIPE - ok
17:06:15.0046 1860        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:06:15.0187 1860        TDTCP - ok
17:06:15.0218 1860        tdudf          (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
17:06:15.0234 1860        tdudf - ok
17:06:15.0250 1860        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:06:15.0390 1860        TermDD - ok
17:06:15.0421 1860        Thpdrv          (e00f0f7e4d4412da2f1b82a873229e47) C:\WINDOWS\system32\DRIVERS\thpdrv.sys
17:06:15.0421 1860        Thpdrv - ok
17:06:15.0437 1860        Thpevm          (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS
17:06:15.0453 1860        Thpevm - ok
17:06:15.0484 1860        TMEI3E          (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS
17:06:15.0515 1860        TMEI3E ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0515 1860        TMEI3E - detected UnsignedFile.Multi.Generic (1)
17:06:15.0546 1860        TosIde - ok
17:06:15.0578 1860        Tosrfcom        (1ad9eb1b5abd0aeee4084c8153476f1e) C:\WINDOWS\system32\drivers\Tosrfcom.sys
17:06:15.0593 1860        Tosrfcom - ok
17:06:15.0625 1860        tosrfec        (9ee240f7029771b21cc6200be6516d60) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
17:06:15.0625 1860        tosrfec - ok
17:06:15.0640 1860        tos_sps32      (4399a9bf7d8f49991a07fd86590a1619) C:\WINDOWS\system32\DRIVERS\tos_sps32.sys
17:06:15.0656 1860        tos_sps32 - ok
17:06:15.0671 1860        trudf          (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
17:06:15.0703 1860        trudf - ok
17:06:15.0734 1860        TVALZ          (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS
17:06:15.0765 1860        TVALZ - ok
17:06:15.0796 1860        TVALZFL        (e03f5ca8d4edb4ce8141a3242e1261f8) C:\WINDOWS\system32\DRIVERS\TVALZFL.sys
17:06:15.0828 1860        TVALZFL ( UnsignedFile.Multi.Generic ) - warning
17:06:15.0828 1860        TVALZFL - detected UnsignedFile.Multi.Generic (1)
17:06:15.0859 1860        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:06:15.0968 1860        Udfs - ok
17:06:15.0984 1860        ultra - ok
17:06:16.0015 1860        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:06:16.0093 1860        Update - ok
17:06:16.0156 1860        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:06:16.0218 1860        usbccgp - ok
17:06:16.0234 1860        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:06:16.0312 1860        usbehci - ok
17:06:16.0328 1860        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:06:16.0390 1860        usbhub - ok
17:06:16.0421 1860        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:06:16.0500 1860        usbprint - ok
17:06:16.0546 1860        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:06:16.0593 1860        USBSTOR - ok
17:06:16.0609 1860        usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:06:16.0671 1860        usbvideo - ok
17:06:16.0687 1860        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:06:16.0750 1860        VgaSave - ok
17:06:16.0750 1860        ViaIde - ok
17:06:16.0781 1860        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:06:16.0843 1860        VolSnap - ok
17:06:16.0859 1860        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:06:16.0937 1860        Wanarp - ok
17:06:16.0984 1860        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:06:17.0015 1860        Wdf01000 - ok
17:06:17.0078 1860        WDICA - ok
17:06:17.0125 1860        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:06:17.0203 1860        wdmaud - ok
17:06:17.0281 1860        WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:06:17.0343 1860        WSTCODEC - ok
17:06:17.0390 1860        WudfPf          (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:06:17.0437 1860        WudfPf - ok
17:06:17.0484 1860        WudfRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:06:17.0515 1860        WudfRd - ok
17:06:17.0546 1860        xcpip - ok
17:06:17.0578 1860        xpsec - ok
17:06:17.0609 1860        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:06:17.0843 1860        \Device\Harddisk0\DR0 - ok
17:06:17.0859 1860        Boot (0x1200)  (d197ec57a47729b3667f4c56a4b6427b) \Device\Harddisk0\DR0\Partition0
17:06:17.0859 1860        \Device\Harddisk0\DR0\Partition0 - ok
17:06:17.0859 1860        ============================================================
17:06:17.0859 1860        Scan finished
17:06:17.0859 1860        ============================================================
17:06:17.0968 5936        Detected object count: 4
17:06:17.0968 5936        Actual detected object count: 4
17:06:22.0203 5936        Netdevio ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936        Netdevio ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936        QsFsFltr ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936        QsFsFltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936        TMEI3E ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936        TMEI3E ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:22.0203 5936        TVALZFL ( UnsignedFile.Multi.Generic ) - skipped by user
17:06:22.0203 5936        TVALZFL ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:06:24.0531 0304        Deinitialize success

cosinus 17.01.2012 21:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

borodin 19.01.2012 14:28
Hallo Arne,
ich habe Probleme, McAfee Internet Security (Toshiba-Lizensierung) abzuschalten. Recherche hierzu brachte nichts zu Tage. Kann ich ComboFix auch im abgesicherten Modus laufen lassen?
Besten Dank,
Jens

cosinus 19.01.2012 16:42
Ja geht notfalls auch. Ich würde dir aber eh empfehlen diese Suite nicht zu nutzen und daher zu deinstallieren. Reiner Virenscanner plus Windows-Firefall ist sinnvoller

borodin 20.01.2012 10:11
So, hier ist nun der log von ComboFix:

Code:
ComboFix 12-01-18.04 -  20.01.2012  7:21.1.4 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3056.2741 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee  Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\$PatchCache$\Managed\3706342866B54DD48A51342744051302\15.1.0\distributor.ini2
c:\windows\IsUn0407.exe
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-20 bis 2012-01-20  ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34        --------        d-----w-        c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09        --------        d-----w-        C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06        --------        d-----w-        c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10        36352        -c--a-w-        c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10        36352        ----a-w-        c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\PJLMON.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27        371200        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03        24376        ----a-w-        c:\programme\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38        285504        ----a-w-        c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM        REG_MULTI_SZ          WINRM
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 07:25
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
Zeit der Fertigstellung: 2012-01-20  07:26:50
ComboFix-quarantined-files.txt  2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.232.851.456 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.384.272.384 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - CB4AEE3B60B1C63760C96011003490CE

cosinus 20.01.2012 12:25
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"=-
"5353:TCP"=-
"3389:TCP"=-
"65533:TCP"=-
"52344:TCP"=-

File::
c:\windows\system32\drivers\xcpip.sys
c:\windows\system32\drivers\xpsec.sys
       
Driver::
xcpip
xpsec
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

borodin 20.01.2012 14:43
Und der nächste log (auch im abgesichterten Modus lief McAfee):
Code:
ComboFix 12-01-18.04 -  20.01.2012  12:47:18.2.4 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3056.2750 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee  Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-20 bis 2012-01-20  ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34        --------        d-----w-        c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09        --------        d-----w-        C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06        --------        d-----w-        c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10        36352        -c--a-w-        c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10        36352        ----a-w-        c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\PJLMON.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27        371200        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03        24376        ----a-w-        c:\programme\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-20_06.25.39  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 11:55 . 2012-01-20 11:55        53248              c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25        53248              c:\windows\temp\catchme.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38        285504        ----a-w-        c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
S1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
S2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
S2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
S2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
S2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
S2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
S2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
S2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
S3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
S3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM        REG_MULTI_SZ          WINRM
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 141.2.22.74 141.2.149.10 141.2.86.211
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-20 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
.
- - - - - - - > 'Explorer.exe'(1948)
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
Zeit der Fertigstellung: 2012-01-20  12:56:09
ComboFix-quarantined-files.txt  2012-01-20 11:56
ComboFix2.txt  2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 244.319.555.584 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 244.303.568.896 Bytes frei
.
- - End Of File - - C68F55B1E045E3079112AF6BA2CE746B

cosinus 20.01.2012 21:03
Also irgendwie war das nichts :wtf:
Hast du alles so in die CFScript.txt kopiert wie es sollte?
Wiederhol das bitte. Wenn's geht im normalen Modus

borodin 21.01.2012 12:35
Hallo Arne,
habe wahrscheinlich wieder den gleichen log.
Ich schaffe es nicht, McAfee abzuschalten. Soll ich die Suite deinstallieren und dann noch einmal alles laufen lassen?
Anbei der log:

Code:
ComboFix 12-01-19.02 -  21.01.2012  12:21:46.3.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3056.2085 [GMT 1:00]
ausgeführt von:: c:\combofix\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee  Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-21 bis 2012-01-21  ))))))))))))))))))))))))))))))
.
.
2012-01-14 14:09 . 2012-01-16 06:34        --------        d-----w-        c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09        --------        d-----w-        C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06        --------        d-----w-        c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10        36352        -c--a-w-        c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10        36352        ----a-w-        c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\PJLMON.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27        371200        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2008-04-14 07:30        2029568        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 2008-04-14 07:29        2151424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-14 12:01 . 2010-09-17 10:03        24376        ----a-w-        c:\programme\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-20_06.25.39  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-20 13:37 . 2012-01-20 13:37        16384              c:\windows\temp\Perflib_Perfdata_784.dat
+ 2012-01-21 11:29 . 2012-01-21 11:29        53248              c:\windows\temp\catchme.dll
- 2012-01-20 06:25 . 2012-01-20 06:25        53248              c:\windows\temp\catchme.dll
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38        285504        ----a-w-        c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
"ANT Agent"="c:\programme\Garmin\ANT Agent\ANT Agent.exe" [2011-11-07 14767976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"mcui_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [14.10.2002 05:45 94880]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM        REG_MULTI_SZ          WINRM
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-20 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: McAfee SiteAdvisor: {4ED1F68A-5463-4931-9384-8FFF5ED91D92} - c:\programme\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-21 12:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
c:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
.
- - - - - - - > 'Explorer.exe'(7492)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
c:\programme\TOSHIBA\TME3\TMEEJMD.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Zeit der Fertigstellung: 2012-01-21  12:30:46
ComboFix-quarantined-files.txt  2012-01-21 11:30
ComboFix2.txt  2012-01-20 13:44
ComboFix3.txt  2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.161.080.832 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.150.959.616 Bytes frei
.
- - End Of File - - 594632290B91DBAB65FC304C7455E03E
Besten Dank im Voraus und ein schönes Wochenende wünscht
Jens

cosinus 23.01.2012 11:32
Zitat:
McAfee abzuschalten. Soll ich die Suite deinstallieren und dann noch einmal alles laufen lassen?
Ja deinstallier den Unsinn mal. Eine Suite ist eh kontraproduktiver Mist.

borodin 25.01.2012 07:24
So, nach Deistallation und Neustart meledete ComboFix wieder McAfee. Lief aber weiter. Allerdings mit "eingeschränkter Funktionalität", da es "abgelaufen" sei.

Hier ist ist der log:
Code:
ComboFix 12-01-18.04 -  24.01.2012  21:56:50.4.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3056.2226 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\***\Desktop\CFScript.txt
AV: McAfee  Anti-Virus und Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee  Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-12-24 bis 2012-01-24  ))))))))))))))))))))))))))))))
.
.
2012-01-24 12:23 . 2012-01-24 12:24        --------        d-----w-        c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:24        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\ScreeNet iSaver
2012-01-24 12:23 . 2012-01-24 12:23        --------        d-----w-        c:\programme\iSaver
2012-01-14 14:09 . 2012-01-16 06:34        --------        d-----w-        c:\windows\LastGood
2012-01-13 20:09 . 2012-01-13 20:09        --------        d-----w-        C:\_OTL
2012-01-12 20:06 . 2012-01-12 20:06        --------        d-----w-        c:\programme\ESET
2012-01-11 13:30 . 2012-01-11 13:30        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-01-11 13:30 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2012-01-11 13:15 . 2012-01-11 13:15        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-01-11 08:24 . 2008-04-13 23:10        36352        -c--a-w-        c:\windows\system32\dllcache\disk.sys
2012-01-11 08:24 . 2008-04-13 23:10        36352        ----a-w-        c:\windows\system32\drivers\disk.sys
2012-01-06 15:47 . 2008-04-14 12:00        15360        ----a-w-        c:\windows\system32\PJLMON.DLL
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2010-03-31 04:27        293888        ----a-w-        c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2010-03-31 04:27        1859712        ----a-w-        c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\packager.exe
2011-11-16 14:21 . 2010-03-31 04:27        354816        ----a-w-        c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2010-03-31 04:27        152064        ----a-w-        c:\windows\system32\schannel.dll
2011-11-14 16:10 . 2011-06-01 17:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 15:28 . 2010-03-31 04:27        387072        ----a-w-        c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 2010-03-31 04:27        1297920        ----a-w-        c:\windows\system32\quartz.dll
2011-11-01 20:35 . 2010-03-31 04:27        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-11-01 20:35 . 2010-03-31 04:27        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-11-01 20:35 . 2010-03-31 04:27        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-11-01 20:34 . 2010-03-31 04:27        371200        ----a-w-        c:\windows\system32\html.iec
2011-11-01 16:07 . 2010-03-31 04:27        1288704        ----a-w-        c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2010-03-31 04:27        33280        ----a-w-        c:\windows\system32\csrsrv.dll
2011-04-14 12:01 . 2010-09-17 10:03        24376        ----a-w-        c:\programme\mozilla firefox\components\Scriptff.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-01-20_06.25.39  )))))))))))))))))))))))))))))))))))))))))
.
+ 1601-01-01 00:00 . 1601-01-01 00:00        0              c:\windows\temp\catchme.dll
+ 2012-01-24 20:52 . 2012-01-24 20:52        16384              c:\windows\temp\Perflib_Perfdata_6a8.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]
@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"
[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]
2010-02-04 00:38        285504        ----a-w-        c:\programme\TrueSuite\TrueSuite.FPLOlayIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
"NokiaOviSuite2"="c:\programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-02-24 385928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2009-06-17 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 24576]
"Apoint"="c:\programme\Apoint2K\Apoint.exe" [2009-09-10 241664]
"TouchED"="c:\programme\TOSHIBA\TouchED\TouchED.exe" [2005-09-01 118784]
"TMERzCtl.EXE"="c:\programme\TOSHIBA\TME3\TMERzCtl.EXE" [2009-12-10 86016]
"TMESRV.EXE"="c:\programme\TOSHIBA\TME3\TMESRV31.EXE" [2009-11-20 118784]
"TNRotate"="c:\programme\TOSHIBA\TNRotate\TNRotate.exe" [2010-02-22 607616]
"SmoothView"="c:\programme\TOSHIBA\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe" [2009-08-31 143360]
"TosHKCW.exe"="c:\programme\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2009-07-02 225280]
"TUSBSleepChargeSrv"="c:\programme\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]
"DDWMon"="c:\programme\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"IMSS"="c:\programme\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2009-09-30 111640]
"nwiz"="nwiz.exe" [2009-12-08 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-12-08 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-12-08 14786560]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-02 18782720]
"TFncKy"="TFncKy.exe" [BU]
"ITSecMng"="c:\programme\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"NDSTray.exe"="NDSTray.exe" [BU]
"TosSENotify"="c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 611672]
"TFNF5"="TFNF5.exe" [2010-02-02 1140032]
"TPSODDCtl"="TPSODDCtl.exe" [2009-11-23 118784]
"TPSMain"="TPSMain.exe" [2009-11-23 303104]
"TWebCamera"="c:\programme\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-12-09 2454840]
"TosWaitSrv"="c:\programme\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-05 611672]
"ClientAppLogon"="c:\programme\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-02-04 307008]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2011-08-08 611712]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"QuiKProtect"="c:\programme\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"PrnStatusMX"="c:\programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe" [2007-08-29 1077248]
"TkBellExe"="c:\programme\real\realplayer\update\realsched.exe" [2011-10-26 273528]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"iSaverCtrl"="c:\programme\iSaver\iSaverCtrl.exe" [2008-07-07 1142784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"TOSHIBA Online Product Information"="c:\programme\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-03-16 6158240]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Bluetooth Manager.lnk - c:\programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-1-6 2717024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Gemeinsame Dateien\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [29.06.2009 09:25 29760]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [11.05.2009 18:11 6528]
R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [14.10.2002 05:24 5888]
R2 ATService;AuthenTec Fingerprint Service;c:\programme\Fingerprint Sensor\ATService.exe [16.11.2009 01:10 2034936]
R2 FPLService;TrueSuiteService;c:\programme\TrueSuite\TrueSuite.Service.exe [04.02.2010 01:38 108352]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [11.01.2012 14:30 652872]
R2 QSCopyEngine;QSCopyEngine;c:\programme\Iomega\QuikProtect\QpMonitor.exe [24.06.2010 16:04 247088]
R2 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [01.06.2010 19:41 47104]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [01.06.2010 19:41 48128]
R2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [01.06.2010 19:41 38400]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.03.2007 12:22 105856]
R2 Tmesrv;Tmesrv3;c:\programme\TOSHIBA\TME3\TMESRV31.exe [14.10.2002 05:24 118784]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.02.2007 12:15 134016]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [30.04.2008 20:09 4992]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [01.06.2010 19:31 2320920]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [01.06.2010 19:47 671488]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [31.03.2010 05:27 160424]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14.10.2002 04:45 44800]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [01.06.2010 19:36 132352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11.01.2012 14:30 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12.10.2009 22:33 57576]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [01.06.2010 19:46 24064]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [05.11.2009 08:15 111960]
R3 TPCHSrv;TPCH Service;c:\programme\TOSHIBA\TPHM\TPCHSrv.exe [05.02.2010 16:48 677232]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [01.06.2010 19:36 1684736]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\drivers\QsFsFltr.sys [10.11.2010 21:00 13824]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [31.03.2010 05:27 14336]
S3 xcpip;TCP/IP-Protokolltreiber;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
S3 xpsec;IPSEC-Treiber;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM        REG_MULTI_SZ          WINRM
getPlusHelper        REG_MULTI_SZ          getPlusHelper
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3823346913-4111906814-4157629624-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]
.
2012-01-24 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-06-04 20:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\pckhf0tx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\dokumente und einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-McAfee Update - c:\windows\TEMP\mcupdate_1327437487.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-24 21:59
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\TrueSuite.GINA.dll
c:\windows\system32\AFSSClientLib.dll
c:\programme\TrueSuite\TrueSuite.MuiResource.dll
c:\programme\TrueSuite\TrueSuite.AUTH.dll
c:\programme\TrueSuite\TrueSuite.OAE.dll
c:\programme\TrueSuite\TrueSuite.TBAUtilities.dll
c:\programme\TrueSuite\NLog.dll
c:\programme\TrueSuite\TrueSuite.MuiDll.dll
c:\programme\TrueSuite\TrueSuite.EDS.dll
c:\programme\TrueSuite\Authentec.DotNetClientLib.dll
c:\programme\TrueSuite\en-US\TrueSuite.AUTH.resources.dll
c:\programme\TrueSuite\AT7Support.dll
c:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
.
Zeit der Fertigstellung: 2012-01-24  22:00:51
ComboFix-quarantined-files.txt  2012-01-24 21:00
ComboFix2.txt  2012-01-21 11:30
ComboFix3.txt  2012-01-20 13:44
ComboFix4.txt  2012-01-20 06:26
.
Vor Suchlauf: 15 Verzeichnis(se), 241.346.019.328 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 241.350.361.088 Bytes frei
.
- - End Of File - - D62154094CBAD19B2A9F92F427039887
Vielen Dank,
Jens

p.s.: welche Antivirus-Software empfiehlst Du anstelle von McAfee?

cosinus 25.01.2012 11:04
Zitat:
Allerdings mit "eingeschränkter Funktionalität", da es "abgelaufen" sei.
Dann musst du CF neu runterladen und nochmal ausführen...


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:07 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19