Trojaner-Board
Seite 1 von 2 1 2
100 Beitr鋑e dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bek鋗pfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe bei Trojaner Trojan.gen.2 (https://www.trojaner-board.de/110880-hilfe-trojaner-trojan-gen-2-a.html)

zebrakatz 04.03.2012 15:54
Hilfe bei Trojaner Trojan.gen.2
 
Hallo zusammen,
ich ben鰐ige eure Hilfe. Am 15.02. hat der Symantec Antivirus (10.0.0.846) per Auto-Protect den Trojaner Trojan.ADH.2 gefunden. Am 27.02. und auch gestern jeweils der Trojaner Trojan.Gen.2 - hier auch wieder im Auto-Protect.
Alle wurden immer in die Quarant鋘e verschoben und dann entfernt.
Ich mache seit letzter Woche fast jeden Tag vollst鋘dige Pr黤ungen, dabei wurde aber nichts gefunden. Beim Scan mit Eset auch immer alles okay.
Wie werde ich den/ die Plagegeister wieder los bzw. was kann ich tun?
Ein paar Logs habe ich angehangen (Malwarebytes, Gmer, Eset, DDS ...).
Ich habe auch schon im Netz geschaut, aber auch nur die Empfehlungen der Online-Scanner gefunden und jeden Tag gescannt. Da aber gestern wieder zum Fund kam, kann das System nicht sicher sein.
Wer kann mir helfen - vielen Dank.
zebrakatz

cosinus 05.03.2012 16:20
Zitat:
Art des Suchlaufs: Quick-Scan

Bitte routinem溥ig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Au遝rdem m黶sen alle Funde entfernt werden.

Falls Logs aus 鋖teren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

zebrakatz 07.03.2012 18:14
Hallo Arne,
vielen Dank f黵 deine Antwort.
Ich habe eben einen Lauf gemacht ... und auch weitere 鋖tere Logs mit in die zip-Datei geladen. Was sind das f黵 Funde?
Vielen Dank
Liebe Gre
zebrakatz

cosinus 07.03.2012 22:33
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

zebrakatz 08.03.2012 18:27
Hallo Arne,
hier das OTL-Log via zip ...
Danke
zebrakatz

cosinus 08.03.2012 19:54
Mach einen OTL-Fix, beende alle evtl. ge鰂fneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 16:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.01 22:31:24 | 000,363,750 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 19:50:00 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
[2012.02.15 08:27:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile m黶ste ge鰂fnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Eintr鋑e, Dateien und Ordner werden zur Sicherheit nicht vollst鋘dig gel鰏cht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur f黵 diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig sch鋎igen kann!

zebrakatz 09.03.2012 22:15
Hallo Arne,
ich habe es mehrfach versucht. Leider bricht der OTL-Fix immer wieder ab - soll heissen der Rechner h鋘gt sich auf und ich muss den Rechner hart neustarten. Zum Gl點k funktioniert das Hochfahren dann aber gut.
Ich habe dein Script wie beschrieben eingef黦t, auch ohne irgendwelche Progs, V-Scanner oder Netz.
Kann ich irgendwie das Fix noch laufen lassen?
Vielen Dank.
zebrakatz

cosinus 10.03.2012 16:30
Mach den Fix im abgsicherten Modus mal

zebrakatz 10.03.2012 22:12
Hallo Arne,
Du hattest Recht, im abgesicherten Modus (als Administrator) funktionierte das nat黵lich einwandfrei - vielen Dank f黵 den Tipp.
Hier nun den Code:

HTML-Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File E:\AutoRun.exe not found.
File E:\autorun.ico not found.
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
C:\Dokumente und Einstellungen\leno\񀿉 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: leno
->Temp folder emptied: 262526932 bytes
->Temporary Internet Files folder emptied: 977120 bytes
->Java cache emptied: 58518 bytes
->FireFox cache emptied: 48982669 bytes
->Flash cache emptied: 487 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24996 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25186496 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 322,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03102012_214845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 12.03.2012 14:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausf黨ren und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausf黨rst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting 黚ertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer l鰏chen! Falls Objekte vom TDSS-Killer bem鋘gelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

zebrakatz 13.03.2012 21:24
Hallo Arne,

hier das Log vom TDSS-Killer. Entfernt habe ich wie Du geschrieben hast erstmal nichts (黚er Skip weiter):

HTML-Code:
21:05:39.0843 0688        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
21:05:39.0875 0688        ============================================================
21:05:39.0875 0688        Current date / time: 2012/03/13 21:05:39.0875
21:05:39.0875 0688        SystemInfo:
21:05:39.0875 0688       
21:05:39.0875 0688        OS Version: 5.1.2600 ServicePack: 3.0
21:05:39.0875 0688        Product type: Workstation
21:05:39.0875 0688        ComputerName: LENOVO-C395390B
21:05:39.0875 0688        UserName: leno
21:05:39.0875 0688        Windows directory: C:\WINDOWS
21:05:39.0875 0688        System windows directory: C:\WINDOWS
21:05:39.0875 0688        Processor architecture: Intel x86
21:05:39.0875 0688        Number of processors: 2
21:05:39.0875 0688        Page size: 0x1000
21:05:39.0875 0688        Boot type: Normal boot
21:05:39.0875 0688        ============================================================
21:05:42.0062 0688        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:05:42.0062 0688        \Device\Harddisk0\DR0:
21:05:42.0062 0688        MBR used
21:05:42.0062 0688        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8CC37E1
21:05:42.0078 0688        Initialize success
21:05:42.0078 0688        ============================================================
21:05:50.0671 4052        ============================================================
21:05:50.0671 4052        Scan started
21:05:50.0671 4052        Mode: Manual; SigCheck; TDLFS;
21:05:50.0671 4052        ============================================================
21:05:51.0218 4052        Abiosdsk - ok
21:05:51.0281 4052        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:05:52.0859 4052        abp480n5 - ok
21:05:53.0093 4052        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:05:53.0328 4052        ac97intc - ok
21:05:53.0390 4052        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:05:53.0593 4052        ACPI - ok
21:05:53.0609 4052        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:05:53.0812 4052        ACPIEC - ok
21:05:54.0015 4052        ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:05:54.0078 4052        ADIHdAudAddService - ok
21:05:54.0125 4052        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:05:54.0328 4052        adpu160m - ok
21:05:54.0343 4052        AEAudioService  (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
21:05:54.0390 4052        AEAudioService - ok
21:05:54.0593 4052        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:05:54.0765 4052        aec - ok
21:05:54.0859 4052        AegisP          (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:05:54.0890 4052        AegisP ( UnsignedFile.Multi.Generic ) - warning
21:05:54.0890 4052        AegisP - detected UnsignedFile.Multi.Generic (1)
21:05:54.0937 4052        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:05:55.0000 4052        AFD - ok
21:05:55.0187 4052        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:05:55.0390 4052        agp440 - ok
21:05:55.0406 4052        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:05:55.0593 4052        agpCPQ - ok
21:05:55.0609 4052        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:05:55.0703 4052        Aha154x - ok
21:05:55.0718 4052        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:05:55.0921 4052        aic78u2 - ok
21:05:55.0937 4052        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:05:56.0109 4052        aic78xx - ok
21:05:56.0140 4052        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:05:56.0328 4052        AliIde - ok
21:05:56.0546 4052        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:05:56.0734 4052        alim1541 - ok
21:05:56.0750 4052        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:05:56.0937 4052        amdagp - ok
21:05:57.0031 4052        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:05:57.0140 4052        amsint - ok
21:05:57.0187 4052        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:05:57.0203 4052        ANC ( UnsignedFile.Multi.Generic ) - warning
21:05:57.0203 4052        ANC - detected UnsignedFile.Multi.Generic (1)
21:05:57.0406 4052        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:05:57.0593 4052        Arp1394 - ok
21:05:57.0640 4052        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:05:57.0843 4052        asc - ok
21:05:57.0843 4052        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:05:57.0937 4052        asc3350p - ok
21:05:57.0953 4052        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:05:58.0156 4052        asc3550 - ok
21:05:58.0328 4052        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:05:58.0500 4052        AsyncMac - ok
21:05:58.0531 4052        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:05:58.0718 4052        atapi - ok
21:05:58.0875 4052        Atdisk - ok
21:05:58.0953 4052        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:05:59.0140 4052        Atmarpc - ok
21:05:59.0250 4052        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
21:05:59.0312 4052        atmeltpm - ok
21:05:59.0468 4052        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:05:59.0656 4052        audstub - ok
21:05:59.0718 4052        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:05:59.0906 4052        Beep - ok
21:06:00.0000 4052        BTKRNL          (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:06:00.0062 4052        BTKRNL ( UnsignedFile.Multi.Generic ) - warning
21:06:00.0062 4052        BTKRNL - detected UnsignedFile.Multi.Generic (1)
21:06:00.0234 4052        BTWUSB          (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
21:06:00.0250 4052        BTWUSB ( UnsignedFile.Multi.Generic ) - warning
21:06:00.0250 4052        BTWUSB - detected UnsignedFile.Multi.Generic (1)
21:06:00.0281 4052        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:06:00.0484 4052        cbidf - ok
21:06:00.0484 4052        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:06:00.0671 4052        cbidf2k - ok
21:06:00.0734 4052        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:06:00.0828 4052        cd20xrnt - ok
21:06:00.0859 4052        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:06:01.0031 4052        Cdaudio - ok
21:06:01.0296 4052        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:06:01.0484 4052        Cdfs - ok
21:06:01.0546 4052        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:06:01.0734 4052        Cdrom - ok
21:06:01.0750 4052        Changer - ok
21:06:01.0812 4052        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:06:02.0000 4052        CmBatt - ok
21:06:02.0031 4052        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:06:02.0218 4052        CmdIde - ok
21:06:02.0406 4052        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:06:02.0593 4052        Compbatt - ok
21:06:02.0625 4052        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:06:02.0812 4052        Cpqarray - ok
21:06:02.0859 4052        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:06:03.0062 4052        dac2w2k - ok
21:06:03.0125 4052        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:06:03.0328 4052        dac960nt - ok
21:06:03.0421 4052        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:06:03.0609 4052        Disk - ok
21:06:03.0656 4052        DLABOIOM        (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:06:03.0687 4052        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0687 4052        DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:06:03.0703 4052        DLACDBHM        (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:06:03.0703 4052        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0703 4052        DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:06:03.0734 4052        DLADResN        (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:06:03.0750 4052        DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0750 4052        DLADResN - detected UnsignedFile.Multi.Generic (1)
21:06:03.0906 4052        DLAIFS_M        (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:06:03.0937 4052        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0937 4052        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:06:04.0078 4052        DLAOPIOM        (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:06:04.0093 4052        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0093 4052        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0125 4052        DLAPoolM        (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:06:04.0140 4052        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0140 4052        DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0203 4052        DLARTL_N        (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:06:04.0218 4052        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0218 4052        DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:06:04.0250 4052        DLAUDFAM        (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:06:04.0281 4052        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0281 4052        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0406 4052        DLAUDF_M        (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:06:04.0421 4052        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0421 4052        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:06:04.0546 4052        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:06:04.0781 4052        dmboot - ok
21:06:04.0984 4052        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:06:05.0171 4052        dmio - ok
21:06:05.0203 4052        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:06:05.0406 4052        dmload - ok
21:06:05.0437 4052        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:06:05.0640 4052        DMusic - ok
21:06:05.0703 4052        DozeHDD        (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
21:06:05.0734 4052        DozeHDD - ok
21:06:05.0906 4052        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:06:06.0109 4052        dpti2o - ok
21:06:06.0171 4052        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:06:06.0359 4052        drmkaud - ok
21:06:06.0437 4052        DRVMCDB        (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:06:06.0468 4052        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:06:06.0468 4052        DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:06:06.0625 4052        DRVNDDM        (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:06:06.0640 4052        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:06:06.0640 4052        DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:06:06.0703 4052        E100B          (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:06:06.0906 4052        E100B - ok
21:06:06.0953 4052        e1express      (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:06:07.0015 4052        e1express - ok
21:06:07.0125 4052        eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
21:06:07.0156 4052        eeCtrl - ok
21:06:07.0296 4052        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
21:06:07.0343 4052        EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
21:06:07.0343 4052        EGATHDRV - detected UnsignedFile.Multi.Generic (1)
21:06:07.0562 4052        EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
21:06:07.0578 4052        EraserUtilDrv11122 - ok
21:06:07.0687 4052        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:06:07.0875 4052        Fastfat - ok
21:06:07.0906 4052        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:06:08.0125 4052        Fdc - ok
21:06:08.0281 4052        filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
21:06:08.0296 4052        filtertdidriver ( UnsignedFile.Multi.Generic ) - warning
21:06:08.0296 4052        filtertdidriver - detected UnsignedFile.Multi.Generic (1)
21:06:08.0359 4052        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:06:08.0546 4052        Fips - ok
21:06:08.0765 4052        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:06:08.0953 4052        Flpydisk - ok
21:06:09.0031 4052        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:06:09.0234 4052        FltMgr - ok
21:06:09.0296 4052        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:06:09.0484 4052        Fs_Rec - ok
21:06:09.0687 4052        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:06:09.0875 4052        Ftdisk - ok
21:06:09.0906 4052        G400            (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys
21:06:10.0125 4052        G400 - ok
21:06:10.0343 4052        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:06:10.0515 4052        Gpc - ok
21:06:10.0656 4052        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:06:10.0843 4052        HDAudBus - ok
21:06:10.0921 4052        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:06:11.0093 4052        hpn - ok
21:06:11.0156 4052        HSFHWAZL        (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:06:11.0187 4052        HSFHWAZL - ok
21:06:11.0343 4052        HSF_DPV        (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:06:11.0406 4052        HSF_DPV - ok
21:06:11.0468 4052        HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
21:06:11.0546 4052        HSXHWAZL - ok
21:06:11.0718 4052        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:06:11.0781 4052        HTTP - ok
21:06:11.0875 4052        hwdatacard      (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:06:11.0953 4052        hwdatacard - ok
21:06:12.0109 4052        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:06:12.0296 4052        i2omgmt - ok
21:06:12.0343 4052        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:06:12.0515 4052        i2omp - ok
21:06:12.0718 4052        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:06:12.0906 4052        i8042prt - ok
21:06:13.0218 4052        ialm            (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:06:13.0875 4052        ialm - ok
21:06:14.0078 4052        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:06:14.0140 4052        iaStor ( UnsignedFile.Multi.Generic ) - warning
21:06:14.0140 4052        iaStor - detected UnsignedFile.Multi.Generic (1)
21:06:14.0328 4052        IBMPMDRV        (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:06:14.0343 4052        IBMPMDRV - ok
21:06:14.0421 4052        IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:06:14.0437 4052        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:06:14.0437 4052        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:06:14.0484 4052        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:06:14.0656 4052        Imapi - ok
21:06:14.0718 4052        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:06:14.0906 4052        ini910u - ok
21:06:15.0078 4052        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:06:15.0265 4052        IntelIde - ok
21:06:15.0328 4052        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:06:15.0515 4052        intelppm - ok
21:06:16.0437 4052        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:06:16.0687 4052        Ip6Fw - ok
21:06:16.0734 4052        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:06:16.0921 4052        IpFilterDriver - ok
21:06:16.0953 4052        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:06:17.0125 4052        IpInIp - ok
21:06:17.0203 4052        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:06:17.0390 4052        IpNat - ok
21:06:17.0578 4052        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:06:17.0750 4052        IPSec - ok
21:06:17.0812 4052        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:06:18.0000 4052        irda - ok
21:06:18.0015 4052        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:06:18.0203 4052        IRENUM - ok
21:06:18.0281 4052        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:06:18.0468 4052        isapnp - ok
21:06:18.0656 4052        Iviaspi        (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
21:06:18.0656 4052        Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:06:18.0656 4052        Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:06:18.0734 4052        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:06:18.0906 4052        Kbdclass - ok
21:06:19.0000 4052        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:06:19.0187 4052        kmixer - ok
21:06:19.0234 4052        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:06:19.0296 4052        KSecDD - ok
21:06:19.0437 4052        lbrtfdc - ok
21:06:19.0515 4052        lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:06:19.0531 4052        lenovo.smi - ok
21:06:19.0593 4052        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:06:19.0625 4052        MBAMProtector - ok
21:06:19.0671 4052        mdmxsdk        (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:06:19.0687 4052        mdmxsdk - ok
21:06:19.0734 4052        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:06:19.0921 4052        mnmdd - ok
21:06:20.0109 4052        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:06:20.0296 4052        Modem - ok
21:06:20.0343 4052        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:06:20.0531 4052        Mouclass - ok
21:06:20.0593 4052        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:06:20.0781 4052        MountMgr - ok
21:06:20.0812 4052        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:06:20.0984 4052        mraid35x - ok
21:06:21.0187 4052        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:06:21.0375 4052        MRxDAV - ok
21:06:21.0468 4052        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:06:21.0546 4052        MRxSmb - ok
21:06:21.0671 4052        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:06:21.0875 4052        Msfs - ok
21:06:21.0921 4052        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:06:22.0093 4052        MSKSSRV - ok
21:06:22.0140 4052        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:06:22.0312 4052        MSPCLOCK - ok
21:06:22.0390 4052        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:06:22.0593 4052        MSPQM - ok
21:06:22.0843 4052        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:06:23.0015 4052        mssmbios - ok
21:06:23.0109 4052        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:06:23.0171 4052        Mup - ok
21:06:23.0296 4052        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\naveng.sys
21:06:23.0328 4052        NAVENG - ok
21:06:23.0406 4052        NAVEX15        (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\navex15.sys
21:06:23.0500 4052        NAVEX15 - ok
21:06:23.0687 4052        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:06:23.0890 4052        NDIS - ok
21:06:23.0937 4052        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:06:24.0000 4052        NdisTapi - ok
21:06:24.0031 4052        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:06:24.0203 4052        Ndisuio - ok
21:06:24.0218 4052        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:06:24.0437 4052        NdisWan - ok
21:06:24.0625 4052        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:06:24.0687 4052        NDProxy - ok
21:06:24.0765 4052        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:06:24.0953 4052        NetBIOS - ok
21:06:24.0984 4052        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:06:25.0734 4052        NetBT - ok
21:06:26.0000 4052        NETw3x32        (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:06:26.0171 4052        NETw3x32 - ok
21:06:26.0359 4052        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:06:26.0546 4052        NIC1394 - ok
21:06:26.0609 4052        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:06:26.0796 4052        Npfs - ok
21:06:26.0875 4052        NSCIRDA        (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
21:06:27.0062 4052        NSCIRDA - ok
21:06:27.0109 4052        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:06:27.0312 4052        Ntfs - ok
21:06:27.0578 4052        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:06:27.0781 4052        Null - ok
21:06:27.0875 4052        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:06:28.0140 4052        nv - ok
21:06:28.0343 4052        NWADI          (d4e1d20883977be696c07bbb57230be2) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:06:28.0406 4052        NWADI - ok
21:06:28.0437 4052        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:06:28.0640 4052        NwlnkFlt - ok
21:06:28.0656 4052        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:06:28.0828 4052        NwlnkFwd - ok
21:06:28.0890 4052        odysseyIM4      (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
21:06:28.0953 4052        odysseyIM4 - ok
21:06:29.0140 4052        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:06:29.0328 4052        ohci1394 - ok
21:06:29.0390 4052        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:06:29.0593 4052        Parport - ok
21:06:29.0593 4052        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:06:29.0765 4052        PartMgr - ok
21:06:29.0796 4052        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:06:30.0000 4052        ParVdm - ok
21:06:30.0187 4052        PCASp50 - ok
21:06:30.0265 4052        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:06:30.0453 4052        PCI - ok
21:06:30.0468 4052        PCIDump - ok
21:06:30.0484 4052        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:06:30.0671 4052        PCIIde - ok
21:06:30.0687 4052        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:06:30.0859 4052        Pcmcia - ok
21:06:30.0875 4052        PDCOMP - ok
21:06:30.0890 4052        PDFRAME - ok
21:06:30.0906 4052        PDRELI - ok
21:06:30.0906 4052        PDRFRAME - ok
21:06:30.0937 4052        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:06:31.0140 4052        perc2 - ok
21:06:31.0312 4052        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:06:31.0515 4052        perc2hib - ok
21:06:31.0593 4052        pmem            (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
21:06:31.0609 4052        pmem ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0609 4052        pmem - detected UnsignedFile.Multi.Generic (1)
21:06:31.0671 4052        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:06:31.0859 4052        PptpMiniport - ok
21:06:31.0937 4052        PrivateDisk    (ebe579425ccb8377bfc7c0b50c05eb56) C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
21:06:31.0968 4052        PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0968 4052        PrivateDisk - detected UnsignedFile.Multi.Generic (1)
21:06:32.0140 4052        PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
21:06:32.0156 4052        PROCDD - ok
21:06:32.0203 4052        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
21:06:32.0375 4052        Processor - ok
21:06:32.0421 4052        psadd          (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
21:06:32.0468 4052        psadd - ok
21:06:32.0500 4052        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:06:32.0687 4052        PSched - ok
21:06:32.0921 4052        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:06:33.0109 4052        Ptilink - ok
21:06:33.0203 4052        PxHelp20        (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:06:33.0218 4052        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:06:33.0218 4052        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:06:33.0250 4052        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:06:33.0437 4052        ql1080 - ok
21:06:33.0437 4052        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:06:33.0625 4052        Ql10wnt - ok
21:06:33.0640 4052        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:06:33.0843 4052        ql12160 - ok
21:06:34.0031 4052        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:06:34.0234 4052        ql1240 - ok
21:06:34.0265 4052        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:06:34.0453 4052        ql1280 - ok
21:06:34.0484 4052        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:06:34.0671 4052        RasAcd - ok
21:06:34.0781 4052        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:06:34.0875 4052        Rasirda - ok
21:06:35.0046 4052        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:06:35.0234 4052        Rasl2tp - ok
21:06:35.0265 4052        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:06:35.0437 4052        RasPppoe - ok
21:06:35.0484 4052        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:06:35.0671 4052        Raspti - ok
21:06:35.0843 4052        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:06:36.0015 4052        Rdbss - ok
21:06:36.0062 4052        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:06:36.0234 4052        RDPCDD - ok
21:06:36.0281 4052        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:06:36.0468 4052        rdpdr - ok
21:06:36.0656 4052        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:06:36.0718 4052        RDPWD - ok
21:06:36.0843 4052        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:06:37.0031 4052        redbook - ok
21:06:37.0156 4052        s24trans        (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:06:37.0171 4052        s24trans ( UnsignedFile.Multi.Generic ) - warning
21:06:37.0171 4052        s24trans - detected UnsignedFile.Multi.Generic (1)
21:06:37.0281 4052        SAVRT          (a00d5aa4748a1002590f08aa00fc660d) C:\Programme\Symantec Client Security\Symantec AntiVirus\savrt.sys
21:06:37.0312 4052        SAVRT - ok
21:06:37.0312 4052        SAVRTPEL        (1e805005583be1c1568a3fce259c81e3) C:\Programme\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
21:06:37.0328 4052        SAVRTPEL - ok
21:06:37.0484 4052        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:06:37.0671 4052        sdbus - ok
21:06:37.0781 4052        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:06:37.0968 4052        Secdrv - ok
21:06:38.0046 4052        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:06:38.0234 4052        serenum - ok
21:06:38.0375 4052        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:06:38.0562 4052        Serial - ok
21:06:38.0656 4052        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:06:38.0843 4052        Sfloppy - ok
21:06:38.0906 4052        Shockprf        (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:06:38.0937 4052        Shockprf - ok
21:06:39.0000 4052        Simbad - ok
21:06:39.0109 4052        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:06:39.0281 4052        sisagp - ok
21:06:39.0390 4052        Smapint        (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
21:06:39.0406 4052        Smapint ( UnsignedFile.Multi.Generic ) - warning
21:06:39.0406 4052        Smapint - detected UnsignedFile.Multi.Generic (1)
21:06:39.0484 4052        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys
21:06:39.0500 4052        smi2 ( UnsignedFile.Multi.Generic ) - warning
21:06:39.0500 4052        smi2 - detected UnsignedFile.Multi.Generic (1)
21:06:39.0546 4052        smihlp2        (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
21:06:39.0562 4052        smihlp2 - ok
21:06:39.0703 4052        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:06:39.0796 4052        Sparrow - ok
21:06:39.0921 4052        SPBBCDrv        (c30fa11923892a4dbd1c747db8492e8f) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
21:06:39.0953 4052        SPBBCDrv - ok
21:06:40.0125 4052        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:06:40.0296 4052        splitter - ok
21:06:40.0359 4052        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:06:40.0531 4052        sr - ok
21:06:40.0578 4052        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:06:40.0640 4052        Srv - ok
21:06:40.0703 4052        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:06:40.0890 4052        swenum - ok
21:06:41.0093 4052        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:06:41.0265 4052        swmidi - ok
21:06:41.0375 4052        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:06:41.0546 4052        symc810 - ok
21:06:41.0593 4052        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:06:41.0796 4052        symc8xx - ok
21:06:41.0921 4052        SYMDNS          (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
21:06:41.0937 4052        SYMDNS - ok
21:06:42.0031 4052        SymEvent        (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Programme\Symantec\SYMEVENT.SYS
21:06:42.0046 4052        SymEvent - ok
21:06:42.0109 4052        SYMFW          (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
21:06:42.0140 4052        SYMFW - ok
21:06:42.0140 4052        SYMIDS          (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
21:06:42.0156 4052        SYMIDS - ok
21:06:42.0250 4052        SYMIDSCO        (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20120308.001\symidsco.sys
21:06:42.0265 4052        SYMIDSCO - ok
21:06:42.0406 4052        SYMNDIS        (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
21:06:42.0421 4052        SYMNDIS - ok
21:06:42.0515 4052        SYMREDRV        (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:06:42.0531 4052        SYMREDRV - ok
21:06:42.0578 4052        SYMTDI          (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:06:42.0593 4052        SYMTDI - ok
21:06:42.0640 4052        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:06:42.0828 4052        sym_hi - ok
21:06:42.0859 4052        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:06:43.0031 4052        sym_u3 - ok
21:06:43.0093 4052        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:06:43.0265 4052        sysaudio - ok
21:06:43.0437 4052        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:06:43.0546 4052        Tcpip - ok
21:06:43.0640 4052        TcUsb          (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
21:06:43.0656 4052        TcUsb - ok
21:06:43.0703 4052        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:06:43.0890 4052        TDPIPE - ok
21:06:44.0062 4052        TDSMAPI        (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
21:06:44.0093 4052        TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
21:06:44.0093 4052        TDSMAPI - detected UnsignedFile.Multi.Generic (1)
21:06:44.0171 4052        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:06:44.0359 4052        TDTCP - ok
21:06:44.0390 4052        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:06:44.0578 4052        TermDD - ok
21:06:44.0656 4052        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
21:06:44.0828 4052        TosIde - ok
21:06:44.0953 4052        Tp4Track        (5c7396b8f083dc4637c584deccd50504) C:\WINDOWS\system32\DRIVERS\tp4track.sys
21:06:44.0968 4052        Tp4Track - ok
21:06:45.0078 4052        TPDIGIMN        (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:06:45.0093 4052        TPDIGIMN - ok
21:06:45.0171 4052        TPHKDRV        (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:06:45.0234 4052        TPHKDRV - ok
21:06:45.0281 4052        TPPWRIF        (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:06:45.0296 4052        TPPWRIF - ok
21:06:45.0359 4052        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:06:45.0546 4052        Udfs - ok
21:06:45.0703 4052        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:06:45.0812 4052        ultra - ok
21:06:45.0890 4052        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:06:46.0078 4052        Update - ok
21:06:46.0296 4052        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:06:46.0484 4052        usbccgp - ok
21:06:46.0593 4052        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:06:46.0781 4052        usbehci - ok
21:06:46.0875 4052        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:06:47.0046 4052        usbhub - ok
21:06:47.0234 4052        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:06:47.0421 4052        usbohci - ok
21:06:47.0468 4052        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:06:47.0656 4052        usbprint - ok
21:06:47.0734 4052        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:06:47.0906 4052        USBSTOR - ok
21:06:48.0046 4052        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:06:48.0234 4052        usbuhci - ok
21:06:48.0296 4052        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:06:48.0468 4052        VgaSave - ok
21:06:48.0562 4052        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:06:48.0734 4052        viaagp - ok
21:06:48.0765 4052        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:06:48.0953 4052        ViaIde - ok
21:06:49.0078 4052        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:06:49.0265 4052        VolSnap - ok
21:06:49.0375 4052        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:06:49.0546 4052        Wanarp - ok
21:06:49.0625 4052        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:06:49.0656 4052        Wdf01000 - ok
21:06:49.0765 4052        WDICA - ok
21:06:49.0828 4052        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:06:50.0015 4052        wdmaud - ok
21:06:50.0109 4052        winachsf        (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:06:50.0156 4052        winachsf - ok
21:06:50.0359 4052        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:06:50.0546 4052        WS2IFSL - ok
21:06:50.0656 4052        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:06:50.0718 4052        WudfPf - ok
21:06:50.0750 4052        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:06:50.0796 4052        WudfRd - ok
21:06:50.0828 4052        MBR (0x1B8)    (92d29754b68d05ee70cc87aababd4248) \Device\Harddisk0\DR0
21:06:50.0953 4052        \Device\Harddisk0\DR0 - ok
21:06:50.0953 4052        Boot (0x1200)  (c447e1c7bc354db11275d563ad66d2a6) \Device\Harddisk0\DR0\Partition0
21:06:50.0953 4052        \Device\Harddisk0\DR0\Partition0 - ok
21:06:50.0953 4052        ============================================================
21:06:50.0953 4052        Scan finished
21:06:50.0953 4052        ============================================================
21:06:51.0062 5736        Detected object count: 27
21:06:51.0062 5736        Actual detected object count: 27
21:10:27.0390 5736        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        filtertdidriver ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        filtertdidriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        pmem ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 14.03.2012 15:02
Dann bitte jetzt CF ausf黨ren:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundw鋍hter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, best鋞ige die Warnmeldungen, f黨re die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch w鋒rend Combofix l鋟ft die Maus und Tastatur zu benutzen.
  • Im Anschluss 鰂fnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einf黦en ([Strg]v). Die Datei findest du au遝rdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschlie遧ich ausgef黨rt werden, wenn ein Kompetenzler dies ausdr點klich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgef黨rt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausf黨rung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschl黶sel einem ung黮tigen Vorgang zu unterziehen, der zum L鰏chen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

zebrakatz 17.03.2012 21:07
Hallo Arne,

nach einigen Schwierigkeiten beim Lauf von Combo-Fix, habe ich es nun geschafft (Log wurde meist nicht erzeugt bzw. ist).
Vielen Dank weiterhin f黵 deine Hilfe

Hier nun das Log:

Combofix Logfile:
Code:
ComboFix 12-03-14.01 - leno 17.03.2012  19:59:47.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3062.2103 [GMT 1:00]
ausgef黨rt von:: c:\dokumente und einstellungen\leno\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
((((((((((((((((((((((((((((((((((((  Weitere L鰏chungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-17 bis 2012-03-17  ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:42 . 2012-03-16 20:42        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Avaya
2012-03-09 20:07 . 2012-03-09 20:07        --------        d-----w-        C:\_OTL
2012-03-04 14:40 . 2012-03-04 14:40        --------        d-----w-        c:\programme\7-Zip
2012-03-03 21:02 . 2012-03-03 21:10        --------        d-----w-        c:\dokumente und einstellungen\leno\Lokale Einstellungen\Anwendungsdaten\NPE
2012-03-03 21:02 . 2012-03-03 21:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2012-03-03 19:44 . 2012-03-03 19:44        388096        ----a-r-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-03 19:44 . 2012-03-03 19:44        --------        d-----w-        c:\programme\TrendMicro
2012-03-03 17:23 . 2012-03-03 17:23        --------        d-----w-        c:\programme\CCleaner
2012-03-03 17:14 . 2012-03-03 17:21        --------        d-----w-        C:\bases
2012-03-03 16:30 . 2012-03-03 16:35        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\HPAppData
2012-03-03 16:30 . 2012-03-03 16:31        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2012-02-28 16:56 . 2004-10-22 01:16        180224        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-02-28 16:56 . 2004-10-22 01:17        274432        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-02-28 16:56 . 2004-10-22 01:17        69715        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-02-28 16:56 . 2004-10-22 01:16        5632        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-02-28 16:56 . 2004-10-22 01:18        749568        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-02-28 16:55 . 2012-02-28 16:55        192644        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-02-28 16:55 . 2012-02-28 16:55        323716        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-02-27 19:27 . 2012-02-27 19:27        --------        d-----w-        c:\programme\ESET
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-27 19:09 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-27 17:03 . 2012-02-28 07:35        --------        d-----w-        c:\windows\SxsCaPendDel
2012-02-27 07:43 . 2012-02-27 17:02        --------        d-----w-        c:\programme\Gemeinsame Dateien\Spigot
2012-02-27 07:42 . 2010-01-15 17:30        315392        ----a-w-        c:\windows\system32\TubeFinder.exe
2012-02-27 07:42 . 2009-06-19 17:51        84512        ----a-w-        c:\windows\system32\PICCLP32.OCX
2012-02-27 07:42 . 2009-06-19 17:51        364544        ----a-w-        c:\windows\system32\PropertyGrid.ocx
2012-02-27 07:42 . 2009-06-19 17:51        119568        ----a-w-        c:\windows\system32\VB6FR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        101888        ----a-w-        c:\windows\system32\VB6STKIT.DLL
2012-02-27 07:42 . 2012-02-27 07:52        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\FreeFLVConverter
2012-02-27 07:42 . 2009-06-19 17:51        9728        ----a-w-        c:\windows\system32\PCCLPFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        32768        ----a-w-        c:\windows\system32\CMDLGFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        24576        ----a-w-        c:\windows\system32\ControlSubX.ocx
2012-02-27 07:42 . 2009-06-19 17:51        152848        ----a-w-        c:\windows\system32\COMDLG32.OCX
2012-02-27 07:42 . 2009-06-19 17:51        141312        ----a-w-        c:\windows\system32\MSCMCFR.DLL
2012-02-26 21:09 . 2012-03-04 12:57        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\HPAppData
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 20:10 . 2011-12-21 06:23        228216        ----a-w-        c:\windows\OptionPCCardInstaller_tmccUninstall.exe
2012-02-13 20:09 . 2011-12-21 06:22        75742        ----a-w-        c:\windows\Novatel_V20051InstallerUninstall.exe
2012-02-13 20:08 . 2011-12-21 06:21        68261        ----a-w-        c:\windows\Huawei ModemsUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        65973        ----a-w-        c:\windows\sem_GCXXUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        89716        ----a-w-        c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        90499        ----a-w-        c:\windows\OptionPCCardInstallerUninstall.exe
2012-02-03 09:57 . 2006-01-27 01:00        1860224        ----a-w-        c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 20:59        3072        ------w-        c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-01-27 01:00        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2011-12-22 06:42 . 2011-12-22 06:42        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2011-12-22 06:42 . 2011-12-21 20:08        141312        ----a-w-        c:\windows\system32\javacpl.cpl
2011-12-22 06:42 . 2011-12-21 20:08        567184        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-21 21:02 . 2011-12-21 21:02        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-01-27 01:01        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-01-27 01:01        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2006-01-27 01:01        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2006-01-27 01:01        371200        ----a-w-        c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr鋑e & legitime Standardeintr鋑e werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\programme\Lenovo\TrackPoint\tp4serv.exe" [2011-11-01 95264]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-10-04 818240]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2011-10-04 208896]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-07-12 48752]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-30 86112]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2011-08-17 99688]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2011-12-21 249856]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07        49152        ----a-w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 12:41        100104        ----a-w-        c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmen黕Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmen黒Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmen黕Programme^Autostart^WTGU.lnk]
path=c:\dokumente und einstellungen\All Users\Startmen黒Programme\Autostart\WTGU.lnk
backup=c:\windows\pss\WTGU.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51        202024        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25        1828136        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09        413696        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [14.01.2012 21:09 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.03.2011 19:12 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.12.2011 12:41 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [14.01.2012 21:09 292200]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.02.2012 20:09 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [14.01.2012 21:09 69632]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [14.01.2012 21:09 175168]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [12.12.2011 12:41 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [12.12.2011 12:41 142696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [12.03.2012 19:58 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.02.2012 20:09 20464]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [09.12.2011 00:41 24872]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [12.12.2011 12:41 101736]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [21.12.2011 20:26 7552]
S3 SavRoam;SAVRoam;c:\programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [30.08.2005 14:40 128608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-03-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-08 00:39]
.
2011-12-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2011-12-08 16:38]
.
.
------- Zus鋞zlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
uInternet Settings,ProxyServer = proxy.intersoft-ag.de:3128
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Ger鋞... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\leno\Anwendungsdaten\Mozilla\Firefox\Profiles\52vhakko.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseintr鋑e - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PC-Doctor for Windows - c:\programme\PCDR5\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-17 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteintr鋑e...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe??????????????rogramme\Huawei Modems\DataCardMonitor.exe???????????)=?rogramme\Huawei Modems\?red\?????????+=?rogramme\Huawei Modems\DataCardMonitor.exe?R5???C?\? ?=? ?=?EMP=c:\dokume~1\leno\LOKALE~1\Temp?TMP=C
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1080)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-03-17  20:08:58
ComboFix-quarantined-files.txt  2012-03-17 19:08
.
Vor Suchlauf: 16 Verzeichnis(se), 45.301.776.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 45.288.345.600 Bytes frei
.
- - End Of File - - 10E167E4BED1F1BC203CF49951C85A2E
--- --- ---

cosinus 19.03.2012 15:42
Zitat:
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
Corporate Edition von Symantec? Ist das ein B黵o-PC?

zebrakatz 19.03.2012 20:56
Hallo Arne,
der PC ist schon eine Weile privat, aber war fr黨er B黵o.
Durch die letzte R點ksetzung hatte ich wieder den Schutz drauf (vorisnstalliert; ist aber nun abgelaufen, daher nicht mehr auf der Platte). Norton Internet Security 2012 ist jetzt aktiv.


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:11 Uhr.
Seite 1 von 2 1 2
100 Beitr鋑e dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131