Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Hilfe bei Trojaner Trojan.gen.2 (https://www.trojaner-board.de/110880-hilfe-trojaner-trojan-gen-2-a.html)

zebrakatz 04.03.2012 15:54
Hilfe bei Trojaner Trojan.gen.2
 
Hallo zusammen,
ich benötige eure Hilfe. Am 15.02. hat der Symantec Antivirus (10.0.0.846) per Auto-Protect den Trojaner Trojan.ADH.2 gefunden. Am 27.02. und auch gestern jeweils der Trojaner Trojan.Gen.2 - hier auch wieder im Auto-Protect.
Alle wurden immer in die Quarantäne verschoben und dann entfernt.
Ich mache seit letzter Woche fast jeden Tag vollständige Prüfungen, dabei wurde aber nichts gefunden. Beim Scan mit Eset auch immer alles okay.
Wie werde ich den/ die Plagegeister wieder los bzw. was kann ich tun?
Ein paar Logs habe ich angehangen (Malwarebytes, Gmer, Eset, DDS ...).
Ich habe auch schon im Netz geschaut, aber auch nur die Empfehlungen der Online-Scanner gefunden und jeden Tag gescannt. Da aber gestern wieder zum Fund kam, kann das System nicht sicher sein.
Wer kann mir helfen - vielen Dank.
zebrakatz

cosinus 05.03.2012 16:20
Zitat:
Art des Suchlaufs: Quick-Scan

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

zebrakatz 07.03.2012 18:14
Hallo Arne,
vielen Dank für deine Antwort.
Ich habe eben einen Lauf gemacht ... und auch weitere ältere Logs mit in die zip-Datei geladen. Was sind das für Funde?
Vielen Dank
Liebe Grüße
zebrakatz

cosinus 07.03.2012 22:33
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

zebrakatz 08.03.2012 18:27
Hallo Arne,
hier das OTL-Log via zip ...
Danke
zebrakatz

cosinus 08.03.2012 19:54
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.01.27 03:18:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.11.21 16:29:34 | 000,110,592 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007.08.01 22:31:24 | 000,363,750 | R--- | M] () - E:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008.02.25 19:50:00 | 000,000,046 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell - "" = AutoRun
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell - "" = AutoRun
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\Shell\AutoRun\command - "" = D:\AutoRun.exe
[2012.02.15 08:27:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

zebrakatz 09.03.2012 22:15
Hallo Arne,
ich habe es mehrfach versucht. Leider bricht der OTL-Fix immer wieder ab - soll heissen der Rechner hängt sich auf und ich muss den Rechner hart neustarten. Zum Glück funktioniert das Hochfahren dann aber gut.
Ich habe dein Script wie beschrieben eingefügt, auch ohne irgendwelche Progs, V-Scanner oder Netz.
Kann ich irgendwie das Fix noch laufen lassen?
Vielen Dank.
zebrakatz

cosinus 10.03.2012 16:30
Mach den Fix im abgsicherten Modus mal

zebrakatz 10.03.2012 22:12
Hallo Arne,
Du hattest Recht, im abgesicherten Modus (als Administrator) funktionierte das natürlich einwandfrei - vielen Dank für den Tipp.
Hier nun den Code:

HTML-Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
File E:\AutoRun.exe not found.
File E:\autorun.ico not found.
File E:\AUTORUN.INF not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120bd-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120be-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a4120c0-527e-11e1-a948-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e610-2c07-11e1-a900-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3fe5e617-2c07-11e1-a900-0016d3b0ebd1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49b654c6-2bdb-11e1-a8fe-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e9a187b-528b-11e1-a949-0019d296a1f1}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ec-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c4f5b3ed-2b9b-11e1-a8f9-0019d296a1f1}\ not found.
File D:\AutoRun.exe not found.
C:\Dokumente und Einstellungen\leno\Ÿ9Ÿ9 moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: leno
->Temp folder emptied: 262526932 bytes
->Temporary Internet Files folder emptied: 977120 bytes
->Java cache emptied: 58518 bytes
->FireFox cache emptied: 48982669 bytes
->Flash cache emptied: 487 bytes
 
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24996 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25186496 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 322,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.35.1 log created on 03102012_214845

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 12.03.2012 14:58
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

zebrakatz 13.03.2012 21:24
Hallo Arne,

hier das Log vom TDSS-Killer. Entfernt habe ich wie Du geschrieben hast erstmal nichts (über Skip weiter):

HTML-Code:
21:05:39.0843 0688        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
21:05:39.0875 0688        ============================================================
21:05:39.0875 0688        Current date / time: 2012/03/13 21:05:39.0875
21:05:39.0875 0688        SystemInfo:
21:05:39.0875 0688       
21:05:39.0875 0688        OS Version: 5.1.2600 ServicePack: 3.0
21:05:39.0875 0688        Product type: Workstation
21:05:39.0875 0688        ComputerName: LENOVO-C395390B
21:05:39.0875 0688        UserName: leno
21:05:39.0875 0688        Windows directory: C:\WINDOWS
21:05:39.0875 0688        System windows directory: C:\WINDOWS
21:05:39.0875 0688        Processor architecture: Intel x86
21:05:39.0875 0688        Number of processors: 2
21:05:39.0875 0688        Page size: 0x1000
21:05:39.0875 0688        Boot type: Normal boot
21:05:39.0875 0688        ============================================================
21:05:42.0062 0688        Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054
21:05:42.0062 0688        \Device\Harddisk0\DR0:
21:05:42.0062 0688        MBR used
21:05:42.0062 0688        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x8CC37E1
21:05:42.0078 0688        Initialize success
21:05:42.0078 0688        ============================================================
21:05:50.0671 4052        ============================================================
21:05:50.0671 4052        Scan started
21:05:50.0671 4052        Mode: Manual; SigCheck; TDLFS;
21:05:50.0671 4052        ============================================================
21:05:51.0218 4052        Abiosdsk - ok
21:05:51.0281 4052        abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
21:05:52.0859 4052        abp480n5 - ok
21:05:53.0093 4052        ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
21:05:53.0328 4052        ac97intc - ok
21:05:53.0390 4052        ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:05:53.0593 4052        ACPI - ok
21:05:53.0609 4052        ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
21:05:53.0812 4052        ACPIEC - ok
21:05:54.0015 4052        ADIHdAudAddService (beee84a79710f705864685b05f1bb172) C:\WINDOWS\system32\drivers\ADIHdAud.sys
21:05:54.0078 4052        ADIHdAudAddService - ok
21:05:54.0125 4052        adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
21:05:54.0328 4052        adpu160m - ok
21:05:54.0343 4052        AEAudioService  (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys
21:05:54.0390 4052        AEAudioService - ok
21:05:54.0593 4052        aec            (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
21:05:54.0765 4052        aec - ok
21:05:54.0859 4052        AegisP          (15e655baa989444f56787ef558823643) C:\WINDOWS\system32\DRIVERS\AegisP.sys
21:05:54.0890 4052        AegisP ( UnsignedFile.Multi.Generic ) - warning
21:05:54.0890 4052        AegisP - detected UnsignedFile.Multi.Generic (1)
21:05:54.0937 4052        AFD            (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
21:05:55.0000 4052        AFD - ok
21:05:55.0187 4052        agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
21:05:55.0390 4052        agp440 - ok
21:05:55.0406 4052        agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
21:05:55.0593 4052        agpCPQ - ok
21:05:55.0609 4052        Aha154x        (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
21:05:55.0703 4052        Aha154x - ok
21:05:55.0718 4052        aic78u2        (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
21:05:55.0921 4052        aic78u2 - ok
21:05:55.0937 4052        aic78xx        (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
21:05:56.0109 4052        aic78xx - ok
21:05:56.0140 4052        AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
21:05:56.0328 4052        AliIde - ok
21:05:56.0546 4052        alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
21:05:56.0734 4052        alim1541 - ok
21:05:56.0750 4052        amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
21:05:56.0937 4052        amdagp - ok
21:05:57.0031 4052        amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
21:05:57.0140 4052        amsint - ok
21:05:57.0187 4052        ANC            (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
21:05:57.0203 4052        ANC ( UnsignedFile.Multi.Generic ) - warning
21:05:57.0203 4052        ANC - detected UnsignedFile.Multi.Generic (1)
21:05:57.0406 4052        Arp1394        (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
21:05:57.0593 4052        Arp1394 - ok
21:05:57.0640 4052        asc            (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
21:05:57.0843 4052        asc - ok
21:05:57.0843 4052        asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
21:05:57.0937 4052        asc3350p - ok
21:05:57.0953 4052        asc3550        (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
21:05:58.0156 4052        asc3550 - ok
21:05:58.0328 4052        AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:05:58.0500 4052        AsyncMac - ok
21:05:58.0531 4052        atapi          (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:05:58.0718 4052        atapi - ok
21:05:58.0875 4052        Atdisk - ok
21:05:58.0953 4052        Atmarpc        (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:05:59.0140 4052        Atmarpc - ok
21:05:59.0250 4052        atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
21:05:59.0312 4052        atmeltpm - ok
21:05:59.0468 4052        audstub        (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:05:59.0656 4052        audstub - ok
21:05:59.0718 4052        Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:05:59.0906 4052        Beep - ok
21:06:00.0000 4052        BTKRNL          (dbd408226b00c20158864f30a5a84451) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
21:06:00.0062 4052        BTKRNL ( UnsignedFile.Multi.Generic ) - warning
21:06:00.0062 4052        BTKRNL - detected UnsignedFile.Multi.Generic (1)
21:06:00.0234 4052        BTWUSB          (7cd8e4303fda5b11da325340778d99d9) C:\WINDOWS\system32\Drivers\btwusb.sys
21:06:00.0250 4052        BTWUSB ( UnsignedFile.Multi.Generic ) - warning
21:06:00.0250 4052        BTWUSB - detected UnsignedFile.Multi.Generic (1)
21:06:00.0281 4052        cbidf          (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
21:06:00.0484 4052        cbidf - ok
21:06:00.0484 4052        cbidf2k        (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:06:00.0671 4052        cbidf2k - ok
21:06:00.0734 4052        cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
21:06:00.0828 4052        cd20xrnt - ok
21:06:00.0859 4052        Cdaudio        (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:06:01.0031 4052        Cdaudio - ok
21:06:01.0296 4052        Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
21:06:01.0484 4052        Cdfs - ok
21:06:01.0546 4052        Cdrom          (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:06:01.0734 4052        Cdrom - ok
21:06:01.0750 4052        Changer - ok
21:06:01.0812 4052        CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
21:06:02.0000 4052        CmBatt - ok
21:06:02.0031 4052        CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
21:06:02.0218 4052        CmdIde - ok
21:06:02.0406 4052        Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
21:06:02.0593 4052        Compbatt - ok
21:06:02.0625 4052        Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
21:06:02.0812 4052        Cpqarray - ok
21:06:02.0859 4052        dac2w2k        (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
21:06:03.0062 4052        dac2w2k - ok
21:06:03.0125 4052        dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
21:06:03.0328 4052        dac960nt - ok
21:06:03.0421 4052        Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
21:06:03.0609 4052        Disk - ok
21:06:03.0656 4052        DLABOIOM        (35cbc02546335ea41a5d516da6626c8a) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
21:06:03.0687 4052        DLABOIOM ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0687 4052        DLABOIOM - detected UnsignedFile.Multi.Generic (1)
21:06:03.0703 4052        DLACDBHM        (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
21:06:03.0703 4052        DLACDBHM ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0703 4052        DLACDBHM - detected UnsignedFile.Multi.Generic (1)
21:06:03.0734 4052        DLADResN        (2104649b0b79b9f30122c545cba0c655) C:\WINDOWS\system32\DLA\DLADResN.SYS
21:06:03.0750 4052        DLADResN ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0750 4052        DLADResN - detected UnsignedFile.Multi.Generic (1)
21:06:03.0906 4052        DLAIFS_M        (e4859ca5bd8412a9a60d62067a653522) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
21:06:03.0937 4052        DLAIFS_M ( UnsignedFile.Multi.Generic ) - warning
21:06:03.0937 4052        DLAIFS_M - detected UnsignedFile.Multi.Generic (1)
21:06:04.0078 4052        DLAOPIOM        (20c24a3d1cf0825487c93f806625805e) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
21:06:04.0093 4052        DLAOPIOM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0093 4052        DLAOPIOM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0125 4052        DLAPoolM        (8a530da5dc81954bcf1966813f699b49) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
21:06:04.0140 4052        DLAPoolM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0140 4052        DLAPoolM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0203 4052        DLARTL_N        (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
21:06:04.0218 4052        DLARTL_N ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0218 4052        DLARTL_N - detected UnsignedFile.Multi.Generic (1)
21:06:04.0250 4052        DLAUDFAM        (7eda68af6a91bf64af6f301e39928ebf) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
21:06:04.0281 4052        DLAUDFAM ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0281 4052        DLAUDFAM - detected UnsignedFile.Multi.Generic (1)
21:06:04.0406 4052        DLAUDF_M        (a18423bbc6d92b01fdf3c51e7510ee70) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
21:06:04.0421 4052        DLAUDF_M ( UnsignedFile.Multi.Generic ) - warning
21:06:04.0421 4052        DLAUDF_M - detected UnsignedFile.Multi.Generic (1)
21:06:04.0546 4052        dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
21:06:04.0781 4052        dmboot - ok
21:06:04.0984 4052        dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
21:06:05.0171 4052        dmio - ok
21:06:05.0203 4052        dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:06:05.0406 4052        dmload - ok
21:06:05.0437 4052        DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
21:06:05.0640 4052        DMusic - ok
21:06:05.0703 4052        DozeHDD        (6d279bb0de1d8e34f454e1b353f4d738) C:\WINDOWS\system32\DRIVERS\DozeHDD.sys
21:06:05.0734 4052        DozeHDD - ok
21:06:05.0906 4052        dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
21:06:06.0109 4052        dpti2o - ok
21:06:06.0171 4052        drmkaud        (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
21:06:06.0359 4052        drmkaud - ok
21:06:06.0437 4052        DRVMCDB        (48c7008d23dcfce0d0232f49307efced) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
21:06:06.0468 4052        DRVMCDB ( UnsignedFile.Multi.Generic ) - warning
21:06:06.0468 4052        DRVMCDB - detected UnsignedFile.Multi.Generic (1)
21:06:06.0625 4052        DRVNDDM        (05467e44a42c777dd1534bb4539b16d1) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
21:06:06.0640 4052        DRVNDDM ( UnsignedFile.Multi.Generic ) - warning
21:06:06.0640 4052        DRVNDDM - detected UnsignedFile.Multi.Generic (1)
21:06:06.0703 4052        E100B          (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
21:06:06.0906 4052        E100B - ok
21:06:06.0953 4052        e1express      (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
21:06:07.0015 4052        e1express - ok
21:06:07.0125 4052        eeCtrl          (579a6b6135d32b857faf0e3a974535d8) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
21:06:07.0156 4052        eeCtrl - ok
21:06:07.0296 4052        EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
21:06:07.0343 4052        EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
21:06:07.0343 4052        EGATHDRV - detected UnsignedFile.Multi.Generic (1)
21:06:07.0562 4052        EraserUtilDrv11122 (028d50f059bd0d2ccb209e9011b9a9a4) C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys
21:06:07.0578 4052        EraserUtilDrv11122 - ok
21:06:07.0687 4052        Fastfat        (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
21:06:07.0875 4052        Fastfat - ok
21:06:07.0906 4052        Fdc            (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:06:08.0125 4052        Fdc - ok
21:06:08.0281 4052        filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
21:06:08.0296 4052        filtertdidriver ( UnsignedFile.Multi.Generic ) - warning
21:06:08.0296 4052        filtertdidriver - detected UnsignedFile.Multi.Generic (1)
21:06:08.0359 4052        Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
21:06:08.0546 4052        Fips - ok
21:06:08.0765 4052        Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:06:08.0953 4052        Flpydisk - ok
21:06:09.0031 4052        FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
21:06:09.0234 4052        FltMgr - ok
21:06:09.0296 4052        Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:06:09.0484 4052        Fs_Rec - ok
21:06:09.0687 4052        Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:06:09.0875 4052        Ftdisk - ok
21:06:09.0906 4052        G400            (33d00f8cb70ac5f7a8101f79d5273615) C:\WINDOWS\system32\DRIVERS\G400m.sys
21:06:10.0125 4052        G400 - ok
21:06:10.0343 4052        Gpc            (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:06:10.0515 4052        Gpc - ok
21:06:10.0656 4052        HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:06:10.0843 4052        HDAudBus - ok
21:06:10.0921 4052        hpn            (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
21:06:11.0093 4052        hpn - ok
21:06:11.0156 4052        HSFHWAZL        (702a7e1b3c9263efbd6aede3b6919761) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
21:06:11.0187 4052        HSFHWAZL - ok
21:06:11.0343 4052        HSF_DPV        (8d02cb68d53aa36189faf86fed438884) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
21:06:11.0406 4052        HSF_DPV - ok
21:06:11.0468 4052        HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
21:06:11.0546 4052        HSXHWAZL - ok
21:06:11.0718 4052        HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
21:06:11.0781 4052        HTTP - ok
21:06:11.0875 4052        hwdatacard      (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
21:06:11.0953 4052        hwdatacard - ok
21:06:12.0109 4052        i2omgmt        (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
21:06:12.0296 4052        i2omgmt - ok
21:06:12.0343 4052        i2omp          (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
21:06:12.0515 4052        i2omp - ok
21:06:12.0718 4052        i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:06:12.0906 4052        i8042prt - ok
21:06:13.0218 4052        ialm            (06b71441957b48a4866de2fe27cb79c8) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
21:06:13.0875 4052        ialm - ok
21:06:14.0078 4052        iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
21:06:14.0140 4052        iaStor ( UnsignedFile.Multi.Generic ) - warning
21:06:14.0140 4052        iaStor - detected UnsignedFile.Multi.Generic (1)
21:06:14.0328 4052        IBMPMDRV        (e3ffc8cb45b3f55264ee10f084b2731b) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
21:06:14.0343 4052        IBMPMDRV - ok
21:06:14.0421 4052        IBMTPCHK        (3a7dbe81ec5edb96a0a61c7d4af3198d) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
21:06:14.0437 4052        IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
21:06:14.0437 4052        IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
21:06:14.0484 4052        Imapi          (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:06:14.0656 4052        Imapi - ok
21:06:14.0718 4052        ini910u        (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
21:06:14.0906 4052        ini910u - ok
21:06:15.0078 4052        IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
21:06:15.0265 4052        IntelIde - ok
21:06:15.0328 4052        intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:06:15.0515 4052        intelppm - ok
21:06:16.0437 4052        Ip6Fw          (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
21:06:16.0687 4052        Ip6Fw - ok
21:06:16.0734 4052        IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:06:16.0921 4052        IpFilterDriver - ok
21:06:16.0953 4052        IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:06:17.0125 4052        IpInIp - ok
21:06:17.0203 4052        IpNat          (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:06:17.0390 4052        IpNat - ok
21:06:17.0578 4052        IPSec          (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:06:17.0750 4052        IPSec - ok
21:06:17.0812 4052        irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
21:06:18.0000 4052        irda - ok
21:06:18.0015 4052        IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:06:18.0203 4052        IRENUM - ok
21:06:18.0281 4052        isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:06:18.0468 4052        isapnp - ok
21:06:18.0656 4052        Iviaspi        (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
21:06:18.0656 4052        Iviaspi ( UnsignedFile.Multi.Generic ) - warning
21:06:18.0656 4052        Iviaspi - detected UnsignedFile.Multi.Generic (1)
21:06:18.0734 4052        Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:06:18.0906 4052        Kbdclass - ok
21:06:19.0000 4052        kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
21:06:19.0187 4052        kmixer - ok
21:06:19.0234 4052        KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
21:06:19.0296 4052        KSecDD - ok
21:06:19.0437 4052        lbrtfdc - ok
21:06:19.0515 4052        lenovo.smi      (9aac267a225f3caebb9e633f7eb16e4b) C:\WINDOWS\system32\DRIVERS\smiif32.sys
21:06:19.0531 4052        lenovo.smi - ok
21:06:19.0593 4052        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
21:06:19.0625 4052        MBAMProtector - ok
21:06:19.0671 4052        mdmxsdk        (a027de1e6c11bd2daf61f6f276b2299f) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
21:06:19.0687 4052        mdmxsdk - ok
21:06:19.0734 4052        mnmdd          (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:06:19.0921 4052        mnmdd - ok
21:06:20.0109 4052        Modem          (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
21:06:20.0296 4052        Modem - ok
21:06:20.0343 4052        Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:06:20.0531 4052        Mouclass - ok
21:06:20.0593 4052        MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
21:06:20.0781 4052        MountMgr - ok
21:06:20.0812 4052        mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
21:06:20.0984 4052        mraid35x - ok
21:06:21.0187 4052        MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:06:21.0375 4052        MRxDAV - ok
21:06:21.0468 4052        MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:06:21.0546 4052        MRxSmb - ok
21:06:21.0671 4052        Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
21:06:21.0875 4052        Msfs - ok
21:06:21.0921 4052        MSKSSRV        (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:06:22.0093 4052        MSKSSRV - ok
21:06:22.0140 4052        MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:06:22.0312 4052        MSPCLOCK - ok
21:06:22.0390 4052        MSPQM          (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
21:06:22.0593 4052        MSPQM - ok
21:06:22.0843 4052        mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:06:23.0015 4052        mssmbios - ok
21:06:23.0109 4052        Mup            (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
21:06:23.0171 4052        Mup - ok
21:06:23.0296 4052        NAVENG          (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\naveng.sys
21:06:23.0328 4052        NAVENG - ok
21:06:23.0406 4052        NAVEX15        (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20120312.003\navex15.sys
21:06:23.0500 4052        NAVEX15 - ok
21:06:23.0687 4052        NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
21:06:23.0890 4052        NDIS - ok
21:06:23.0937 4052        NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:06:24.0000 4052        NdisTapi - ok
21:06:24.0031 4052        Ndisuio        (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:06:24.0203 4052        Ndisuio - ok
21:06:24.0218 4052        NdisWan        (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:06:24.0437 4052        NdisWan - ok
21:06:24.0625 4052        NDProxy        (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
21:06:24.0687 4052        NDProxy - ok
21:06:24.0765 4052        NetBIOS        (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:06:24.0953 4052        NetBIOS - ok
21:06:24.0984 4052        NetBT          (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:06:25.0734 4052        NetBT - ok
21:06:26.0000 4052        NETw3x32        (50f5de54e1d1646c02078f3eddc15a8e) C:\WINDOWS\system32\DRIVERS\NETw3x32.sys
21:06:26.0171 4052        NETw3x32 - ok
21:06:26.0359 4052        NIC1394        (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
21:06:26.0546 4052        NIC1394 - ok
21:06:26.0609 4052        Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
21:06:26.0796 4052        Npfs - ok
21:06:26.0875 4052        NSCIRDA        (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
21:06:27.0062 4052        NSCIRDA - ok
21:06:27.0109 4052        Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
21:06:27.0312 4052        Ntfs - ok
21:06:27.0578 4052        Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:06:27.0781 4052        Null - ok
21:06:27.0875 4052        nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:06:28.0140 4052        nv - ok
21:06:28.0343 4052        NWADI          (d4e1d20883977be696c07bbb57230be2) C:\WINDOWS\system32\DRIVERS\NWADIenum.sys
21:06:28.0406 4052        NWADI - ok
21:06:28.0437 4052        NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:06:28.0640 4052        NwlnkFlt - ok
21:06:28.0656 4052        NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:06:28.0828 4052        NwlnkFwd - ok
21:06:28.0890 4052        odysseyIM4      (7af6ec0ea4261ecf7da084103be31ea8) C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys
21:06:28.0953 4052        odysseyIM4 - ok
21:06:29.0140 4052        ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
21:06:29.0328 4052        ohci1394 - ok
21:06:29.0390 4052        Parport        (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
21:06:29.0593 4052        Parport - ok
21:06:29.0593 4052        PartMgr        (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
21:06:29.0765 4052        PartMgr - ok
21:06:29.0796 4052        ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:06:30.0000 4052        ParVdm - ok
21:06:30.0187 4052        PCASp50 - ok
21:06:30.0265 4052        PCI            (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
21:06:30.0453 4052        PCI - ok
21:06:30.0468 4052        PCIDump - ok
21:06:30.0484 4052        PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:06:30.0671 4052        PCIIde - ok
21:06:30.0687 4052        Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
21:06:30.0859 4052        Pcmcia - ok
21:06:30.0875 4052        PDCOMP - ok
21:06:30.0890 4052        PDFRAME - ok
21:06:30.0906 4052        PDRELI - ok
21:06:30.0906 4052        PDRFRAME - ok
21:06:30.0937 4052        perc2          (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
21:06:31.0140 4052        perc2 - ok
21:06:31.0312 4052        perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
21:06:31.0515 4052        perc2hib - ok
21:06:31.0593 4052        pmem            (dedef40e1d05842639491365cb2c069e) C:\WINDOWS\System32\drivers\pmemnt.sys
21:06:31.0609 4052        pmem ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0609 4052        pmem - detected UnsignedFile.Multi.Generic (1)
21:06:31.0671 4052        PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:06:31.0859 4052        PptpMiniport - ok
21:06:31.0937 4052        PrivateDisk    (ebe579425ccb8377bfc7c0b50c05eb56) C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
21:06:31.0968 4052        PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
21:06:31.0968 4052        PrivateDisk - detected UnsignedFile.Multi.Generic (1)
21:06:32.0140 4052        PROCDD          (1d80309fed4babf8ea9e7b84a394348b) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
21:06:32.0156 4052        PROCDD - ok
21:06:32.0203 4052        Processor      (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
21:06:32.0375 4052        Processor - ok
21:06:32.0421 4052        psadd          (651d3abc1d82d61b6cfb40cb947b3db3) C:\WINDOWS\system32\DRIVERS\psadd.sys
21:06:32.0468 4052        psadd - ok
21:06:32.0500 4052        PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
21:06:32.0687 4052        PSched - ok
21:06:32.0921 4052        Ptilink        (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:06:33.0109 4052        Ptilink - ok
21:06:33.0203 4052        PxHelp20        (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
21:06:33.0218 4052        PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
21:06:33.0218 4052        PxHelp20 - detected UnsignedFile.Multi.Generic (1)
21:06:33.0250 4052        ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
21:06:33.0437 4052        ql1080 - ok
21:06:33.0437 4052        Ql10wnt        (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
21:06:33.0625 4052        Ql10wnt - ok
21:06:33.0640 4052        ql12160        (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
21:06:33.0843 4052        ql12160 - ok
21:06:34.0031 4052        ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
21:06:34.0234 4052        ql1240 - ok
21:06:34.0265 4052        ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
21:06:34.0453 4052        ql1280 - ok
21:06:34.0484 4052        RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:06:34.0671 4052        RasAcd - ok
21:06:34.0781 4052        Rasirda        (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
21:06:34.0875 4052        Rasirda - ok
21:06:35.0046 4052        Rasl2tp        (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:06:35.0234 4052        Rasl2tp - ok
21:06:35.0265 4052        RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:06:35.0437 4052        RasPppoe - ok
21:06:35.0484 4052        Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:06:35.0671 4052        Raspti - ok
21:06:35.0843 4052        Rdbss          (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:06:36.0015 4052        Rdbss - ok
21:06:36.0062 4052        RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:06:36.0234 4052        RDPCDD - ok
21:06:36.0281 4052        rdpdr          (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:06:36.0468 4052        rdpdr - ok
21:06:36.0656 4052        RDPWD          (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
21:06:36.0718 4052        RDPWD - ok
21:06:36.0843 4052        redbook        (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:06:37.0031 4052        redbook - ok
21:06:37.0156 4052        s24trans        (2862adb14481ac28f98105ff33a99eb0) C:\WINDOWS\system32\DRIVERS\s24trans.sys
21:06:37.0171 4052        s24trans ( UnsignedFile.Multi.Generic ) - warning
21:06:37.0171 4052        s24trans - detected UnsignedFile.Multi.Generic (1)
21:06:37.0281 4052        SAVRT          (a00d5aa4748a1002590f08aa00fc660d) C:\Programme\Symantec Client Security\Symantec AntiVirus\savrt.sys
21:06:37.0312 4052        SAVRT - ok
21:06:37.0312 4052        SAVRTPEL        (1e805005583be1c1568a3fce259c81e3) C:\Programme\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
21:06:37.0328 4052        SAVRTPEL - ok
21:06:37.0484 4052        sdbus          (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
21:06:37.0671 4052        sdbus - ok
21:06:37.0781 4052        Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:06:37.0968 4052        Secdrv - ok
21:06:38.0046 4052        serenum        (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:06:38.0234 4052        serenum - ok
21:06:38.0375 4052        Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
21:06:38.0562 4052        Serial - ok
21:06:38.0656 4052        Sfloppy        (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:06:38.0843 4052        Sfloppy - ok
21:06:38.0906 4052        Shockprf        (1624530d05155f4e5a4736531523bff5) C:\WINDOWS\system32\DRIVERS\Apsx86.sys
21:06:38.0937 4052        Shockprf - ok
21:06:39.0000 4052        Simbad - ok
21:06:39.0109 4052        sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
21:06:39.0281 4052        sisagp - ok
21:06:39.0390 4052        Smapint        (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
21:06:39.0406 4052        Smapint ( UnsignedFile.Multi.Generic ) - warning
21:06:39.0406 4052        Smapint - detected UnsignedFile.Multi.Generic (1)
21:06:39.0484 4052        smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys
21:06:39.0500 4052        smi2 ( UnsignedFile.Multi.Generic ) - warning
21:06:39.0500 4052        smi2 - detected UnsignedFile.Multi.Generic (1)
21:06:39.0546 4052        smihlp2        (0b9c01236d25bdcb37aa79dc59dfb7d3) C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
21:06:39.0562 4052        smihlp2 - ok
21:06:39.0703 4052        Sparrow        (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
21:06:39.0796 4052        Sparrow - ok
21:06:39.0921 4052        SPBBCDrv        (c30fa11923892a4dbd1c747db8492e8f) C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys
21:06:39.0953 4052        SPBBCDrv - ok
21:06:40.0125 4052        splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
21:06:40.0296 4052        splitter - ok
21:06:40.0359 4052        sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
21:06:40.0531 4052        sr - ok
21:06:40.0578 4052        Srv            (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
21:06:40.0640 4052        Srv - ok
21:06:40.0703 4052        swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:06:40.0890 4052        swenum - ok
21:06:41.0093 4052        swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
21:06:41.0265 4052        swmidi - ok
21:06:41.0375 4052        symc810        (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
21:06:41.0546 4052        symc810 - ok
21:06:41.0593 4052        symc8xx        (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
21:06:41.0796 4052        symc8xx - ok
21:06:41.0921 4052        SYMDNS          (1f0a3f93fecba6e873e75ac34538708b) C:\WINDOWS\System32\Drivers\SYMDNS.SYS
21:06:41.0937 4052        SYMDNS - ok
21:06:42.0031 4052        SymEvent        (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Programme\Symantec\SYMEVENT.SYS
21:06:42.0046 4052        SymEvent - ok
21:06:42.0109 4052        SYMFW          (ca212638c07f7a1736667319589f416e) C:\WINDOWS\System32\Drivers\SYMFW.SYS
21:06:42.0140 4052        SYMFW - ok
21:06:42.0140 4052        SYMIDS          (83a0415ab669afe9f2b7fccc52f23153) C:\WINDOWS\System32\Drivers\SYMIDS.SYS
21:06:42.0156 4052        SYMIDS - ok
21:06:42.0250 4052        SYMIDSCO        (2133d1f879b280121b0e6a7d34b24a02) C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\SCFIDS~1\20120308.001\symidsco.sys
21:06:42.0265 4052        SYMIDSCO - ok
21:06:42.0406 4052        SYMNDIS        (2a8ebb694d702d91d8046b31c3da2220) C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
21:06:42.0421 4052        SYMNDIS - ok
21:06:42.0515 4052        SYMREDRV        (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
21:06:42.0531 4052        SYMREDRV - ok
21:06:42.0578 4052        SYMTDI          (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
21:06:42.0593 4052        SYMTDI - ok
21:06:42.0640 4052        sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
21:06:42.0828 4052        sym_hi - ok
21:06:42.0859 4052        sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
21:06:43.0031 4052        sym_u3 - ok
21:06:43.0093 4052        sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
21:06:43.0265 4052        sysaudio - ok
21:06:43.0437 4052        Tcpip          (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:06:43.0546 4052        Tcpip - ok
21:06:43.0640 4052        TcUsb          (64abea4001f8eb869385e65d85bc302b) C:\WINDOWS\system32\Drivers\tcusb.sys
21:06:43.0656 4052        TcUsb - ok
21:06:43.0703 4052        TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:06:43.0890 4052        TDPIPE - ok
21:06:44.0062 4052        TDSMAPI        (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
21:06:44.0093 4052        TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
21:06:44.0093 4052        TDSMAPI - detected UnsignedFile.Multi.Generic (1)
21:06:44.0171 4052        TDTCP          (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
21:06:44.0359 4052        TDTCP - ok
21:06:44.0390 4052        TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:06:44.0578 4052        TermDD - ok
21:06:44.0656 4052        TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
21:06:44.0828 4052        TosIde - ok
21:06:44.0953 4052        Tp4Track        (5c7396b8f083dc4637c584deccd50504) C:\WINDOWS\system32\DRIVERS\tp4track.sys
21:06:44.0968 4052        Tp4Track - ok
21:06:45.0078 4052        TPDIGIMN        (d2378fbbd668d9fe9b6b5e3139d506d3) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys
21:06:45.0093 4052        TPDIGIMN - ok
21:06:45.0171 4052        TPHKDRV        (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
21:06:45.0234 4052        TPHKDRV - ok
21:06:45.0281 4052        TPPWRIF        (c037817e2498d9db736e4ba355b1f4e7) C:\WINDOWS\system32\drivers\Tppwrif.sys
21:06:45.0296 4052        TPPWRIF - ok
21:06:45.0359 4052        Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
21:06:45.0546 4052        Udfs - ok
21:06:45.0703 4052        ultra          (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
21:06:45.0812 4052        ultra - ok
21:06:45.0890 4052        Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
21:06:46.0078 4052        Update - ok
21:06:46.0296 4052        usbccgp        (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:06:46.0484 4052        usbccgp - ok
21:06:46.0593 4052        usbehci        (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:06:46.0781 4052        usbehci - ok
21:06:46.0875 4052        usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:06:47.0046 4052        usbhub - ok
21:06:47.0234 4052        usbohci        (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
21:06:47.0421 4052        usbohci - ok
21:06:47.0468 4052        usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:06:47.0656 4052        usbprint - ok
21:06:47.0734 4052        USBSTOR        (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:06:47.0906 4052        USBSTOR - ok
21:06:48.0046 4052        usbuhci        (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:06:48.0234 4052        usbuhci - ok
21:06:48.0296 4052        VgaSave        (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
21:06:48.0468 4052        VgaSave - ok
21:06:48.0562 4052        viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
21:06:48.0734 4052        viaagp - ok
21:06:48.0765 4052        ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
21:06:48.0953 4052        ViaIde - ok
21:06:49.0078 4052        VolSnap        (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
21:06:49.0265 4052        VolSnap - ok
21:06:49.0375 4052        Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:06:49.0546 4052        Wanarp - ok
21:06:49.0625 4052        Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
21:06:49.0656 4052        Wdf01000 - ok
21:06:49.0765 4052        WDICA - ok
21:06:49.0828 4052        wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
21:06:50.0015 4052        wdmaud - ok
21:06:50.0109 4052        winachsf        (115946a53b62a6b171fd0ed197c71d52) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
21:06:50.0156 4052        winachsf - ok
21:06:50.0359 4052        WS2IFSL        (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
21:06:50.0546 4052        WS2IFSL - ok
21:06:50.0656 4052        WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:06:50.0718 4052        WudfPf - ok
21:06:50.0750 4052        WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:06:50.0796 4052        WudfRd - ok
21:06:50.0828 4052        MBR (0x1B8)    (92d29754b68d05ee70cc87aababd4248) \Device\Harddisk0\DR0
21:06:50.0953 4052        \Device\Harddisk0\DR0 - ok
21:06:50.0953 4052        Boot (0x1200)  (c447e1c7bc354db11275d563ad66d2a6) \Device\Harddisk0\DR0\Partition0
21:06:50.0953 4052        \Device\Harddisk0\DR0\Partition0 - ok
21:06:50.0953 4052        ============================================================
21:06:50.0953 4052        Scan finished
21:06:50.0953 4052        ============================================================
21:06:51.0062 5736        Detected object count: 27
21:06:51.0062 5736        Actual detected object count: 27
21:10:27.0390 5736        AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        ANC ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        DLABOIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        DLABOIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0390 5736        DLACDBHM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0390 5736        DLACDBHM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLADResN ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLADResN ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAIFS_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAIFS_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAOPIOM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAOPIOM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAPoolM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAPoolM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLARTL_N ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLARTL_N ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAUDFAM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAUDFAM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DLAUDF_M ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DLAUDF_M ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0406 5736        DRVMCDB ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0406 5736        DRVMCDB ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        DRVNDDM ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        DRVNDDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        filtertdidriver ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        filtertdidriver ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        iaStor ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        iaStor ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0421 5736        pmem ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0421 5736        pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:27.0437 5736        TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:27.0437 5736        TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 14.03.2012 15:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

zebrakatz 17.03.2012 21:07
Hallo Arne,

nach einigen Schwierigkeiten beim Lauf von Combo-Fix, habe ich es nun geschafft (Log wurde meist nicht erzeugt bzw. ist).
Vielen Dank weiterhin für deine Hilfe

Hier nun das Log:

Combofix Logfile:
Code:
ComboFix 12-03-14.01 - leno 17.03.2012  19:59:47.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.3062.2103 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\leno\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Vorheriger Suchlauf -------
.
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-17 bis 2012-03-17  ))))))))))))))))))))))))))))))
.
.
2012-03-16 20:42 . 2012-03-16 20:42        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Avaya
2012-03-09 20:07 . 2012-03-09 20:07        --------        d-----w-        C:\_OTL
2012-03-04 14:40 . 2012-03-04 14:40        --------        d-----w-        c:\programme\7-Zip
2012-03-03 21:02 . 2012-03-03 21:10        --------        d-----w-        c:\dokumente und einstellungen\leno\Lokale Einstellungen\Anwendungsdaten\NPE
2012-03-03 21:02 . 2012-03-03 21:02        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Norton
2012-03-03 19:44 . 2012-03-03 19:44        388096        ----a-r-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-03 19:44 . 2012-03-03 19:44        --------        d-----w-        c:\programme\TrendMicro
2012-03-03 17:23 . 2012-03-03 17:23        --------        d-----w-        c:\programme\CCleaner
2012-03-03 17:14 . 2012-03-03 17:21        --------        d-----w-        C:\bases
2012-03-03 16:30 . 2012-03-03 16:35        --------        d-----w-        c:\dokumente und einstellungen\LocalService\Anwendungsdaten\HPAppData
2012-03-03 16:30 . 2012-03-03 16:31        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2012-02-28 16:56 . 2004-10-22 01:16        180224        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-02-28 16:56 . 2004-10-22 01:17        274432        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-02-28 16:56 . 2004-10-22 01:17        69715        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-02-28 16:56 . 2004-10-22 01:16        5632        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-02-28 16:56 . 2004-10-22 01:18        749568        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-02-28 16:55 . 2012-02-28 16:55        192644        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-02-28 16:55 . 2012-02-28 16:55        323716        ----a-w-        c:\programme\Gemeinsame Dateien\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-02-27 19:27 . 2012-02-27 19:27        --------        d-----w-        c:\programme\ESET
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2012-02-27 19:09 . 2012-02-27 19:09        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2012-02-27 19:09 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-27 17:03 . 2012-02-28 07:35        --------        d-----w-        c:\windows\SxsCaPendDel
2012-02-27 07:43 . 2012-02-27 17:02        --------        d-----w-        c:\programme\Gemeinsame Dateien\Spigot
2012-02-27 07:42 . 2010-01-15 17:30        315392        ----a-w-        c:\windows\system32\TubeFinder.exe
2012-02-27 07:42 . 2009-06-19 17:51        84512        ----a-w-        c:\windows\system32\PICCLP32.OCX
2012-02-27 07:42 . 2009-06-19 17:51        364544        ----a-w-        c:\windows\system32\PropertyGrid.ocx
2012-02-27 07:42 . 2009-06-19 17:51        119568        ----a-w-        c:\windows\system32\VB6FR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        101888        ----a-w-        c:\windows\system32\VB6STKIT.DLL
2012-02-27 07:42 . 2012-02-27 07:52        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\FreeFLVConverter
2012-02-27 07:42 . 2009-06-19 17:51        9728        ----a-w-        c:\windows\system32\PCCLPFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        32768        ----a-w-        c:\windows\system32\CMDLGFR.DLL
2012-02-27 07:42 . 2009-06-19 17:51        24576        ----a-w-        c:\windows\system32\ControlSubX.ocx
2012-02-27 07:42 . 2009-06-19 17:51        152848        ----a-w-        c:\windows\system32\COMDLG32.OCX
2012-02-27 07:42 . 2009-06-19 17:51        141312        ----a-w-        c:\windows\system32\MSCMCFR.DLL
2012-02-26 21:09 . 2012-03-04 12:57        --------        d-----w-        c:\dokumente und einstellungen\leno\Anwendungsdaten\HPAppData
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 20:10 . 2011-12-21 06:23        228216        ----a-w-        c:\windows\OptionPCCardInstaller_tmccUninstall.exe
2012-02-13 20:09 . 2011-12-21 06:22        75742        ----a-w-        c:\windows\Novatel_V20051InstallerUninstall.exe
2012-02-13 20:08 . 2011-12-21 06:21        68261        ----a-w-        c:\windows\Huawei ModemsUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        65973        ----a-w-        c:\windows\sem_GCXXUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        89716        ----a-w-        c:\windows\OptionPluss_PCCardInstallerUninstall.exe
2012-02-13 19:59 . 2012-02-13 19:59        90499        ----a-w-        c:\windows\OptionPCCardInstallerUninstall.exe
2012-02-03 09:57 . 2006-01-27 01:00        1860224        ----a-w-        c:\windows\system32\win32k.sys
2012-01-11 19:06 . 2012-02-15 20:59        3072        ------w-        c:\windows\system32\iacenc.dll
2012-01-09 16:20 . 2006-01-27 01:00        139784        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2011-12-22 06:42 . 2011-12-22 06:42        637848        ----a-w-        c:\windows\system32\npdeployJava1.dll
2011-12-22 06:42 . 2011-12-21 20:08        141312        ----a-w-        c:\windows\system32\javacpl.cpl
2011-12-22 06:42 . 2011-12-21 20:08        567184        ----a-w-        c:\windows\system32\deployJava1.dll
2011-12-21 21:02 . 2011-12-21 21:02        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-19 08:53 . 2006-01-27 01:01        672768        ----a-w-        c:\windows\system32\wininet.dll
2011-12-19 08:53 . 2006-01-27 01:01        61952        ----a-w-        c:\windows\system32\tdc.ocx
2011-12-19 08:53 . 2006-01-27 01:01        81920        ----a-w-        c:\windows\system32\ieencode.dll
2011-12-19 08:52 . 2006-01-27 01:01        371200        ----a-w-        c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrackPointSrv"="c:\programme\Lenovo\TrackPoint\tp4serv.exe" [2011-11-01 95264]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2011-10-04 818240]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2011-10-04 208896]
"TPKMAPHELPER"="c:\programme\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 856064]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"TP4EX"="tp4ex.exe" [2005-10-17 65536]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2009-07-23 185688]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-02-02 122940]
"ISUSPM Startup"="c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AwaySch"="c:\programme\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"ccApp"="c:\programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" [2005-07-12 48752]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-08-30 86112]
"ACWLIcon"="c:\programme\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2011-10-20 191552]
"PDService.exe"="c:\programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]
"cssauth"="c:\programme\Lenovo\Client Security Solution\cssauth.exe" [2006-07-14 2341632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-08-09 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-09 155648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-09 131072]
"TVT Scheduler Proxy"="c:\programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"LenovoAutoScrollUtility"="c:\programme\Lenovo\VIRTSCRL\virtscrl.exe" [2011-08-17 99688]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"LPMailChecker"="c:\progra~1\THINKV~2\PrdCtr\LPMLCHK.exe" [2009-07-23 124248]
"DataCardMonitor"="c:\programme\Huawei Modems\DataCardMonitor.exe" [2011-12-21 249856]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-09-30 252296]
"Malwarebytes' Anti-Malware"="c:\programme\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
2006-08-16 17:07        49152        ----a-w-        c:\programme\Lenovo\AwayTask\AwayNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2009-12-01 12:41        100104        ----a-w-        c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^WTGU.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\WTGU.lnk
backup=c:\windows\pss\WTGU.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-08-03 11:51        202024        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-14 20:17        49152        ----a-w-        c:\programme\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2007-08-08 08:25        1828136        ----a-w-        c:\programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 14:57        153136        ----a-w-        c:\programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 14:09        413696        ----a-w-        c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-03 08:56        204288        ------w-        c:\programme\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programme\\HP\\Digital Imaging\\bin\\hposid01.exe"=
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [14.01.2012 21:09 25968]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [29.03.2011 19:12 20592]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [12.12.2011 12:41 13680]
R2 DozeSvc;Lenovo Doze Mode Service;c:\programme\ThinkPad\Utilities\DOZESVC.EXE [14.01.2012 21:09 292200]
R2 MBAMService;MBAMService;c:\programme\Malwarebytes' Anti-Malware\mbamservice.exe [27.02.2012 20:09 652360]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\programme\ThinkPad\Utilities\PWMDBSVC.exe [14.01.2012 21:09 69632]
R2 PrivateDisk;PrivateDisk;c:\programme\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [13.03.2006 16:05 58368]
R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\programme\ThinkPad\Utilities\PWMEWSVC.exe [14.01.2012 21:09 175168]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [14.07.2006 15:55 3968]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\programme\ThinkVantage Fingerprint Software\smihlp.sys [13.03.2009 13:47 12560]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\programme\Lenovo\HOTKEY\tphkload.exe [12.12.2011 12:41 131432]
R2 TPHKSVC;Anzeige am Bildschirm;c:\programme\Lenovo\HOTKEY\TPHKSVC.exe [12.12.2011 12:41 142696]
R3 EraserUtilDrv11122;EraserUtilDrv11122;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilDrv11122.sys [12.03.2012 19:58 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.02.2012 20:09 20464]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [09.12.2011 00:41 24872]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\programme\Lenovo\HOTKEY\micmute.exe [12.12.2011 12:41 101736]
S3 filtertdidriver;filtertdidriver;c:\windows\system32\drivers\ewfiltertdidriver.sys [21.12.2011 20:26 7552]
S3 SavRoam;SAVRoam;c:\programme\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [30.08.2005 14:40 128608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-04 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\programme\PCDR5\pcdr5cuiw32.exe [2009-02-20 20:57]
.
2012-03-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2011-12-08 00:39]
.
2011-12-12 c:\windows\Tasks\Symantec NetDetect.job
- c:\programme\Symantec\LiveUpdate\NDETECT.EXE [2011-12-08 16:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/de/de
uInternet Settings,ProxyServer = proxy.intersoft-ag.de:3128
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\dokumente und einstellungen\leno\Anwendungsdaten\Mozilla\Firefox\Profiles\52vhakko.default\
FF - prefs.js: browser.search.selectedEngine - WOT Safe Search
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-PC-Doctor for Windows - c:\programme\PCDR5\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-03-17 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DataCardMonitor = c:\programme\Huawei Modems\DataCardMonitor.exe??????????????rogramme\Huawei Modems\DataCardMonitor.exe???????????)=?rogramme\Huawei Modems\?red\?????????+=?rogramme\Huawei Modems\DataCardMonitor.exe?R5???C?\? ?=? ?=?EMP=c:\dokume~1\leno\LOKALE~1\Temp?TMP=C
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1024)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
c:\programme\ThinkVantage Fingerprint Software\homepass.dll
c:\programme\ThinkVantage Fingerprint Software\bio.dll
c:\programme\ThinkVantage Fingerprint Software\qlbase.dll
c:\programme\ThinkVantage Fingerprint Software\ps2css.dll
c:\programme\Lenovo\AwayTask\AwayNotify.dll
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'lsass.exe'(1080)
c:\programme\ThinkVantage Fingerprint Software\psqlpwd.dll
c:\programme\ThinkVantage Fingerprint Software\homefus2.dll
c:\programme\ThinkVantage Fingerprint Software\infql2.dll
.
- - - - - - - > 'explorer.exe'(5752)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2012-03-17  20:08:58
ComboFix-quarantined-files.txt  2012-03-17 19:08
.
Vor Suchlauf: 16 Verzeichnis(se), 45.301.776.384 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 45.288.345.600 Bytes frei
.
- - End Of File - - 10E167E4BED1F1BC203CF49951C85A2E
--- --- ---

cosinus 19.03.2012 15:42
Zitat:
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *Enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
Corporate Edition von Symantec? Ist das ein Büro-PC?

zebrakatz 19.03.2012 20:56
Hallo Arne,
der PC ist schon eine Weile privat, aber war früher Büro.
Durch die letzte Rücksetzung hatte ich wieder den Schutz drauf (vorisnstalliert; ist aber nun abgelaufen, daher nicht mehr auf der Platte). Norton Internet Security 2012 ist jetzt aktiv.

cosinus 20.03.2012 16:10
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

zebrakatz 23.03.2012 23:37
Hallo Arne,

hier die drei gewünschten Logs und auch ein Log vom Full-Scan von Norton Internet Security 2012 (hat leider wieder einen Trojaner gefunden).

cosinus 24.03.2012 18:16
Warum postest du das nicht in CODE-Tags...?

zebrakatz 24.03.2012 20:35
Hallo Arne,
sorry mein Fehler. Ich dachte für die 4 Logs passt zip besser.
Hier nun per Code-Tags.

1) Norton Internet Security (Virus Fund):


Code:
Scanstatistiken:
  Scanzeit: 4.085 Sekunden
  Scanziele: Gesamter Computer
  Zähler:
Gescannte Elemente insgesamt: 337.594
– Dateien und Laufwerke: 331.683
– Registrierungseinträge: 471
– Prozesse und Elemente beim Start: 4.819
– Netzwerk und Browser-Elemente: 614
– Sonstiges: 4
– Vertrauenswürdige Dateien: 1.530
– Übersprungene Dateien: 376

Erkannte Sicherheitsrisiken insgesamt: 1
Behobene Elemente insgesamt: 1
Elemente insgesamt, die Aufmerksamkeit erfordern: 0

Behobene Bedrohungen:
Trojan.ADH.2
 Typ: Anomalie
 Risiko: Hoch (Hoch Verbergen, Hoch Entfernen, Hoch Leistung, Hoch Datenschutz) 
 Kategorien: Virus
 Status: Ausgeschlossen
 -----------
 1 Datei
c:\system volume information\_restore{b991f27a-883f-42a9-a172-eaab1d37fffa}\rp149\a0020067.exe - Ausgeschlossen
1 Browser-Cache





Nicht behobene Bedrohungen:
Keine nicht behobenen Risiken


2) GMER-Log:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-03-22 21:14:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HITACHI_HTS541680J9SA00 rev.SB2IC7JP
Running: 3fktjv7y.exe; Driver: C:\DOKUME~1\leno\LOKALE~1\Temp\uwecrkoc.sys


---- System - GMER 1.0.15 ----

SSDT            89BB8110                                                                                                                        ZwAlertResumeThread
SSDT            89BD2468                                                                                                                        ZwAlertThread
SSDT            8AA58CB8                                                                                                                        ZwAllocateVirtualMemory
SSDT            8957E1C0                                                                                                                        ZwAssignProcessToJobObject
SSDT            89D2E840                                                                                                                        ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                      ZwCreateKey [0xA8827D40]
SSDT            89BB2008                                                                                                                        ZwCreateMutant
SSDT            89B92F80                                                                                                                        ZwCreateSymbolicLinkObject
SSDT            89B70D40                                                                                                                        ZwCreateThread
SSDT            89B670D8                                                                                                                        ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                      ZwDeleteKey [0xA8827FC0]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                      ZwDeleteValueKey [0xA8828680]
SSDT            8AA4FC38                                                                                                                        ZwDuplicateObject
SSDT            8AA14C80                                                                                                                        ZwFreeVirtualMemory
SSDT            89BD8110                                                                                                                        ZwImpersonateAnonymousToken
SSDT            89BD8008                                                                                                                        ZwImpersonateThread
SSDT            8AA58C80                                                                                                                        ZwLoadDriver
SSDT            894DD310                                                                                                                        ZwMapViewOfSection
SSDT            89BB2130                                                                                                                        ZwOpenEvent
SSDT            8A9FC698                                                                                                                        ZwOpenProcess
SSDT            89BDC290                                                                                                                        ZwOpenProcessToken
SSDT            89BAB130                                                                                                                        ZwOpenSection
SSDT            8AA502C8                                                                                                                        ZwOpenThread
SSDT            8957E0F0                                                                                                                        ZwProtectVirtualMemory
SSDT            89BD2508                                                                                                                        ZwResumeThread
SSDT            89B8DA90                                                                                                                        ZwSetContextThread
SSDT            8AA41498                                                                                                                        ZwSetInformationProcess
SSDT            89B671B8                                                                                                                        ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)                                      ZwSetValueKey [0xA8828910]
SSDT            89BAB008                                                                                                                        ZwSuspendProcess
SSDT            89BD25C8                                                                                                                        ZwSuspendThread
SSDT            89BBF150                                                                                                                        ZwTerminateProcess
SSDT            89BAE840                                                                                                                        ZwTerminateThread
SSDT            89BE7080                                                                                                                        ZwUnmapViewOfSection
SSDT            8AC46E58                                                                                                                        ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwCallbackReturn + 2C60                                                                                            805044FC 4 Bytes  CALL CF34CED3
?              SYMDS.SYS                                                                                                                        Das System kann die angegebene Datei nicht finden. !
?              SYMEFA.SYS                                                                                                                      Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + 6                                              7C91D0B4 4 Bytes  [28, 00, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateFile + B                                              7C91D0B9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + 6                                              7C91D0F4 4 Bytes  [68, 01, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateKey + B                                              7C91D0F9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + 6                                            7C91D114 4 Bytes  [28, 02, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateMutant + B                                            7C91D119 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + 6                                          7C91D184 4 Bytes  [68, 02, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtCreateSection + B                                          7C91D189 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + 6                                        7C91D524 4 Bytes  [A8, 04, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtMapViewOfSection + B                                        7C91D529 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + 6                                                7C91D5A4 4 Bytes  [68, 00, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenFile + B                                                7C91D5A9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + 6                                                7C91D5D4 4 Bytes  [A8, 01, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenKey + B                                                7C91D5D9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + 6                                              7C91D5E4 4 Bytes  CALL 7B91ECEA
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenMutant + B                                              7C91D5E9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6                                            7C91D604 1 Byte  [28]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + 6                                            7C91D604 4 Bytes  [28, 03, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcess + B                                            7C91D609 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6                                        7C91D614 1 Byte  [68]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + 6                                        7C91D614 4 Bytes  [68, 03, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessToken + B                                        7C91D619 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + 6                                      7C91D624 4 Bytes  [28, 04, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenProcessTokenEx + B                                      7C91D629 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + 6                                            7C91D634 4 Bytes  [A8, 02, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenSection + B                                            7C91D639 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + 6                                              7C91D664 4 Bytes  CALL 7B91ED6B
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThread + B                                              7C91D669 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6                                        7C91D674 1 Byte  [E8]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + 6                                        7C91D674 4 Bytes  CALL 7B91ED7C
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadToken + B                                        7C91D679 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + 6                                      7C91D684 4 Bytes  [68, 04, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtOpenThreadTokenEx + B                                      7C91D689 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + 6                                    7C91D714 4 Bytes  [A8, 00, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryAttributesFile + B                                    7C91D719 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + 6                                7C91D7B4 4 Bytes  CALL 7B91EEB9
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtQueryFullAttributesFile + B                                7C91D7B9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + 6                                      7C91DC64 4 Bytes  [28, 01, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationFile + B                                      7C91DC69 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6                                    7C91DCB4 1 Byte  [A8]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + 6                                    7C91DCB4 4 Bytes  [A8, 03, 17, 00]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtSetInformationThread + B                                    7C91DCB9 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + 6                                      7C91DF14 4 Bytes  CALL 7B91F61D
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ntdll.dll!NtUnmapViewOfSection + B                                      7C91DF19 1 Byte  [E2]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessW                                            7C802336 5 Bytes  JMP 002D00B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateProcessA                                            7C80236B 5 Bytes  JMP 002D00F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateEventW                                              7C80A749 5 Bytes  JMP 002D0030
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!CreateThread                                              7C8106D7 5 Bytes  JMP 002D0170
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] kernel32.dll!OpenEventW                                                7C8131E0 5 Bytes  JMP 002D0070
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatA                                    7E368E28 5 Bytes  JMP 003C02F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClipboardFormatW                                    7E36AF34 5 Bytes  JMP 003C02B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!RegisterClassExA                                            7E377C39 5 Bytes  JMP 003C0530
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ActivateKeyboardLayout                                      7E378673 5 Bytes  JMP 003C04F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!IsClipboardFormatAvailable                                  7E37F166 5 Bytes  JMP 003C00F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber                                  7E37F17A 2 Bytes  JMP 003C0330
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardSequenceNumber + 3                              7E37F17D 2 Bytes  [04, 82] {ADD AL, 0x82}
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CloseClipboard                                              7E380265 5 Bytes  JMP 003C00B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!OpenClipboard                                                7E380277 5 Bytes  JMP 003C0070
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardViewer                                          7E380473 5 Bytes  JMP 003C04B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!ChangeClipboardChain                                        7E380487 5 Bytes  JMP 003C0430
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EmptyClipboard                                              7E380D96 5 Bytes  JMP 003C0130
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardOwner                                            7E380DA8 5 Bytes  JMP 003C0370
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardData                                            7E380DBA 5 Bytes  JMP 003C0030
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!SetClipboardData                                            7E380F9E 5 Bytes  JMP 003C0170
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameA                                      7E381290 5 Bytes  JMP 003C0270
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!CountClipboardFormats                                        7E38167F 5 Bytes  JMP 003C01F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetOpenClipboardWindow                                      7E381691 5 Bytes  JMP 003C03F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!EnumClipboardFormats                                        7E38E53D 5 Bytes  JMP 003C01B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardFormatNameW                                      7E3A957F 5 Bytes  JMP 003C0230
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer                                          7E3BCB94 3 Bytes  JMP 003C0470
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetClipboardViewer + 4                                      7E3BCB98 1 Byte  [82]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat                                  7E3BCC96 3 Bytes  JMP 003C03B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] USER32.dll!GetPriorityClipboardFormat + 4                              7E3BCC9A 1 Byte  [82]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetDeviceCaps                                                77EF5A71 5 Bytes  JMP 003D0370
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectObject                                                  77EF5B70 5 Bytes  JMP 003D05B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextColor                                                  77EF5D77 5 Bytes  JMP 003D0970
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetBkMode                                                    77EF5EDB 5 Bytes  JMP 003D0830
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!IntersectClipRect                                            77EF6A56 5 Bytes  JMP 003D03B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetClipBox                                                    77EF6AA1 5 Bytes  JMP 003D0330
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteObject                                                  77EF6BFA 5 Bytes  JMP 003D01B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!DeleteDC                                                      77EF6E5F 5 Bytes  JMP 003D0170
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtSelectClipRgn                                              77EF7874 5 Bytes  JMP 003D02F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipRgn                                                77EF7AA0 5 Bytes  JMP 003D0570
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsW                                              77EF7DB9 5 Bytes  JMP 003D0D30
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutW                                                  77EF8086 5 Bytes  JMP 003D08B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetStretchBltMode                                            77EF8597 5 Bytes  JMP 003D05F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RestoreDC                                                    77EF8B28 5 Bytes  JMP 003D04F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SaveDC                                                        77EF8BEE 5 Bytes  JMP 003D0530
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetTextAlign                                                  77EF8C8B 5 Bytes  JMP 003D0930
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!MoveToEx                                                      77EFA21A 5 Bytes  JMP 003D0430
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceW                                                  77EFA5CB 5 Bytes  JMP 003D0C70
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits                                                77EFB0AE 2 Bytes  JMP 003D06B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StretchDIBits + 3                                            77EFB0B1 2 Bytes  [4D, 88]
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetWorldTransform                                            77EFB457 5 Bytes  JMP 003D0630
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCA                                                    77EFB7D2 5 Bytes  JMP 003D00B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateDCW                                                    77EFBE38 5 Bytes  JMP 003D00F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtEscape                                                    77EFC3CC 5 Bytes  JMP 003D02B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ExtTextOutA                                                  77EFD3FA 5 Bytes  JMP 003D0870
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!LineTo                                                        77EFD997 5 Bytes  JMP 003D03F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextMetricsA                                              77EFDF45 5 Bytes  JMP 003D0CF0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetICMMode                                                    77EFE868 5 Bytes  JMP 003D0CB0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Rectangle                                                    77EFE9BE 5 Bytes  JMP 003D08F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetFontData                                                  77EFF314 5 Bytes  JMP 003D0BB0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetTextFaceA                                                  77EFF365 5 Bytes  JMP 003D0C30
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetPolyFillMode                                              77F00817 5 Bytes  JMP 003D0A70
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SetMiterLimit                                                77F00E8E 5 Bytes  JMP 003D0AB0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!Escape                                                        77F06F5A 5 Bytes  JMP 003D0270
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!ResetDCW                                                      77F0B9AF 5 Bytes  JMP 003D09F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateICW                                                    77F0C813 5 Bytes  JMP 003D0130
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!BeginPath                                                    77F0D4B0 5 Bytes  JMP 003D0770
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPath                                                      77F0D530 5 Bytes  JMP 003D09B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!SelectClipPath                                                77F0D5B7 5 Bytes  JMP 003D0A30
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndPage                                                      77F0DC61 5 Bytes  JMP 003D0230
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!EndDoc                                                        77F0DEF1 5 Bytes  JMP 003D01F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyBezierTo                                                  77F0EBD1 5 Bytes  JMP 003D0470
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolylineTo                                                    77F0EC7E 5 Bytes  JMP 003D04B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CloseFigure                                                  77F0ED1A 5 Bytes  JMP 003D0070
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartPage                                                    77F0F49E 5 Bytes  JMP 003D0670
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!RemoveFontResourceW                                          77F1D07C 5 Bytes  JMP 003D0B70
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!GetGlyphOutlineW                                              77F1E6D1 5 Bytes  JMP 003D0BF0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AddFontResourceW                                              77F1FFAB 5 Bytes  JMP 003D0B30
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!CreateScalableFontResourceW                                  77F20160 5 Bytes  JMP 003D0AF0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!AbortDoc                                                      77F24CD2 5 Bytes  JMP 003D0030
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StartDocW                                                    77F25962 5 Bytes  JMP 003D0730
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!StrokePath                                                    77F260B7 5 Bytes  JMP 003D06F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!FillPath                                                      77F26144 5 Bytes  JMP 003D07B0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] GDI32.dll!PolyDraw                                                      77F2667B 5 Bytes  JMP 003D07F0
.text          C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] ole32.dll!OleSetClipboard                                              77517808 5 Bytes  JMP 003F0030

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]            002D0110
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptReleaseContext]      003E0090
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!CryptAcquireContextW]    003E0050
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptAcquireContextW]  003E0050
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptGenRandom]        003E01D0
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!CryptReleaseContext]  003E0090
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptAcquireContextW]  003E0050
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptGenRandom]        003E01D0
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CryptReleaseContext]    003E0090
IAT            C:\Programme\Adobe\Reader 10.0\Reader\AcroRd32.exe[2400] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!MoveFileExW]            002D0110

---- Devices - GMER 1.0.15 ----

Device                                                                                                                                          Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                        ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                        ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)

Device                                                                                                                                          pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                        SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                        ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                      SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                      ewfiltertdidriver.sys (TDI Filter Driver/Huawei Technologies Co., Ltd.)

Device                                                                                                                                          mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device                                                                                                                                          A6147D20

AttachedDevice                                                                                                                                  fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device                                                                                                                                          Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device                                                                                                                                          DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

3) Osam-Log:

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:39:17 on 23.03.2012

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.24

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"PCDoctorBackgroundMonitorTask.job" - "PC-Doctor, Inc." - C:\Programme\PCDR5\pcdr5cuiw32.exe
"PMTask.job" - ? - C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE  (File found, but it contains no detailed information)
"Symantec NetDetect.job" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\NDETECT.EXE

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"btcpl.cpl" - "Broadcom Corporation." - C:\WINDOWS\system32\btcpl.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\WINDOWS\system32\ISUSPM.cpl
"javacpl.cpl" - "Oracle Corporation" - C:\WINDOWS\system32\javacpl.cpl
"PWMCPl.cpl" - "Lenovo Group Limited" - C:\WINDOWS\system32\PWMCPl.cpl
"tp4ex.cpl" - "IBM Corporation" - C:\WINDOWS\system32\tp4ex.cpl
"TP98.CPL" - "Lenovo Group Limited" - C:\WINDOWS\system32\TP98.CPL
"TpShCPL.cpl" - "Lenovo." - C:\WINDOWS\system32\TpShCPL.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"ProtectorSuiteInfoPanel" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\infopnl.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl
"SMAX4CP" - "Analog Devices, Inc." - C:\Programme\Analog Devices\SoundMAX\SMax4.cpl
"SYMLIVE" - "Symantec Corporation" - C:\Programme\Symantec\LiveUpdate\S32LUCP1.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AEGIS Protocol (IEEE 802.1x) v3.5.3.0" (AegisP) - "Meetinghouse Data Communications" - C:\WINDOWS\System32\DRIVERS\AegisP.sys
"ANC" (ANC) - "IBM Corp." - C:\WINDOWS\System32\drivers\ANC.SYS
"APS Digitizer Activity Monitor" (TPDIGIMN) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
"BHDrvx86" (BHDrvx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx86.sys
"Bluetooth-Bus-Enumerator" (BTKRNL) - "Broadcom Corporation." - C:\WINDOWS\System32\DRIVERS\btkrnl.sys
"catchme" (catchme) - ? - C:\DOKUME~1\leno\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"DLABOIOM" (DLABOIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLACDBHM.SYS
"DLADResN" (DLADResN) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLADResN.SYS
"DLAIFS_M" (DLAIFS_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAPoolM.SYS
"DLARTL_N" (DLARTL_N) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DLARTL_N.SYS
"DLAUDFAM" (DLAUDFAM) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLAUDF_M.SYS
"DozeHDD" (DozeHDD) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\DozeHDD.sys
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\DRVNDDM.SYS
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"filtertdidriver" (filtertdidriver) - "Huawei Technologies Co., Ltd." - C:\WINDOWS\System32\drivers\ewfiltertdidriver.sys
"IBM eGatherer" (EGATHDRV) - "IBM Corporation" - C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
"IBMTPCHK" (IBMTPCHK) - ? - C:\WINDOWS\system32\Drivers\IBMBLDID.sys  (File found, but it contains no detailed information)
"IDSxpx86" (IDSxpx86) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120322.002\IDSxpx86.sys
"IPS-Helper-Treiber" (PROCDD) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\PROCDD.SYS
"IVI ASPI Shell" (Iviaspi) - "InterVideo, Inc." - C:\WINDOWS\System32\drivers\iviaspi.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"Lenovo System Interface Driver" (lenovo.smi) - "Lenovo Group Limited" - C:\WINDOWS\System32\DRIVERS\smiif32.sys
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVENG.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120322.019\NAVEX15.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\ccSetx86.sys
"PCASp50 NDIS Protocol Driver" (PCASp50) - ? - C:\WINDOWS\System32\drivers\PCASp50.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pmem" (pmem) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\pmemnt.sys
"PrivateDisk" (PrivateDisk) - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\PrivateDiskM.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS\System32\Drivers\PxHelp20.sys
"Shockprf" (Shockprf) - "Lenovo." - C:\WINDOWS\System32\DRIVERS\Apsx86.sys
"Smapint" (Smapint) - "Microsoft Corporation" - C:\WINDOWS\System32\drivers\Smapint.sys
"SMI Helper Driver (smihlp2)" (smihlp2) - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys
"smi2" (smi2) - "IBM Corp." - C:\Programme\SMI2\smi2.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMDS.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\WINDOWS\System32\drivers\NIS\1306010.008\SYMEFA.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\Ironx86.SYS
"Symantec Network Dispatch Driver" (SYMTDI) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SYMTDI.SYS
"Symantec Real Time Storage Protection" (SRTSP) - "Symantec Corporation" - C:\WINDOWS\System32\Drivers\NIS\1306010.008\SRTSP.SYS
"Symantec Real Time Storage Protection (PEL)" (SRTSPX) - "Symantec Corporation" - C:\WINDOWS\system32\drivers\NIS\1306010.008\SRTSPX.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
"TDSMAPI" (TDSMAPI) - ? - C:\WINDOWS\System32\drivers\TDSMAPI.SYS  (File found, but it contains no detailed information)
"TPPWRIF" (TPPWRIF) - "Lenovo Group Limited" - C:\WINDOWS\System32\drivers\Tppwrif.sys
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"WIDCOMM USB Bluetooth Driver" (BTWUSB) - "Broadcom Corporation." - C:\WINDOWS\System32\Drivers\btwusb.sys
"WLAN Transport" (s24trans) - "Intel Corporation" - C:\WINDOWS\System32\DRIVERS\s24trans.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807553E5-5146-11D5-A672-00B0D022E945} "text/xml" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{6af09ec9-b429-11d4-a1fb-0090960218cb} "Bluetooth-Umgebung" - "Broadcom Corporation." - C:\WINDOWS\system32\btneighborhood.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? -  (File not found | COM-object registry key not found)
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\OFFICE11\msohev.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Programme\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{F6A51CCC-6AA6-46ad-B726-97466F0A38BF} "SafeGuard® PrivateDisk extension" - "Utimaco Safeware AG" - C:\Programme\Lenovo\SafeGuard PrivateDisk\pdshell.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -  (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
<binary data> "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} "Java Plug-in 1.5.0_06" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_06\bin\npjpi150_06.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\npjpi170_02.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_02" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\ssv.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@btrez.dll,-4015" - ? - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm
{0FE81B52-73FA-425F-8F06-3F32451AC73F} "ClsidExtension" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Intelligente Auswahl" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Recherchieren" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{F040E541-A427-4CF7-85D8-75E3E0F476C5} "CPwmIEBrowserHelper Object" - "Lenovo Group Limited" - C:\Programme\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
{5CA3D70E-1895-11CF-8E15-001234567890} "DriveLetterAccess" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Programme\Java\jre7\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\IPS\IPSBHO.DLL

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\leno\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ACWLIcon" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACWLIcon.exe
"AwaySch" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwaySch.EXE
"BLOG" - ? - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog  (File found, but it contains no detailed information)
"cssauth" - "Lenovo Group Limited" - "C:\Programme\Lenovo\Client Security Solution\cssauth.exe" silent
"DataCardMonitor" - "Huawei Technologies Co., Ltd." - C:\Programme\Huawei Modems\DataCardMonitor.exe
"DLA" - "Sonic Solutions" - C:\WINDOWS\System32\DLA\DLACTRLW.EXE
"ISUSPM Startup" - "InstallShield Software Corporation" - C:\PROGRA~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler" - "InstallShield Software Corporation" - "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start
"LenovoAutoScrollUtility" - "Lenovo Group Limited" - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
"LPMailChecker" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMLCHK.exe
"LPManager" - "Lenovo Group Limited" - C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDService.exe" - "Utimaco Safeware AG" - "C:\Programme\Lenovo\SafeGuard PrivateDisk\pdservice.exe"
"PWRMGRTR" - "Lenovo Group Limited" - rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
"TP4EX" - "Lenovo Group Limited" - tp4ex.exe
"TPKMAPHELPER" - "Lenovo" - C:\Programme\ThinkPad\Utilities\TpKmapAp.exe -helper
"TpShocks" - "Lenovo." - TpShocks.exe
"TVT Scheduler Proxy" - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Bluetooth-Druckeranschluss" - "Broadcom Corporation." - C:\WINDOWS\system32\bthcrp.dll
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\mdimon.dll
"PDFCreator" - ? - C:\WINDOWS\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Ac Profile Manager Service" (AcPrfMgrSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
"Access Connections Main Service" (AcSvc) - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe
"Anzeige am Bildschirm" (TPHKSVC) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKSVC.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
"Cisco EnergyWise Enabler" (PwmEWSvc) - "Lenovo Group Limited" - C:\Programme\ThinkPad\Utilities\PWMEWSVC.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"IBM KCU Service" (TpKmpSVC) - ? - C:\WINDOWS\system32\TpKmpSVC.exe  (File found, but it contains no detailed information)
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
"Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel Corporation" - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
"Intel(R) PROSet/Wireless Service" (S24EventMonitor) - "Intel Corporation " - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
"IPS-Basisservice" (IPSSVC) - "Lenovo Group Limited" - C:\WINDOWS\system32\IPSSVC.EXE
"IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Lenovo Doze Mode Service" (DozeSvc) - "Lenovo." - C:\Programme\ThinkPad\Utilities\DOZESVC.EXE
"Lenovo Hotkey Client Loader" (TPHKLOAD) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\TPHKLOAD.exe
"Lenovo Microphone Mute" (LENOVO.MICMUTE) - "Lenovo Group Limited" - C:\Programme\LENOVO\HOTKEY\MICMUTE.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Programme\Norton Internet Security\Engine\19.6.1.8\ccSvcHst.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"Power Manager DBC Service" (Power Manager DBC Service) - ? - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe
"System Update" (SUService) - "Lenovo Group Limited" - c:\programme\lenovo\system update\suservice.exe
"ThinkPad HDD APS Logging Service" (TPHDEXLGSVC) - "Lenovo." - C:\WINDOWS\System32\TPHDEXLG.exe
"ThinkVantage Registry Monitor Service" (ThinkVantage Registry Monitor Service) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
"TSS Core Service" (TSSCoreService) - "IBM" - C:\Programme\Lenovo\Client Security Solution\tvttcsd.exe
"TVT Scheduler" (TVT Scheduler) - "Lenovo Group Limited" - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"ACNotify" - "Lenovo " - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll
"AwayNotify" - "Lenovo Group Limited" - C:\Programme\Lenovo\AwayTask\AwayNotify.dll
"psfus" - "UPEK Inc." - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

4) aswMBR-Log:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-23 21:44:19
-----------------------------
21:44:19.843    OS Version: Windows 5.1.2600 Service Pack 3
21:44:19.843    Number of processors: 2 586 0xE0C
21:44:19.843    ComputerName: LENOVO-C395390B  UserName: leno
21:44:22.406    Initialize success
21:59:50.013    AVAST engine defs: 12032301
22:00:32.703    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:00:32.703    Disk 0 Vendor: HITACHI_HTS541680J9SA00 SB2IC7JP Size: 76319MB BusType: 3
22:00:32.735    Disk 0 MBR read successfully
22:00:32.735    Disk 0 MBR scan
22:00:32.844    Disk 0 unknown MBR code
22:00:32.844    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        72070 MB offset 63
22:00:32.891    Disk 0 Partition 2 00    12  Compaq diag MSDOS5.0    4245 MB offset 147601440
22:00:32.907    Disk 0 scanning sectors +156295440
22:00:33.047    Disk 0 scanning C:\WINDOWS\system32\drivers
22:01:28.453    Service scanning
22:02:54.344    Modules scanning
22:03:19.610    Module: C:\WINDOWS\System32\DLA\DLADResN.SYS  **SUSPICIOUS**
22:03:25.844    Disk 0 trace - called modules:
22:03:25.860    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:03:25.860    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8acfaab8]
22:03:25.860    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000009a[0x8ac48140]
22:03:25.875    5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8ac47940]
22:03:27.578    AVAST engine scan C:\WINDOWS
22:03:46.860    AVAST engine scan C:\WINDOWS\system32
22:17:19.313    AVAST engine scan C:\WINDOWS\system32\drivers
22:18:21.328    AVAST engine scan C:\Dokumente und Einstellungen\leno
22:34:52.500    AVAST engine scan C:\Dokumente und Einstellungen\All Users
22:35:54.672    Scan finished successfully
22:49:50.016    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\MBR.dat"
22:49:50.016    The log file has been saved successfully to "C:\Dokumente und Einstellungen\leno\Desktop\aswMBR-23032012.txt"

cosinus 25.03.2012 14:19
Zitat:
1 Datei
c:\system volume information\_restore{b991f27a-883f-42a9-a172-eaab1d37fffa}\rp149\a0020067.exe - Ausgeschlossen
1 Browser-Cache
In System Volume Information sind die Dateien für Wiederherstellungspunkte gespeichert.

Deaktiviere die Systemwiederherstellung, im Verlauf der Infektion wurden auch Malwaredateien in Wiederherstellungspunkten mitgesichert - die sind alle nun unbrauchbar, da ein Zurücksetzen des Systems durch einen Wiederherstellungspunkt wahrscheinlich wieder eine Infektion nach sich ziehen würde.


Zitat:
22:00:32.844 Disk 0 unknown MBR code
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27