| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GEMA TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.12.2011, 21:09
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  GEMA Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.12.2011, 14:51
| #17 |
 | GEMA Trojaner Der Scanner hat was böses gefunden. Habe aber auch hierfür zunächst "skip" eingestellt. Logdatei sieht wie folgt aus:
__________________Code:
ATTFilter 14:44:36.0755 2688 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
14:44:36.0896 2688 ============================================================
14:44:36.0896 2688 Current date / time: 2011/12/16 14:44:36.0896
14:44:36.0896 2688 SystemInfo:
14:44:36.0896 2688
14:44:36.0896 2688 OS Version: 5.1.2600 ServicePack: 2.0
14:44:36.0896 2688 Product type: Workstation
14:44:36.0896 2688 ComputerName: JULIA
14:44:36.0896 2688 UserName: juli
14:44:36.0896 2688 Windows directory: C:\WINDOWS
14:44:36.0896 2688 System windows directory: C:\WINDOWS
14:44:36.0896 2688 Processor architecture: Intel x86
14:44:36.0896 2688 Number of processors: 1
14:44:36.0896 2688 Page size: 0x1000
14:44:36.0896 2688 Boot type: Normal boot
14:44:36.0896 2688 ============================================================
14:44:37.0318 2688 Initialize success
14:45:31.0615 1864 ============================================================
14:45:31.0615 1864 Scan started
14:45:31.0615 1864 Mode: Manual; SigCheck; TDLFS;
14:45:31.0615 1864 ============================================================
14:45:31.0912 1864 Abiosdsk - ok
14:45:31.0943 1864 abp480n5 - ok
14:45:32.0052 1864 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys
14:45:32.0990 1864 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
14:45:32.0990 1864 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
14:45:33.0052 1864 acedrv09 (bd4e8c841716d5f2804ce000cfe61524) C:\WINDOWS\system32\drivers\acedrv09.sys
14:45:48.0130 1864 acedrv09 - ok
14:45:48.0224 1864 acehlp09 (7b19e528f2f40524e2c40f754a571eb8) C:\WINDOWS\system32\drivers\acehlp09.sys
14:45:48.0255 1864 acehlp09 - ok
14:45:48.0349 1864 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:45:49.0708 1864 ACPI - ok
14:45:49.0865 1864 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:45:50.0037 1864 ACPIEC - ok
14:45:50.0052 1864 adpu160m - ok
14:45:50.0130 1864 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:45:50.0490 1864 aec - ok
14:45:50.0537 1864 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:45:50.0615 1864 AFD - ok
14:45:50.0630 1864 Aha154x - ok
14:45:50.0646 1864 aic78u2 - ok
14:45:50.0662 1864 aic78xx - ok
14:45:50.0677 1864 AliIde - ok
14:45:50.0740 1864 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:45:50.0802 1864 AmdK8 - ok
14:45:50.0818 1864 amsint - ok
14:45:50.0880 1864 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:45:51.0037 1864 Arp1394 - ok
14:45:51.0052 1864 asc - ok
14:45:51.0068 1864 asc3350p - ok
14:45:51.0083 1864 asc3550 - ok
14:45:51.0130 1864 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:45:51.0302 1864 AsyncMac - ok
14:45:51.0318 1864 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:45:51.0474 1864 atapi - ok
14:45:51.0490 1864 Atdisk - ok
14:45:51.0521 1864 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:45:51.0662 1864 Atmarpc - ok
14:45:51.0724 1864 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:45:51.0849 1864 audstub - ok
14:45:51.0912 1864 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:45:52.0068 1864 Beep - ok
14:45:52.0115 1864 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:45:52.0287 1864 cbidf2k - ok
14:45:52.0333 1864 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:45:52.0490 1864 CCDECODE - ok
14:45:52.0505 1864 cd20xrnt - ok
14:45:52.0537 1864 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:45:52.0677 1864 Cdaudio - ok
14:45:52.0693 1864 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:45:52.0880 1864 Cdfs - ok
14:45:52.0927 1864 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:45:53.0052 1864 Cdrom - ok
14:45:53.0068 1864 Changer - ok
14:45:53.0146 1864 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:45:53.0302 1864 CmBatt - ok
14:45:53.0318 1864 CmdIde - ok
14:45:53.0333 1864 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:45:53.0474 1864 Compbatt - ok
14:45:53.0505 1864 Cpqarray - ok
14:45:53.0521 1864 dac2w2k - ok
14:45:53.0537 1864 dac960nt - ok
14:45:53.0552 1864 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:45:53.0662 1864 Disk - ok
14:45:53.0724 1864 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
14:45:53.0896 1864 dmboot - ok
14:45:53.0927 1864 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
14:45:54.0037 1864 dmio - ok
14:45:54.0068 1864 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:45:54.0224 1864 dmload - ok
14:45:54.0287 1864 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:45:54.0412 1864 DMusic - ok
14:45:54.0427 1864 dpti2o - ok
14:45:54.0458 1864 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:45:54.0583 1864 drmkaud - ok
14:45:54.0615 1864 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:45:54.0802 1864 Fastfat - ok
14:45:54.0849 1864 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
14:45:55.0005 1864 Fdc - ok
14:45:55.0037 1864 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
14:45:55.0177 1864 Fips - ok
14:45:55.0208 1864 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:45:55.0349 1864 Flpydisk - ok
14:45:55.0380 1864 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:45:55.0740 1864 FltMgr - ok
14:45:55.0771 1864 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:45:55.0896 1864 Fs_Rec - ok
14:45:55.0912 1864 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:45:56.0021 1864 Ftdisk - ok
14:45:56.0052 1864 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:45:56.0162 1864 Gpc - ok
14:45:56.0224 1864 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:45:56.0287 1864 HDAudBus - ok
14:45:56.0349 1864 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:45:56.0490 1864 HidUsb - ok
14:45:56.0537 1864 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
14:45:56.0552 1864 Hotkey ( UnsignedFile.Multi.Generic ) - warning
14:45:56.0552 1864 Hotkey - detected UnsignedFile.Multi.Generic (1)
14:45:56.0568 1864 hpn - ok
14:45:56.0630 1864 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:45:56.0677 1864 HTTP - ok
14:45:56.0708 1864 i2omgmt - ok
14:45:56.0708 1864 i2omp - ok
14:45:56.0771 1864 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:45:56.0927 1864 i8042prt - ok
14:45:56.0958 1864 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:45:57.0068 1864 Imapi - ok
14:45:57.0099 1864 ini910u - ok
14:45:57.0302 1864 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:45:57.0537 1864 IntcAzAudAddService - ok
14:45:57.0630 1864 IntelIde - ok
14:45:57.0693 1864 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:45:57.0833 1864 Ip6Fw - ok
14:45:57.0880 1864 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:45:58.0037 1864 IpFilterDriver - ok
14:45:58.0052 1864 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:45:58.0193 1864 IpInIp - ok
14:45:58.0255 1864 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:45:58.0693 1864 IpNat - ok
14:45:58.0755 1864 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:45:58.0880 1864 IPSec - ok
14:45:58.0912 1864 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:45:58.0990 1864 IRENUM - ok
14:45:59.0021 1864 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:45:59.0146 1864 isapnp - ok
14:45:59.0208 1864 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:45:59.0318 1864 Kbdclass - ok
14:45:59.0380 1864 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:45:59.0537 1864 kbdhid - ok
14:45:59.0599 1864 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:46:00.0037 1864 kmixer - ok
14:46:00.0068 1864 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:46:00.0146 1864 KSecDD - ok
14:46:00.0162 1864 lbrtfdc - ok
14:46:00.0255 1864 LVMST (0c944e4f596780f7cd26686e577ef606) C:\WINDOWS\system32\DRIVERS\LVMST.sys
14:46:00.0365 1864 LVMST - ok
14:46:00.0380 1864 mailKmd - ok
14:46:00.0412 1864 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:46:00.0412 1864 MBAMProtector - ok
14:46:00.0443 1864 MBAMSwissArmy - ok
14:46:00.0490 1864 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
14:46:00.0568 1864 MHNDRV - ok
14:46:00.0615 1864 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:46:00.0755 1864 mnmdd - ok
14:46:00.0802 1864 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
14:46:00.0958 1864 Modem - ok
14:46:01.0021 1864 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:46:01.0162 1864 Mouclass - ok
14:46:01.0208 1864 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:46:01.0333 1864 mouhid - ok
14:46:01.0396 1864 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:46:01.0537 1864 MountMgr - ok
14:46:01.0583 1864 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:46:01.0708 1864 MPE - ok
14:46:01.0724 1864 mraid35x - ok
14:46:01.0771 1864 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:46:01.0896 1864 MRxDAV - ok
14:46:01.0943 1864 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:46:02.0021 1864 MRxSmb - ok
14:46:02.0037 1864 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:46:02.0162 1864 Msfs - ok
14:46:02.0208 1864 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:46:02.0365 1864 MSKSSRV - ok
14:46:02.0396 1864 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:46:02.0552 1864 MSPCLOCK - ok
14:46:02.0568 1864 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:46:02.0693 1864 MSPQM - ok
14:46:02.0740 1864 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:46:02.0880 1864 mssmbios - ok
14:46:02.0927 1864 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:46:03.0068 1864 MSTEE - ok
14:46:03.0083 1864 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:46:03.0224 1864 Mup - ok
14:46:03.0271 1864 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:46:03.0396 1864 NABTSFEC - ok
14:46:03.0412 1864 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:46:03.0537 1864 NDIS - ok
14:46:03.0583 1864 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:46:03.0677 1864 NdisIP - ok
14:46:03.0724 1864 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:46:03.0849 1864 NdisTapi - ok
14:46:03.0896 1864 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:46:04.0365 1864 Ndisuio - ok
14:46:04.0380 1864 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:46:04.0490 1864 NdisWan - ok
14:46:04.0505 1864 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:46:04.0630 1864 NDProxy - ok
14:46:04.0646 1864 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:46:04.0771 1864 NetBIOS - ok
14:46:04.0818 1864 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:46:04.0927 1864 NetBT - ok
14:46:05.0005 1864 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:46:05.0115 1864 NIC1394 - ok
14:46:05.0130 1864 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:46:05.0240 1864 Npfs - ok
14:46:05.0287 1864 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
14:46:05.0443 1864 Ntfs - ok
14:46:05.0490 1864 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:46:05.0615 1864 Null - ok
14:46:05.0802 1864 nv (3f539f457764d0989081d6d9aaabeb71) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:46:06.0021 1864 nv - ok
14:46:06.0130 1864 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
14:46:06.0193 1864 nvata - ok
14:46:06.0255 1864 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:46:06.0333 1864 NVENETFD - ok
14:46:06.0380 1864 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:46:06.0427 1864 nvnetbus - ok
14:46:06.0443 1864 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
14:46:06.0505 1864 nvsmu - ok
14:46:06.0552 1864 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:46:06.0818 1864 NwlnkFlt - ok
14:46:06.0833 1864 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:46:06.0958 1864 NwlnkFwd - ok
14:46:06.0990 1864 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:46:07.0115 1864 ohci1394 - ok
14:46:07.0177 1864 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
14:46:07.0302 1864 Parport - ok
14:46:07.0302 1864 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:46:07.0427 1864 PartMgr - ok
14:46:07.0474 1864 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:46:07.0615 1864 ParVdm - ok
14:46:07.0662 1864 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
14:46:07.0802 1864 PCI - ok
14:46:07.0818 1864 PCIDump - ok
14:46:07.0849 1864 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:46:07.0990 1864 PCIIde - ok
14:46:08.0037 1864 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:46:08.0162 1864 Pcmcia - ok
14:46:08.0177 1864 PDCOMP - ok
14:46:08.0193 1864 PDFRAME - ok
14:46:08.0208 1864 PDRELI - ok
14:46:08.0224 1864 PDRFRAME - ok
14:46:08.0240 1864 perc2 - ok
14:46:08.0255 1864 perc2hib - ok
14:46:08.0318 1864 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:08.0443 1864 PptpMiniport - ok
14:46:08.0505 1864 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
14:46:08.0630 1864 Processor - ok
14:46:08.0646 1864 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:08.0771 1864 PSched - ok
14:46:08.0771 1864 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:08.0896 1864 Ptilink - ok
14:46:08.0943 1864 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:46:08.0958 1864 PxHelp20 - ok
14:46:08.0958 1864 ql1080 - ok
14:46:08.0974 1864 Ql10wnt - ok
14:46:08.0990 1864 ql12160 - ok
14:46:09.0005 1864 ql1240 - ok
14:46:09.0021 1864 ql1280 - ok
14:46:09.0068 1864 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:09.0177 1864 RasAcd - ok
14:46:09.0208 1864 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:09.0333 1864 Rasl2tp - ok
14:46:09.0349 1864 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:09.0490 1864 RasPppoe - ok
14:46:09.0505 1864 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:09.0630 1864 Raspti - ok
14:46:09.0677 1864 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:46:10.0162 1864 Rdbss - ok
14:46:10.0208 1864 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:10.0333 1864 RDPCDD - ok
14:46:10.0396 1864 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:46:10.0521 1864 rdpdr - ok
14:46:10.0583 1864 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:10.0990 1864 RDPWD - ok
14:46:11.0052 1864 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:11.0177 1864 redbook - ok
14:46:11.0224 1864 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
14:46:11.0287 1864 rimmptsk - ok
14:46:11.0318 1864 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
14:46:11.0380 1864 rimsptsk - ok
14:46:11.0443 1864 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
14:46:11.0505 1864 rismxdp - ok
14:46:11.0568 1864 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:46:11.0708 1864 sdbus - ok
14:46:11.0740 1864 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:11.0818 1864 Secdrv - ok
14:46:11.0880 1864 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
14:46:12.0005 1864 Serial - ok
14:46:12.0052 1864 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
14:46:12.0177 1864 sffdisk - ok
14:46:12.0193 1864 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
14:46:12.0349 1864 sffp_sd - ok
14:46:12.0380 1864 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:46:12.0505 1864 Sfloppy - ok
14:46:12.0537 1864 Simbad - ok
14:46:12.0583 1864 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:46:12.0708 1864 SLIP - ok
14:46:12.0771 1864 smserial (05fe55f1a7ebb00b6288f078912e9603) C:\WINDOWS\system32\DRIVERS\smserial.sys
14:46:12.0896 1864 smserial - ok
14:46:12.0927 1864 Sparrow - ok
14:46:12.0974 1864 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:46:13.0427 1864 splitter - ok
14:46:13.0490 1864 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
14:46:13.0552 1864 sr - ok
14:46:13.0615 1864 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:46:13.0693 1864 Srv - ok
14:46:13.0724 1864 SSHDRV82 (d8c69b05dbad47479f9f344b117abf4f) C:\WINDOWS\system32\drivers\SSHDRV82.sys
14:46:13.0740 1864 SSHDRV82 ( UnsignedFile.Multi.Generic ) - warning
14:46:13.0740 1864 SSHDRV82 - detected UnsignedFile.Multi.Generic (1)
14:46:13.0787 1864 SSHDRV86 (f7f529976b672a38800d26e713f8ff18) C:\WINDOWS\system32\drivers\SSHDRV86.sys
14:46:13.0787 1864 Suspicious file (Forged): C:\WINDOWS\system32\drivers\SSHDRV86.sys. Real md5: f7f529976b672a38800d26e713f8ff18, Fake md5: b9e31f2a3640403b0ea3a867bb73b9f4
14:46:13.0787 1864 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - infected
14:46:13.0787 1864 SSHDRV86 - detected Rootkit.Win32.ZAccess.aml (0)
14:46:13.0802 1864 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:46:13.0927 1864 streamip - ok
14:46:13.0958 1864 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:46:14.0099 1864 swenum - ok
14:46:14.0162 1864 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:46:14.0318 1864 swmidi - ok
14:46:14.0333 1864 symc810 - ok
14:46:14.0349 1864 symc8xx - ok
14:46:14.0365 1864 sym_hi - ok
14:46:14.0380 1864 sym_u3 - ok
14:46:14.0443 1864 SynTP (60b421663910fbb3c9b350b7efa75a68) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:46:14.0505 1864 SynTP - ok
14:46:14.0568 1864 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:46:14.0708 1864 sysaudio - ok
14:46:14.0771 1864 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:46:14.0833 1864 Tcpip - ok
14:46:14.0896 1864 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:46:15.0021 1864 TDPIPE - ok
14:46:15.0037 1864 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:46:15.0177 1864 TDTCP - ok
14:46:15.0240 1864 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:46:15.0365 1864 TermDD - ok
14:46:15.0380 1864 TosIde - ok
14:46:15.0458 1864 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:46:15.0583 1864 Udfs - ok
14:46:15.0599 1864 ultra - ok
14:46:15.0662 1864 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
14:46:16.0193 1864 Update - ok
14:46:16.0240 1864 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:46:16.0365 1864 usbccgp - ok
14:46:16.0427 1864 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:16.0552 1864 usbehci - ok
14:46:16.0583 1864 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:16.0693 1864 usbhub - ok
14:46:16.0740 1864 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:46:16.0865 1864 usbohci - ok
14:46:16.0912 1864 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:46:17.0052 1864 usbprint - ok
14:46:17.0099 1864 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:17.0224 1864 usbscan - ok
14:46:17.0318 1864 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:17.0458 1864 USBSTOR - ok
14:46:17.0521 1864 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:46:17.0662 1864 VgaSave - ok
14:46:17.0662 1864 ViaIde - ok
14:46:17.0724 1864 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:17.0880 1864 VolSnap - ok
14:46:17.0927 1864 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:18.0068 1864 Wanarp - ok
14:46:18.0130 1864 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
14:46:18.0177 1864 wanatw - ok
14:46:18.0193 1864 Wbutton - ok
14:46:18.0208 1864 WDICA - ok
14:46:18.0287 1864 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:18.0771 1864 wdmaud - ok
14:46:18.0865 1864 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:46:18.0990 1864 WmiAcpi - ok
14:46:19.0052 1864 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:46:19.0146 1864 WSTCODEC - ok
14:46:19.0224 1864 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
14:46:19.0287 1864 X10Hid - ok
14:46:19.0349 1864 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
14:46:19.0380 1864 XUIF - ok
14:46:19.0443 1864 ZD1211BU(ZyDAS) (77778a5d6d8b0fb3bd89b9f39c72c78d) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
14:46:19.0537 1864 ZD1211BU(ZyDAS) - ok
14:46:19.0552 1864 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
14:46:19.0568 1864 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
14:46:19.0568 1864 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
14:46:19.0599 1864 MBR (0x1B8) (ae330efad318eb44f0142039deeaa8c2) \Device\Harddisk0\DR0
14:46:20.0646 1864 \Device\Harddisk0\DR0 - ok
14:46:20.0662 1864 Boot (0x1200) (f545b97d15dccd300dabff39f40f3a2d) \Device\Harddisk0\DR0\Partition0
14:46:20.0662 1864 \Device\Harddisk0\DR0\Partition0 - ok
14:46:20.0662 1864 Boot (0x1200) (2b6e993ed881da8ea3e19393d5a97888) \Device\Harddisk0\DR0\Partition1
14:46:20.0662 1864 \Device\Harddisk0\DR0\Partition1 - ok
14:46:20.0662 1864 ============================================================
14:46:20.0662 1864 Scan finished
14:46:20.0662 1864 ============================================================
14:46:20.0818 0892 Detected object count: 5
14:46:20.0818 0892 Actual detected object count: 5
14:47:47.0302 0892 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 SSHDRV82 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 SSHDRV82 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:47:47.0318 0892 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - skipped by user
14:47:47.0318 0892 SSHDRV86 ( Rootkit.Win32.ZAccess.aml ) - User select action: Skip
14:47:47.0318 0892 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
14:47:47.0318 0892 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
16.12.2011, 14:53
| #18 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA TrojanerZitat:
Danach Windows neu starten und ein neues Log mit dem TDSS-Killer machen
__________________ |
|
16.12.2011, 16:05
| #19 |
| | GEMA Trojaner Habe die beiden Bösewichte gelöscht. Hier ist das Ergebnis des neuen Scans: Code:
ATTFilter 15:59:37.0602 3544 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
15:59:39.0056 3544 ============================================================
15:59:39.0056 3544 Current date / time: 2011/12/16 15:59:39.0056
15:59:39.0056 3544 SystemInfo:
15:59:39.0056 3544
15:59:39.0087 3544 OS Version: 5.1.2600 ServicePack: 2.0
15:59:39.0087 3544 Product type: Workstation
15:59:39.0087 3544 ComputerName: JULIA
15:59:39.0087 3544 UserName: juli
15:59:39.0118 3544 Windows directory: C:\WINDOWS
15:59:39.0118 3544 System windows directory: C:\WINDOWS
15:59:39.0118 3544 Processor architecture: Intel x86
15:59:39.0118 3544 Number of processors: 1
15:59:39.0118 3544 Page size: 0x1000
15:59:39.0118 3544 Boot type: Normal boot
15:59:39.0149 3544 ============================================================
15:59:41.0415 3544 Initialize success
16:00:06.0290 0488 ============================================================
16:00:06.0290 0488 Scan started
16:00:06.0290 0488 Mode: Manual; SigCheck; TDLFS;
16:00:06.0290 0488 ============================================================
16:00:06.0556 0488 Abiosdsk - ok
16:00:06.0571 0488 abp480n5 - ok
16:00:06.0649 0488 ACEDRV07 (4e5451dd0aec8504d7f8030dd2d4c416) C:\WINDOWS\system32\drivers\ACEDRV07.sys
16:00:07.0165 0488 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
16:00:07.0165 0488 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
16:00:07.0259 0488 acedrv09 (bd4e8c841716d5f2804ce000cfe61524) C:\WINDOWS\system32\drivers\acedrv09.sys
16:00:07.0399 0488 acedrv09 - ok
16:00:07.0462 0488 acehlp09 (7b19e528f2f40524e2c40f754a571eb8) C:\WINDOWS\system32\drivers\acehlp09.sys
16:00:07.0462 0488 acehlp09 - ok
16:00:07.0540 0488 ACPI (94b4741d2cf9ed38140b831293d1601a) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:00:08.0821 0488 ACPI - ok
16:00:08.0977 0488 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
16:00:09.0196 0488 ACPIEC - ok
16:00:09.0212 0488 adpu160m - ok
16:00:09.0259 0488 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
16:00:09.0649 0488 aec - ok
16:00:09.0712 0488 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
16:00:09.0790 0488 AFD - ok
16:00:09.0806 0488 Aha154x - ok
16:00:09.0821 0488 aic78u2 - ok
16:00:09.0837 0488 aic78xx - ok
16:00:09.0852 0488 AliIde - ok
16:00:09.0915 0488 AmdK8 (22ad3ec1f0486c863d70cdd50b97761b) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
16:00:09.0977 0488 AmdK8 - ok
16:00:09.0993 0488 amsint - ok
16:00:10.0056 0488 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
16:00:10.0212 0488 Arp1394 - ok
16:00:10.0212 0488 asc - ok
16:00:10.0227 0488 asc3350p - ok
16:00:10.0243 0488 asc3550 - ok
16:00:10.0290 0488 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:00:10.0446 0488 AsyncMac - ok
16:00:10.0462 0488 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:00:10.0602 0488 atapi - ok
16:00:10.0618 0488 Atdisk - ok
16:00:10.0649 0488 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:00:10.0790 0488 Atmarpc - ok
16:00:10.0852 0488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:00:10.0977 0488 audstub - ok
16:00:11.0024 0488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:00:11.0181 0488 Beep - ok
16:00:11.0227 0488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:00:11.0384 0488 cbidf2k - ok
16:00:11.0446 0488 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
16:00:11.0587 0488 CCDECODE - ok
16:00:11.0602 0488 cd20xrnt - ok
16:00:11.0649 0488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:00:11.0790 0488 Cdaudio - ok
16:00:11.0821 0488 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
16:00:11.0993 0488 Cdfs - ok
16:00:12.0040 0488 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:00:12.0165 0488 Cdrom - ok
16:00:12.0181 0488 Changer - ok
16:00:12.0259 0488 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
16:00:12.0384 0488 CmBatt - ok
16:00:12.0384 0488 CmdIde - ok
16:00:12.0399 0488 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
16:00:12.0540 0488 Compbatt - ok
16:00:12.0571 0488 Cpqarray - ok
16:00:12.0587 0488 dac2w2k - ok
16:00:12.0602 0488 dac960nt - ok
16:00:12.0618 0488 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
16:00:12.0727 0488 Disk - ok
16:00:12.0790 0488 dmboot (5789b83ba87fc84c3568cf86cacef8ce) C:\WINDOWS\system32\drivers\dmboot.sys
16:00:12.0977 0488 dmboot - ok
16:00:13.0009 0488 dmio (084eb0a50a4f7b4705c8a57f234e5291) C:\WINDOWS\system32\drivers\dmio.sys
16:00:13.0118 0488 dmio - ok
16:00:13.0165 0488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:00:13.0321 0488 dmload - ok
16:00:13.0384 0488 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
16:00:13.0524 0488 DMusic - ok
16:00:13.0540 0488 dpti2o - ok
16:00:13.0587 0488 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
16:00:13.0712 0488 drmkaud - ok
16:00:13.0759 0488 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
16:00:13.0899 0488 Fastfat - ok
16:00:13.0946 0488 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
16:00:14.0118 0488 Fdc - ok
16:00:14.0149 0488 Fips (9e9af89f9b14aa6249065c309ce73bd8) C:\WINDOWS\system32\drivers\Fips.sys
16:00:14.0290 0488 Fips - ok
16:00:14.0306 0488 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:00:14.0446 0488 Flpydisk - ok
16:00:14.0462 0488 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:00:14.0852 0488 FltMgr - ok
16:00:14.0899 0488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:00:15.0024 0488 Fs_Rec - ok
16:00:15.0040 0488 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:00:15.0149 0488 Ftdisk - ok
16:00:15.0181 0488 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:00:15.0290 0488 Gpc - ok
16:00:15.0352 0488 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:00:15.0415 0488 HDAudBus - ok
16:00:15.0462 0488 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:00:15.0571 0488 HidUsb - ok
16:00:15.0634 0488 Hotkey (8b566ea71d5b76157a9cdb78f25a5731) C:\WINDOWS\system32\drivers\Hotkey.sys
16:00:15.0649 0488 Hotkey ( UnsignedFile.Multi.Generic ) - warning
16:00:15.0649 0488 Hotkey - detected UnsignedFile.Multi.Generic (1)
16:00:15.0665 0488 hpn - ok
16:00:15.0727 0488 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
16:00:15.0790 0488 HTTP - ok
16:00:15.0806 0488 i2omgmt - ok
16:00:15.0821 0488 i2omp - ok
16:00:15.0899 0488 i8042prt (7c575018d0413440d75432a78b88c899) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:00:16.0040 0488 i8042prt - ok
16:00:16.0087 0488 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:00:16.0212 0488 Imapi - ok
16:00:16.0227 0488 ini910u - ok
16:00:16.0431 0488 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:00:16.0665 0488 IntcAzAudAddService - ok
16:00:16.0712 0488 IntelIde - ok
16:00:16.0774 0488 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:00:16.0899 0488 Ip6Fw - ok
16:00:16.0962 0488 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:00:17.0118 0488 IpFilterDriver - ok
16:00:17.0134 0488 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:00:17.0290 0488 IpInIp - ok
16:00:17.0337 0488 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:00:17.0790 0488 IpNat - ok
16:00:17.0852 0488 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:00:17.0962 0488 IPSec - ok
16:00:18.0009 0488 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:00:18.0071 0488 IRENUM - ok
16:00:18.0118 0488 isapnp (ce9b7afdf0a3d7dd8d1487262316b959) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:00:18.0243 0488 isapnp - ok
16:00:18.0290 0488 Kbdclass (b128fc0a5cd83f669d5de4b58f77c7d6) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:00:18.0415 0488 Kbdclass - ok
16:00:18.0462 0488 kbdhid (7ec877aa899323b92874fe62c7ddcde7) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:00:18.0602 0488 kbdhid - ok
16:00:18.0681 0488 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
16:00:19.0149 0488 kmixer - ok
16:00:19.0181 0488 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
16:00:19.0259 0488 KSecDD - ok
16:00:19.0274 0488 lbrtfdc - ok
16:00:19.0368 0488 LVMST (0c944e4f596780f7cd26686e577ef606) C:\WINDOWS\system32\DRIVERS\LVMST.sys
16:00:19.0462 0488 LVMST - ok
16:00:19.0477 0488 mailKmd - ok
16:00:19.0540 0488 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
16:00:19.0540 0488 MBAMProtector - ok
16:00:19.0556 0488 MBAMSwissArmy - ok
16:00:19.0634 0488 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
16:00:19.0712 0488 MHNDRV - ok
16:00:19.0759 0488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:00:19.0899 0488 mnmdd - ok
16:00:19.0946 0488 Modem (91a3da4b12f6f1d760463a7f7857f748) C:\WINDOWS\system32\drivers\Modem.sys
16:00:20.0102 0488 Modem - ok
16:00:20.0149 0488 Mouclass (71e15ca47fd947552054afb28536268f) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:00:20.0306 0488 Mouclass - ok
16:00:20.0352 0488 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:00:20.0477 0488 mouhid - ok
16:00:20.0509 0488 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
16:00:20.0649 0488 MountMgr - ok
16:00:20.0712 0488 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
16:00:20.0852 0488 MPE - ok
16:00:20.0868 0488 mraid35x - ok
16:00:20.0899 0488 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:00:21.0040 0488 MRxDAV - ok
16:00:21.0118 0488 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:00:21.0212 0488 MRxSmb - ok
16:00:21.0227 0488 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
16:00:21.0368 0488 Msfs - ok
16:00:21.0415 0488 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:00:21.0571 0488 MSKSSRV - ok
16:00:21.0602 0488 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:00:21.0743 0488 MSPCLOCK - ok
16:00:21.0759 0488 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
16:00:21.0884 0488 MSPQM - ok
16:00:21.0946 0488 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:00:22.0071 0488 mssmbios - ok
16:00:22.0118 0488 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
16:00:22.0243 0488 MSTEE - ok
16:00:22.0259 0488 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
16:00:22.0368 0488 Mup - ok
16:00:22.0415 0488 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
16:00:22.0556 0488 NABTSFEC - ok
16:00:22.0602 0488 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
16:00:22.0759 0488 NDIS - ok
16:00:22.0774 0488 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
16:00:22.0899 0488 NdisIP - ok
16:00:22.0946 0488 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:00:23.0056 0488 NdisTapi - ok
16:00:23.0102 0488 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:00:23.0509 0488 Ndisuio - ok
16:00:23.0556 0488 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:00:23.0665 0488 NdisWan - ok
16:00:23.0681 0488 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
16:00:23.0821 0488 NDProxy - ok
16:00:23.0837 0488 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:00:23.0977 0488 NetBIOS - ok
16:00:24.0024 0488 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:00:24.0134 0488 NetBT - ok
16:00:24.0196 0488 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
16:00:24.0306 0488 NIC1394 - ok
16:00:24.0321 0488 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
16:00:24.0431 0488 Npfs - ok
16:00:24.0477 0488 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
16:00:24.0634 0488 Ntfs - ok
16:00:24.0681 0488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:00:24.0821 0488 Null - ok
16:00:25.0009 0488 nv (3f539f457764d0989081d6d9aaabeb71) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:00:25.0259 0488 nv - ok
16:00:25.0415 0488 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys
16:00:25.0477 0488 nvata - ok
16:00:25.0509 0488 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:00:25.0587 0488 NVENETFD - ok
16:00:25.0634 0488 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:00:25.0696 0488 nvnetbus - ok
16:00:25.0712 0488 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
16:00:25.0790 0488 nvsmu - ok
16:00:25.0852 0488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:00:26.0102 0488 NwlnkFlt - ok
16:00:26.0118 0488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:00:26.0243 0488 NwlnkFwd - ok
16:00:26.0274 0488 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
16:00:26.0399 0488 ohci1394 - ok
16:00:26.0446 0488 Parport (b2f17a2edb5450e61973a037f63a595b) C:\WINDOWS\system32\drivers\Parport.sys
16:00:26.0571 0488 Parport - ok
16:00:26.0602 0488 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
16:00:26.0727 0488 PartMgr - ok
16:00:26.0759 0488 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
16:00:26.0899 0488 ParVdm - ok
16:00:26.0946 0488 PCI (6fb463e5b243fbd6f3d3c83f914d94fb) C:\WINDOWS\system32\DRIVERS\pci.sys
16:00:27.0056 0488 PCI - ok
16:00:27.0071 0488 PCIDump - ok
16:00:27.0102 0488 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:00:27.0227 0488 PCIIde - ok
16:00:27.0259 0488 Pcmcia (e2363f4c1daff89abee5f593e13d8a05) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:00:27.0368 0488 Pcmcia - ok
16:00:27.0384 0488 PDCOMP - ok
16:00:27.0399 0488 PDFRAME - ok
16:00:27.0415 0488 PDRELI - ok
16:00:27.0431 0488 PDRFRAME - ok
16:00:27.0446 0488 perc2 - ok
16:00:27.0462 0488 perc2hib - ok
16:00:27.0524 0488 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:00:27.0634 0488 PptpMiniport - ok
16:00:27.0696 0488 Processor (3d7f196e77f986c106e9320b81a5ebbf) C:\WINDOWS\system32\DRIVERS\processr.sys
16:00:27.0837 0488 Processor - ok
16:00:27.0868 0488 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
16:00:27.0993 0488 PSched - ok
16:00:28.0009 0488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:00:28.0149 0488 Ptilink - ok
16:00:28.0181 0488 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:00:28.0196 0488 PxHelp20 - ok
16:00:28.0212 0488 ql1080 - ok
16:00:28.0227 0488 Ql10wnt - ok
16:00:28.0243 0488 ql12160 - ok
16:00:28.0259 0488 ql1240 - ok
16:00:28.0274 0488 ql1280 - ok
16:00:28.0306 0488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:00:28.0446 0488 RasAcd - ok
16:00:28.0477 0488 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:00:28.0602 0488 Rasl2tp - ok
16:00:28.0618 0488 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:00:28.0759 0488 RasPppoe - ok
16:00:28.0774 0488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:00:28.0915 0488 Raspti - ok
16:00:28.0993 0488 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:00:29.0524 0488 Rdbss - ok
16:00:29.0571 0488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:00:29.0696 0488 RDPCDD - ok
16:00:29.0759 0488 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:00:29.0868 0488 rdpdr - ok
16:00:29.0946 0488 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
16:00:30.0384 0488 RDPWD - ok
16:00:30.0446 0488 redbook (aa56702e230860565cb8d43680f57f33) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:00:30.0556 0488 redbook - ok
16:00:30.0634 0488 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
16:00:30.0696 0488 rimmptsk - ok
16:00:30.0727 0488 rimsptsk (d0a35b7670aa3558eaab483f64446496) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
16:00:30.0790 0488 rimsptsk - ok
16:00:30.0868 0488 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
16:00:30.0915 0488 rismxdp - ok
16:00:30.0993 0488 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
16:00:31.0118 0488 sdbus - ok
16:00:31.0149 0488 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:00:31.0243 0488 Secdrv - ok
16:00:31.0306 0488 Serial (cd5b9995afcdb466c9efc048d167e3be) C:\WINDOWS\system32\drivers\Serial.sys
16:00:31.0431 0488 Serial - ok
16:00:31.0477 0488 sffdisk (1d9f1bec651815741f088a8fb88e17ee) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
16:00:31.0618 0488 sffdisk - ok
16:00:31.0634 0488 sffp_sd (586499fd312ffd7f78553f408e71682e) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
16:00:31.0759 0488 sffp_sd - ok
16:00:31.0774 0488 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:00:31.0884 0488 Sfloppy - ok
16:00:31.0899 0488 Simbad - ok
16:00:31.0931 0488 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
16:00:32.0040 0488 SLIP - ok
16:00:32.0102 0488 smserial (05fe55f1a7ebb00b6288f078912e9603) C:\WINDOWS\system32\DRIVERS\smserial.sys
16:00:32.0227 0488 smserial - ok
16:00:32.0243 0488 Sparrow - ok
16:00:32.0306 0488 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
16:00:32.0790 0488 splitter - ok
16:00:32.0837 0488 sr (e4200cb2f418d8fc4acdd7e38c419d6a) C:\WINDOWS\system32\DRIVERS\sr.sys
16:00:32.0915 0488 sr - ok
16:00:32.0962 0488 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
16:00:33.0040 0488 Srv - ok
16:00:33.0071 0488 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
16:00:33.0196 0488 streamip - ok
16:00:33.0243 0488 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:00:33.0352 0488 swenum - ok
16:00:33.0415 0488 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
16:00:33.0540 0488 swmidi - ok
16:00:33.0556 0488 symc810 - ok
16:00:33.0571 0488 symc8xx - ok
16:00:33.0587 0488 sym_hi - ok
16:00:33.0602 0488 sym_u3 - ok
16:00:33.0649 0488 SynTP (60b421663910fbb3c9b350b7efa75a68) C:\WINDOWS\system32\DRIVERS\SynTP.sys
16:00:33.0727 0488 SynTP - ok
16:00:33.0790 0488 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
16:00:33.0915 0488 sysaudio - ok
16:00:34.0009 0488 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:00:34.0087 0488 Tcpip - ok
16:00:34.0134 0488 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:00:34.0274 0488 TDPIPE - ok
16:00:34.0290 0488 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
16:00:34.0415 0488 TDTCP - ok
16:00:34.0462 0488 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:00:34.0571 0488 TermDD - ok
16:00:35.0024 0488 TosIde - ok
16:00:35.0102 0488 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
16:00:35.0227 0488 Udfs - ok
16:00:35.0243 0488 ultra - ok
16:00:35.0306 0488 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
16:00:35.0837 0488 Update - ok
16:00:35.0915 0488 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:00:36.0040 0488 usbccgp - ok
16:00:36.0102 0488 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:00:36.0227 0488 usbehci - ok
16:00:36.0274 0488 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:00:36.0384 0488 usbhub - ok
16:00:36.0415 0488 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:00:36.0540 0488 usbohci - ok
16:00:36.0587 0488 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:00:36.0743 0488 usbprint - ok
16:00:36.0790 0488 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:00:36.0915 0488 usbscan - ok
16:00:36.0977 0488 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:00:37.0087 0488 USBSTOR - ok
16:00:37.0149 0488 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
16:00:37.0290 0488 VgaSave - ok
16:00:37.0306 0488 ViaIde - ok
16:00:37.0352 0488 VolSnap (d6888520ff56d72a50437e371ca25fc9) C:\WINDOWS\system32\drivers\VolSnap.sys
16:00:37.0509 0488 VolSnap - ok
16:00:37.0556 0488 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:00:37.0681 0488 Wanarp - ok
16:00:37.0759 0488 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
16:00:37.0774 0488 wanatw - ok
16:00:37.0790 0488 Wbutton - ok
16:00:37.0806 0488 WDICA - ok
16:00:37.0868 0488 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
16:00:38.0399 0488 wdmaud - ok
16:00:38.0477 0488 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:00:38.0602 0488 WmiAcpi - ok
16:00:38.0665 0488 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
16:00:38.0759 0488 WSTCODEC - ok
16:00:38.0821 0488 X10Hid (81e8da36ce70858898d5eb81e28a47d2) C:\WINDOWS\system32\Drivers\x10hid.sys
16:00:38.0868 0488 X10Hid - ok
16:00:38.0931 0488 XUIF (41cf36a3cc7786575247ed456918e112) C:\WINDOWS\system32\Drivers\x10ufx2.sys
16:00:38.0962 0488 XUIF - ok
16:00:39.0040 0488 ZD1211BU(ZyDAS) (77778a5d6d8b0fb3bd89b9f39c72c78d) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
16:00:39.0118 0488 ZD1211BU(ZyDAS) - ok
16:00:39.0165 0488 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
16:00:39.0196 0488 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning
16:00:39.0196 0488 ZDPSp50 - detected UnsignedFile.Multi.Generic (1)
16:00:39.0227 0488 MBR (0x1B8) (ae330efad318eb44f0142039deeaa8c2) \Device\Harddisk0\DR0
16:00:40.0212 0488 \Device\Harddisk0\DR0 - ok
16:00:40.0227 0488 Boot (0x1200) (f545b97d15dccd300dabff39f40f3a2d) \Device\Harddisk0\DR0\Partition0
16:00:40.0227 0488 \Device\Harddisk0\DR0\Partition0 - ok
16:00:40.0259 0488 Boot (0x1200) (776423371e30182cba037bfacc5b5c26) \Device\Harddisk0\DR0\Partition1
16:00:40.0259 0488 \Device\Harddisk0\DR0\Partition1 - ok
16:00:40.0274 0488 ============================================================
16:00:40.0274 0488 Scan finished
16:00:40.0274 0488 ============================================================
16:00:40.0399 0260 Detected object count: 3
16:00:40.0399 0260 Actual detected object count: 3
16:01:00.0321 0260 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:00.0321 0260 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:00.0321 0260 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:00.0321 0260 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:01:00.0321 0260 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user
16:01:00.0321 0260 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
17.12.2011, 12:56
| #20 |
| | GEMA Trojaner Also, der Laptop fährt jetzt selber wieder vollständig herunter und sonst funktioniert auch alles. Allerdings braucht er beim Hochfahren und Windows-starten lange und zeigt nach dem Start immer die Fehlermeldung im Anhang. Ist daran was verkehrt? |
|
17.12.2011, 20:40
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> GEMA Trojaner |
|
18.12.2011, 12:48
| #22 |
| | GEMA Trojaner Hier ist die Logdatei von Combofix: Code:
ATTFilter ComboFix 11-12-17.05 - juli 18.12.2011 12:17:37.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.895.615 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\juli\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\juli\Lokale Einstellungen\Anwendungsdaten\fjreclua.log
c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\mestrim.dll
c:\windows\$NtUninstallKB50787$
c:\windows\$NtUninstallKB50787$\1019528619
c:\windows\$NtUninstallKB50787$\1466011906\@
c:\windows\$NtUninstallKB50787$\1466011906\bckfg.tmp
c:\windows\$NtUninstallKB50787$\1466011906\cfg.ini
c:\windows\$NtUninstallKB50787$\1466011906\Desktop.ini
c:\windows\$NtUninstallKB50787$\1466011906\keywords
c:\windows\$NtUninstallKB50787$\1466011906\kwrd.dll
c:\windows\$NtUninstallKB50787$\1466011906\L\nmazshfh
c:\windows\$NtUninstallKB50787$\1466011906\U\00000001.@
c:\windows\$NtUninstallKB50787$\1466011906\U\00000002.@
c:\windows\$NtUninstallKB50787$\1466011906\U\00000004.@
c:\windows\$NtUninstallKB50787$\1466011906\U\80000000.@
c:\windows\$NtUninstallKB50787$\1466011906\U\80000004.@
c:\windows\$NtUninstallKB50787$\1466011906\U\80000032.@
c:\windows\IsUn0407.exe
c:\windows\kb913800.exe
D:\setup.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-18 bis 2011-12-18 ))))))))))))))))))))))))))))))
.
.
2011-12-13 20:53 . 2011-12-13 20:53 -------- d-----w- c:\programme\ESET
2011-12-13 18:05 . 2011-12-13 18:05 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\dokumente und einstellungen\juli\Anwendungsdaten\Malwarebytes
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\programme\Sicherheit
2011-12-13 16:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 01:47 . 2011-12-13 01:47 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 19:25 . 2011-10-14 19:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 16:38 . 2006-03-24 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
2006-04-12 06:23 . 2006-04-12 06:35 428544 ----a-w- c:\programme\qliterat.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-24 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 815104]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2006-09-04 65536]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2006-07-10 86016]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ALDI_NORD_FotoSuite"="c:\programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" [2005-06-20 290816]
"LanguageShortcut"="c:\programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-10-01 180269]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-10-01 155648]
"Malwarebytes' Anti-Malware"="c:\programme\Sicherheit\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-24 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\AOL 9.0\\AOL.exe"=
"c:\\Programme\\AOL 9.0\\WAOL.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\NetMeeting\\Conf.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroUpgrade.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programme\\Sceneo\\Bonavista\\VMedia\\BVD.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [18.06.2007 14:10 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [30.05.2007 17:54 201696]
R2 MBAMService;MBAMService;c:\programme\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2011 17:17 366152]
R2 ODSBC;Sceneo TV Broadcast Service;c:\programme\Sceneo\Bonavista\Services\ODSBC\ODSBCService.exe [14.10.2006 03:28 779776]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe [14.10.2006 03:28 1444352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2011 17:17 22216]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [10.10.2006 06:39 7040]
S1 mailKmd;mailKmd; [x]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2011 20:27 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2011 20:27 136176]
S3 LVMST;LVMST service;c:\windows\system32\drivers\LVMST.sys [13.10.2006 09:40 1027072]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-10-14 19:27]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-10-14 19:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: &Google-Suche - c:\programme\google\GoogleToolbar2.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar2.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-BullGuard - c:\programme\BullGuard Software\BullGuard\bullguard.exe
SafeBoot-75239478.sys
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-{FAF88B432344413595BB2DED98385684} - c:\programme\DivX\DivXUserGuideUninstall
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-18 12:35
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\ssstars.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-18 12:41:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-18 11:41
.
Vor Suchlauf: 8 Verzeichnis(se), 32.239.341.568 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 32.379.301.888 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 10A67B4B377072A20CC231B1D33CE1EC
|
|
18.12.2011, 13:34
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA Trojaner Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=-
Driver::
mailkmd
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.12.2011, 20:28
| #24 |
| | GEMA Trojaner ...und die nächste Logdatei: Code:
ATTFilter ComboFix 11-12-18.01 - juli 18.12.2011 20:04:21.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.49.1031.18.895.450 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\juli\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\juli\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mailKmd
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-18 bis 2011-12-18 ))))))))))))))))))))))))))))))
.
.
2011-12-13 20:53 . 2011-12-13 20:53 -------- d-----w- c:\programme\ESET
2011-12-13 18:05 . 2011-12-13 18:05 -------- d-----r- c:\dokumente und einstellungen\NetworkService\Favoriten
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\dokumente und einstellungen\juli\Anwendungsdaten\Malwarebytes
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-13 16:17 . 2011-12-13 16:17 -------- d-----w- c:\programme\Sicherheit
2011-12-13 16:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-13 01:47 . 2011-12-13 01:47 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 19:25 . 2011-10-14 19:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-14 16:38 . 2006-03-24 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
2006-04-12 06:23 . 2006-04-12 06:35 428544 ----a-w- c:\programme\qliterat.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-24 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-08-14 16050176]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\windows\sm56hlpr.exe" [2006-04-05 565248]
"AOLDialer"="c:\programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" [2004-11-09 497240]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2006-09-08 815104]
"LaunchAp"="c:\programme\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"HotkeyApp"="c:\programme\Launch Manager\HotkeyApp.exe" [2006-09-04 65536]
"CtrlVol"="c:\programme\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"LMgrOSD"="c:\programme\Launch Manager\OSD.exe" [2005-03-16 204800]
"Wbutton"="c:\programme\Launch Manager\Wbutton.exe" [2006-07-10 86016]
"NeroFilterCheck"="c:\programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ALDI_NORD_FotoSuite"="c:\programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" [2005-06-20 290816]
"LanguageShortcut"="c:\programme\Home Cinema\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7569408]
"InstantOn"="c:\programme\CyberLink\PowerCinema Linux\ion_install.exe" [2005-09-22 93640]
"TkBellExe"="c:\programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-10-01 180269]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2006-10-01 155648]
"Malwarebytes' Anti-Malware"="c:\programme\Sicherheit\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-24 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-4-29 65588]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Messenger\\msmsgs.exe"=
"c:\\Programme\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programme\\AOL 9.0\\AOL.exe"=
"c:\\Programme\\AOL 9.0\\WAOL.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLACSD.exe"=
"c:\\Programme\\Gemeinsame Dateien\\AOL\\ACS\\AOLDIAL.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Programme\\NetMeeting\\Conf.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Programme\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroUpgrade.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programme\\Sceneo\\Bonavista\\VMedia\\BVD.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [18.06.2007 14:10 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [30.05.2007 17:54 201696]
R2 MBAMService;MBAMService;c:\programme\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe [13.12.2011 17:17 366152]
R2 ODSBC;Sceneo TV Broadcast Service;c:\programme\Sceneo\Bonavista\Services\ODSBC\ODSBCService.exe [14.10.2006 03:28 779776]
R2 srvcPVR;Sceneo PVR Service;c:\programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe [14.10.2006 03:28 1444352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [13.12.2011 17:17 22216]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [10.10.2006 06:39 7040]
S2 gupdate;Google Update-Dienst (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2011 20:27 136176]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [14.10.2011 20:27 136176]
S3 LVMST;LVMST service;c:\windows\system32\drivers\LVMST.sys [13.10.2006 09:40 1027072]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-10-14 19:27]
.
2011-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2011-10-14 19:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com/
IE: &Google-Suche - c:\programme\google\GoogleToolbar2.dll/cmsearch.html
IE: &Ins Deutsche übersetzen - c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Im Cache gespeicherte Seite - c:\programme\google\GoogleToolbar2.dll/cmcache.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verweisseiten - c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Ähnliche Seiten - c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
TCP: DhcpNameServer = 192.168.178.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-18 20:15
Windows 5.1.2600 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(2488)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\programme\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-18 20:20:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-12-18 19:20
ComboFix2.txt 2011-12-18 11:41
.
Vor Suchlauf: 10 Verzeichnis(se), 32.385.490.944 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 32.269.873.152 Bytes frei
.
- - End Of File - - C9E52F90B887A46D118DAC3E052F83F3
Malwarebytes blockt jetzt wieder sehr häufig Zugänge zu potentiell gefährlichen Websites, was zwischendurch bereits besser war. Vielleicht kannst du mit dieser Information ja auch noch etwas anfangen. Grüße |
|
19.12.2011, 11:16
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA Trojaner Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2011, 17:35
| #26 |
| | GEMA Trojaner So, hier ist schonmal die Logdatei von OSAM: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 17:30:45 on 19.12.2011 OS: Windows XP Professional Service Pack 2 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "ddbaccpl.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbaccpl.cpl "ddbacctm.cpl" - "DataDesign AG" - C:\WINDOWS\system32\ddbacctm.cpl "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "jpicpl32.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\jpicpl32.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl "xhidcpl.cpl" - ? - C:\WINDOWS\system32\xhidcpl.cpl (File found, but it contains no detailed information) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Computer, Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl "Windows Media Connect" - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccpl.dll [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ACEDRV07" (ACEDRV07) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\ACEDRV07.sys "acedrv09" (acedrv09) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acedrv09.sys "acehlp09" (acehlp09) - "Protect Software GmbH" - C:\WINDOWS\system32\drivers\acehlp09.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "Hotkey" (Hotkey) - ? - C:\WINDOWS\system32\drivers\Hotkey.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\WINDOWS\system32\drivers\mbam.sys "MBAMSwissArmy" (MBAMSwissArmy) - ? - C:\WINDOWS\system32\drivers\mbamswissarmy.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "Secdrv" (Secdrv) - ? - C:\WINDOWS\System32\DRIVERS\secdrv.sys (File signed by Microsoft | File found, but it contains no detailed information) "ugtdypog" (ugtdypog) - ? - C:\DOKUME~1\juli\LOKALE~1\Temp\ugtdypog.sys (Hidden registry entry, rootkit activity | File not found) "Wbutton" (Wbutton) - ? - C:\WINDOWS\system32\drivers\Wbutton.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) "ZDPSp50 NDIS Protocol Driver" (ZDPSp50) - "Printing Communications Assoc., Inc. (PCAUSA)" - C:\WINDOWS\System32\Drivers\ZDPSp50.sys [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - c:\WINDOWS\system32\mscoree.dll {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Programme\MSN Messenger\fsshext.8.0.0812.00.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Programme\Real\RealPlayer\rpshell.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.5.0_08" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} "Java Plug-in 1.5.0_08" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} "Office Update Installation Engine" - "Microsoft Corporation" - C:\WINDOWS\opuc.dll / hxxp://office.microsoft.com/officeupdate/content/opuc3.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx / hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\npjpi150_08.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Google" - "Google Inc." - c:\programme\google\googletoolbar2.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" - "Adobe Systems Incorporated" - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll {AE84A6AA-A333-4B92-B276-C11E2212E4FE} "CPrintEnhancer Object" - "Hewlett-Packard Co." - C:\Programme\HP\Smart Web Printing\SmartWebPrinting.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - c:\programme\google\googletoolbar2.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\juli\Startmenü\Programme\Autostart\desktop.ini -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "ALDI_NORD_FotoSuite" - "MAGIX AG" - "C:\Programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe" /autorun "AOLDialer" - "America Online, Inc" - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe "CtrlVol" - "Wistron" - "C:\Programme\Launch Manager\CtrlVol.exe" "HotkeyApp" - "Wistron" - "C:\Programme\Launch Manager\HotkeyApp.exe" "HP Software Update" - "Hewlett-Packard Co." - C:\Programme\HP\HP Software Update\HPWuSchd2.exe "InstantOn" - ? - "C:\Programme\CyberLink\PowerCinema Linux\ion_install.exe /c " (File not found) "LanguageShortcut" - ? - "C:\Programme\Home Cinema\PowerDVD\Language\Language.exe" "LaunchAp" - ? - "C:\Programme\Launch Manager\LaunchAp.exe" "LMgrOSD" - "Wistron" - "C:\Programme\Launch Manager\OSD.exe" "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Programme\Sicherheit\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NeroFilterCheck" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe "QuickTime Task" - "Apple Computer, Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "TkBellExe" - "RealNetworks, Inc." - "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot "Wbutton" - ? - "C:\Programme\Launch Manager\Wbutton.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "avm:" - "AVM Berlin GmbH" - C:\WINDOWS\system32\avmprmon.dll "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\WINDOWS\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "AOL Connectivity Service" (AOL ACS) - "America Online, Inc." - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Programme\Canon\CAL\CALMAIN.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Programme\CyberLink\Shared Files\RichVideo.exe "Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Programme\Sicherheit\Malwarebytes' Anti-Malware\mbamservice.exe "Messenger Sharing USN Journal Reader-Service" (usnsvc) - "Microsoft Corporation" - C:\Programme\MSN Messenger\usnsvc.dll "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "Sceneo PVR Service" (srvcPVR) - "Buhl Data Service GmbH" - C:\Programme\Sceneo\Bonavista\Services\PVR\PVRService.exe "Sceneo TV Broadcast Service" (ODSBC) - "ODSoft multimedia" - C:\Programme\Sceneo\Bonavista\Services\ODSBC\ODSBCService.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Media Connect-Dienst" (WMConnectCDS) - "Microsoft Corporation" - C:\Programme\Windows Media Connect 2\wmccds.exe "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.o |
|
19.12.2011, 19:19
| #27 |
| | GEMA Trojaner ...und hier das, was GMER ausgibt. Bin mir allerdings nicht sicher, ob das Programm einen kompletten Scan ausgeführt hat. Irgendwann hat es (ohne besondere Meldung) einfach aufgehört. Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-19 19:15:56
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000068 SAMSUNG_HM080HI rev.AB100-10
Running: ds4lw1ml.exe; Driver: C:\DOKUME~1\juli\LOKALE~1\Temp\ugtdypog.sys
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56A7360, 0x221BBD, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acehlp09.sys section is executable [0xF5646780, 0x28F7A, 0xE0000060]
.text C:\WINDOWS\system32\drivers\ACEDRV07.sys section is writeable [0xBA59F000, 0x328BA, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV07.sys entry point in ".pklstb" section [0xBA5E3000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV07.sys unknown last section [0xBA5FF000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv09.sys section is executable [0xB9C82000, 0x4E05A, 0xE0000060]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@j!s!i!`!r!`!e!d!\30!\30!t!e!s!m!s!y! 71230
---- EOF - GMER 1.0.15 ----
|
|
19.12.2011, 20:10
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA Trojaner Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.12.2011, 20:18
| #29 |
| | GEMA Trojaner Jetzt auch noch die Logdatei von awsmbr: Code:
ATTFilter aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-19 19:53:16
-----------------------------
19:53:16.853 OS Version: Windows 5.1.2600 Service Pack 2
19:53:16.853 Number of processors: 1 586 0x4C02
19:53:16.853 ComputerName: JULIA UserName: juli
19:53:17.181 Initialize success
19:57:12.931 AVAST engine defs: 11121900
19:57:34.759 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
19:57:34.759 Disk 0 Vendor: SAMSUNG_HM080HI AB100-10 Size: 76319MB BusType: 3
19:57:34.821 Disk 0 MBR read successfully
19:57:34.821 Disk 0 MBR scan
19:57:34.868 Disk 0 unknown MBR code
19:57:34.931 Disk 0 scanning sectors +156296385
19:57:35.118 Disk 0 scanning C:\WINDOWS\system32\drivers
19:58:04.603 Service scanning
19:58:05.853 Modules scanning
19:59:05.150 Disk 0 trace - called modules:
19:59:05.212 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
19:59:05.212 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x851d4ab8]
19:59:05.212 3 CLASSPNP.SYS[f74c805b] -> nt!IofCallDriver -> \Device\00000069[0x85298d38]
19:59:05.540 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\00000068[0x851d4030]
19:59:07.400 AVAST engine scan C:\WINDOWS
19:59:58.493 AVAST engine scan C:\WINDOWS\system32
20:06:05.306 AVAST engine scan C:\WINDOWS\system32\drivers
20:06:51.353 AVAST engine scan C:\Dokumente und Einstellungen\juli
20:13:00.868 AVAST engine scan C:\Dokumente und Einstellungen\All Users
20:14:23.540 Scan finished successfully
20:14:46.650 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\juli\Desktop\MBR.dat"
20:14:46.681 The log file has been saved successfully to "C:\Dokumente und Einstellungen\juli\Desktop\aswMBR.txt"
|
|
19.12.2011, 20:31
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GEMA Trojaner Ups das Log hab ich garnicht auf dem Schirm gehabt Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GEMA Trojaner |
| 0x00000001, 5suxrt589cxuftg.exe, administrator, adobe, bho, canon, disabletaskmgr, einstellungen, explorer, format, gema trojaner, home, homepage, hotkey.sys, install.exe, installation, launch, logfile, mdm.exe, neu, nvidia, object, otl-datei, plug-in, realtek, registry, scan, seiten, software, trojane, trojaner, trojaner eingefangen, usb, wallpaper, windows, windows xp, winlogon |
Linear-Darstellung
